homepage Welcome to WebmasterWorld Guest from 54.197.94.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
"Safe" Tell A Friend Script
Prevent Mis-Use By Spammers
androidtech




msg:665648
 2:54 pm on Jan 21, 2005 (gmt 0)

I'm thinking of modifying my board to have a "Tell A Friend" link by each post.

I have heard of spammers or other anti-e-social types using such scripts to forward spam or unpleasant messages.

Has anyone seen a "Tell A Friend" script & mailer that has reasonable protections against such mayhem? If so, where?

Thanks.

 

rogerd




msg:665649
 6:31 pm on Jan 22, 2005 (gmt 0)

I moved this to Website Technology in the hope that it would get a little more activity. I'm a big fan of "tell a friend" functionality. If you search for "secure tell a friend script" you get some hits, but I'd be interested to see if someone has experience with the techniques needed to avoid rogue use.

txbakers




msg:665650
 6:38 pm on Jan 22, 2005 (gmt 0)

Hi. I wrote my own "Tell-a-friend" script which uses the users email address and name.

It prevents spamming since the outgoing email has the senders name and address on it, so it better be going to only friends.

That information comes from the database as part of their profile so they are not apt to spam.

HughMungus




msg:665651
 7:08 pm on Jan 22, 2005 (gmt 0)

I'm glad you asked this because I'm wanting to do something similar so it made me think of something I hadn't thought about.

I think I'd definitely limit the fields to "email" and "sender's name".

Another thing I would do is limit the number of times a person could refer a link to someone to prevent malicious/annoying email. I'd also make sure there was no way the mailer worked unless the referer was from the page you have the "send to a friend" link on.

If you want the person sending the link to be able to enter their name, how about just limiting the "sender" field to 15 characters or so? If you want to prevent links from being sent, I'd use a string checker to check and make sure there's no "http://" or "www".

WibbleWobble




msg:665652
 1:18 am on Jan 23, 2005 (gmt 0)

As a (very) basic measure, you could create a md5 hash for the time (and additional seed words?) and have it as a hidden input on the tell-a-friend page, then, when the page is POST'd, you could compare the hash against the new time hash, and if its within 2 seconds, don't send it, assuming its spam. Not perfect by any means, but it may cull some of the more basic spam you might face.

Its late though, so someone will surely come along and point out all the flaws while I'm asleep :)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved