Have I got it the right way around?

Sorry for not being clear. Yes i knew that, I was referring to the technique of logging the IP.

What I am trying to do is stop a spambot using this form to keep on emailing me continuously.

And it is my understand (from this thread), that spambots don't take into account sessions and therefore would be able to "bypass" the sessions bit and keep spamming my mailbox.

Or is all that incorrect?

What do most of you do in your forms?
 
Have done some routing around, and it is easy to spoof your ip and when submitting email forms, you don't need a response so it's neither here nor there for the spambot whether they get one or not.

There are a number of tools available for this purpose, it's easy to do on *nix but doable on windows as well. You can add a few lines on your network layers code and it'll do it, hence it being easier with OS distro's than closed source.

Spambots normally consist of full software from the network layer up to the gui of the application, they do everything basically.. a customised O/S if you like in the 'worst case'.
 
Dj_Jestar said:
Have done some routing around, and it is easy to spoof your ip and when submitting email forms, you don't need a response so it's neither here nor there for the spambot whether they get one or not.

There are a number of tools available for this purpose, it's easy to do on *nix but doable on windows as well. You can add a few lines on your network layers code and it'll do it, hence it being easier with OS distro's than closed source.

Spambots normally consist of full software from the network layer up to the gui of the application, they do everything basically.. a customised O/S if you like in the 'worst case'.
Click to expand...

But you're misunderstanding what a response is in this case. This is at a much lower level than HTTP, where a response means the contents of the fetched HTML page; at a TCP/IP level, you need to respond or else the request won't be completed.

I can't really be bothered to explain the ins and outs of TCP/IP, but essentially, in a normal request:

Client sends SYN, with a header that contains their IP
Server sends SYN-ACK to that IP
Client sends ACK
Connection is opened
Data is sent.

If you spoofed the IP address in the first SYN packet, the exchange would look like this:

Client sends SYN, with a header containing a spoofed IP
Server sends SYN-ACK to that IP
...Nothing happens--certainly not enough to open a connection and send an HTTP request, anyway!

Spoofing IPs is only really useful for DoSing someone--you can tie up their servers sending out lots of SYN-ACKs and trying to get a response--but it is impossible to spoof an IP and execute an HTTP request.
 
In that case it is done at a higher level.. because it happens all the time, and evidently I don't know how, I just know it does happen. Perhaps it's just the spambots use the millions of freely available public proxies and thus don't spoof at all.
 
Dj_Jestar said:
In that case it is done at a higher level.. because it happens all the time, and evidently I don't know how, I just know it does happen. Perhaps it's just the spambots use the millions of freely available public proxies and thus don't spoof at all.
Click to expand...

They do that. That and networks of compromised Windows PCs, anyway.
 
You must log in or register to reply here.
Back
Top Bottom