I have a perl mail form online that one particular person seems to use for sending spam. I found a script that (supposedly) can redirect this person based on ip -- here are the opening lines of instruction:

# this simple CGI script can route unauthorized clients to another page
# without them even knowing that they were missing out on anything

$ip_address="128\.197";What is the proper way to indicate multiple ip addresses at $ip_address= ?

:confused:

Would it be something like: $ip_address="128\.197,242\.155,66\.119";

Or would I include single quotes, as in: $ip_address="'128\.197','242\155','66\.119'";

Thanks for any advice...

That would depend on the script ...
Whether it can process more than one IP address.
(we would have to see the whole script w/instructions)

But, if the user is a dial-up user, their IP address would be
dynamic and change each time they log-in.

Is your email form set up to ONLY be run from YOUR site?
Maybe the spammer has duplicated your form and is sending
via another website. You could set up your Perl script to
only allow the script to execute from your domain name.

Do you think it's a person, or is it a spamming robot that
does the spamming automatically via a program?

----------------

I would do this:

1) set up your script so that it can only be executed from your own
domain name (see snippet below).

2) if that doesn't stop the spamming, then you will need to have
a method where you display a graphic image with letters and
numbers ... user must enter them in a text box in order to send
the email. Spamming robots can't read the graphic image code.

3) you could also use Javascript and cookies ... only allow two
executions of the form each time. then, the user must close their
browser before they can send another one. This would require the
user to have Javascript and cookies enabled, or they wouldn't be
able to send anything from the form.

Here's the "referral" snippet you would put into your existing script to
only allow the script to run from your domain name form.
==========================================================

#this part goes near the beginning of your script:
#--------
# These are the urls that are allowed to execute this program
# eg. @valid = ('abc.com','def.com','xyz.net');
# Put your URL in the @valid line.
@valid = ('mysite.com');
&check_url_referer;



#these subroutines go at the end of your script:
#--------
sub check_url_referer {
$referral_cnt = @valid;
if ($referral_cnt > 0) {
foreach $referer (@valid) {
if ($ENV{'HTTP_REFERER'} =~ /$referer/i) {
$good_ref = "yes";
last;
}
}
if ($good_ref ne "yes") {
&go_away;
}
}
}


sub go_away {

# jump to webpage that tells them they cannot run it from another domain.

print "Location: http://www.mysite.com/no_refer.html\n\n";

}




#

Thanks very much mlseim for taking the time to offer such a detailed response. I am using a more secure version of Matt Wright's original "FormMail.pl" -- this script is made available by London Perl Mongers (nms-cgi.sourceforge.net). In their script they've included much of the security you recommend: @referers = qw(www.domain-name.com domain-name.com);
@allow_mail_to = qw(contact@domain-name.com);
@recipients = ();
%recipient_alias = ('bubba' => 'contact@domain-name.com');Also, while it is very difficult to find a method of image verification to use with an existing cgi mail perlscript, I did hobble something together using <img src="image.php"> along with a javascript that validates the field for the characters displayed by image.php, so while not perfect by any means, it at least should discourage some robot submissions.

Below is the original redirect code -- if in examining this you can determine how to include multiple ip's, I'd be grateful for the feedback:
#!/usr/bin/perl

# this simple CGI script can route unauthorized clients to another page
# without them even knowing that they were missing out on anything
# from: http://polymer.bu.edu/~trunfio/webserver/webserver25-examples.html
#

$ip_address="128\.197";
$remote_address=$ENV{'REMOTE_ADDR'};

if ($remote_address=~/^$ip_address/)
{
$html_document="internal.html";;
}
else
{
$html_document="external.html";;
}

print "Content-type: text/html", "\n\n";

open (HTML, "<" . $html_document)
while ()
{
print;
}
close (HTML);
}
exit(0);

I didn't test this (hopefully no syntax errors) ...
But I envision something like this (very similar to the domain referrer script):
=========================================================

#!/usr/bin/perl

# this simple CGI script can route unauthorized clients to another page
# without them even knowing that they were missing out on anything
# from: http://polymer.bu.edu/~trunfio/webs...5-examples.html
#
# eg. @invalid = ('128\.197','136\.196');
# Put IPs in the @invalid line.
@invalid = ('128\.197','136\.196');

$remote_address=$ENV{'REMOTE_ADDR'};

$find_flag = 0;

# go through each one ... if the current IP matches any of them,
# then the flag is set - making it not a valid IP.

foreach $ip_address (@invalid) {
if($remote_address=~/^$ip_address/){
$find_flag = 1;
} #if
} #foreach

if ($find_flag == 1)
{
$html_document="internal.html";;
}
else
{
$html_document="external.html";;
}

print "Content-type: text/html", "\n\n";

open (HTML, "<" . $html_document)
while ()
{
print;
}
close (HTML);
}

exit(0);

Wow! Thanks very much mlseim -- you have been exceedingly kind with your time and expertise -- much appreciated... :thumbsup: