Hi All,

I use osTicket to collect quote- and order- request submissions for my business. The customer submits a web form, the results of which get formatted and emailed to osTicket for storage and processing.

I've been getting hit by a string of spam-bots having fun with my forms - mostly from two or three specific domains, over and over again.

I've written some code that plugs in to /api/pipe.php (as an include) that detects and blocks ticket creation from any set of domains I choose. It's effectively shut down the spam-ticket problem, from 40-50 a day to none at all.

Is there anybody else out there interested in the include?

I have plans to expand it further to include email-validation features, such as requiring first-time ticket-creators to validate their email address via a link sent to them by the ticket system, which should totally shut-down spam tickets once and for all!

Let me know if anybody is interested in either of the two modifications, and I'll package something up for public use.

Kind regards,

Ebonhand

12 days later

spam

you need to solve the problem of spam with your hosting, with spamassesin for example

20 days later

you need to solve the problem of spam with your hosting, with spamassesin for example

Hi altomarketing,

It's not spam assasin problem, really - we have many points-of-origin for tickets (web forms, email, system-generated tickets from other scripts, etc) and having an 'all-in-one' solution/validation point became a requirement for us.

Relying on spam assassin to protect your ticket system isn't a catch-all solution, so I'm proceeding with my plans to implement confirmation-email validation features on my own system.

If there's enough public demand, I'll package and release.

Ebonhand

if you are interested, i can develop a small mod to catch the temporary e-mailadresses created by websites like GuerrillaMail.com, temporaryinbox.com and many others. this also gives an added security measure, as a tamporary mailadress only is available for several hours, a real e-mailadress is available only if deleted by hand (harder to do, sometimes impossible due to provider restrictions)

if you are interested, i can develop a small mod to catch the temporary e-mailadresses created by websites like GuerrillaMail.com, temporaryinbox.com and many others. this also gives an added security measure, as a tamporary mailadress only is available for several hours, a real e-mailadress is available only if deleted by hand (harder to do, sometimes impossible due to provider restrictions)

Hi Eagle,

The system I've written already includes support for this, via an updatable domain blacklist. It also supports optionally replying to the email address with a message stating 'we do not permit tickets from this domain, please use another provider' up to 'n' times per email address (so as to ensure legitimate users are made aware that their ticket won't be recieved/processed, while still limiting the responses to spammers)

Kind regards,

David

I am interested in such an all-in antispamfunction, I'm also getting a lot of spam in the ticketsystem.

Grtz,

Nic

8 months later

I'm In!

Hi altomarketing,

It's not spam assasin problem, really - we have many points-of-origin for tickets (web forms, email, system-generated tickets from other scripts, etc) and having an 'all-in-one' solution/validation point became a requirement for us.

Relying on spam assassin to protect your ticket system isn't a catch-all solution, so I'm proceeding with my plans to implement confirmation-email validation features on my own system.

If there's enough public demand, I'll package and release.

Ebonhand

I'm VERY interested in this mod. As a longtime PerlDesk user I need to find an alternative. PD's support is awful and I just can't take it any more.

However, PD does have all the features I'm looking for which (it appears) so does osTicket with the exception being this one.

Has anyhting new come about?

Thanks in advance foe your time.

Best Regards,

ASU Service,Inc.

Write a Reply...