Need help dealing with spammer.

kryptcon

I found that a spammer that is constantly sending me email and keeps doing so after multiple unsubscribe requests has what might be a fatal flaw in their unsubscribe script. I noticed that it does not check what you enter into the box. After put just a simple \ in place of my email I get the following message returned:

Could not execute 'SELECT * FROM Recips WHERE EmailAddr='\' AND SiteID=1': You have an error in your SQL syntax near ''\' AND SiteID=1' at line 1 at /home/stormpost/dist/lib/DBObjects.pm line 323.

I've tried doing something like,

'; DELETE FROM Recips; SELECT * FROM Recips WHERE EmailAddr='spammers@suck.com

However, I get an error when it tries to execute. I know that they are running perl as the programming language, but this being mysql related, I thought I might get some help from the better programmers... 😉 If anybody has an idea, please let me know. It will probably make a lot of people happy but slowing down a bit of the email

Thanks in advance,
D

Sxooter

You might be able to get it to run by escaping the @ sign like this:

delete from table where email = 'name@domain.com'

But generally it's easier to just install spam filtering software. Many ISPs now offering Spam filtering services for free.

id10t

Or just forward the mail to abuse@hisprovider.foo ... check the headers, etc. and make sure you send it to the right ones.

kryptcon

I've tried that. Nothing seems to work with these people. Once I unsubscribe there, I get another email from another supposed company using the same footer as the previous one, only with a different name... Their provider doesn't respond to any emails and I'm getting sick of their spam...

Sxooter

Originally posted by kryptcon
I've tried that. Nothing seems to work with these people. Once I unsubscribe there, I get another email from another supposed company using the same footer as the previous one, only with a different name... Their provider doesn't respond to any emails and I'm getting sick of their spam...

Just FYI, most of those "click here to unsubscribe" links are actually used to verify that your email address is real, then they sell it over and over.

Best just to ignore spam and get a good filter.

jweissig

hi,

You could be extremely malicious and use your mad SQL injection skills to delete his entire e-mail address database: P

He is just looking for the database record using a select and i will bet that he is going to delete the record id based on the result. So you might not be able to delete more than one record at a time... but it is worth a try.

error message

<snip>

Could not execute 'SELECT * FROM Recips WHERE EmailAddr='' AND SiteID=1': You have an error in your SQL syntax near ''' AND SiteID=1' at line 1 at /home/stormpost/dist/lib/DBObjects.pm line 323.

</snip>

example match!

<snip>

SELECT * FROM Recips WHERE EmailAddr="" and EmailAddr like '%@%' AND SiteID=0 AND SiteID=1

</snip>

You might have to play around with the ‘’ and “” to get it to match properly!

Please note these are for educational purposes only! Do not do this to a database that you do not own! I am not responsible for your actions, blah, blah, etc.

Justin

acidbox

double " have to be outside the single '

so, "SELECT * FROM Recips WHERE EmailAddr='' AND SiteID=1";