Author |
Message |
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Tue May 29, 2007 12:08 pm |
|
As an afterthought to my post below I wonder has anyone good ideas for combatting form spam.I do have a website and must get about 20 a day on top of all the other junk.Have try relocating the form page url but they catch on quick.I can't afforf to miss an email so the usefullness of filters is limited I feel.
Changed subject title. TS |
|
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Tue May 29, 2007 2:12 pm |
|
Gary,
Did you mean to post this as part of an ongoing thread? |
_________________
Fakers: many, many, lots; an SSL and a couple of Resellers.
x 6
AH, AH, AH! Two little ! |
|
|
|
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Tue May 29, 2007 2:43 pm |
|
no not really.
It doesn't really apply to this forum I know (have asked about it elsewhere but found no really good answer)
Just thought a busy forum on scams might have posters with that kind of experience. |
|
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Tue May 29, 2007 2:48 pm |
|
Quote: |
As an afterthought to my post below I wonder has anyone good ideas for combatting form spam. |
Ok; this bit confused me, since there wasn't a post below.
I'll move this to Gen Chat- I'm sure somebody will have helpful suggestions. |
_________________
Fakers: many, many, lots; an SSL and a couple of Resellers.
x 6
AH, AH, AH! Two little ! |
|
|
|
Radden
** SUSPENDED **
Joined: 26 Mar 2005
Posts: 1267
|
Posted:
Tue May 29, 2007 3:04 pm |
|
Depends if a bot is doing it. Why not add a word verification they must type in to be able to submit something? Like such..
|
|
|
|
|
Don
Baiting Guru
Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132
|
Posted:
Tue May 29, 2007 3:11 pm |
|
There's two basic strategies to avoid form spam that I'm aware of: a) You look for strings that would typically identify a spammer or b) you ask for user input (a string of characters or the answer to a question) that an automated script wouldn't know (see nutjob Radden's post above).
I usually opt for b) because it quite effectively sorts out spammers (they will usually never get numeric ZIP codes right or they will usually have html-code in their fields) and saves you the hassle of dealing with users that are too thick to deal with option b).
Basically you run your desired form fields through an "if" -> clause and if this particular string exists don't send the contents of the form. If eventually another form spammer gets through you look for another pattern only a spammer would use and insert it. That keeps my sites spam free for most of the year. For more detailed advice we would of course have to know what language you use.
A quick hack in PHP would look something like this:
Code: |
if ($ZIP=="Unknown") { $error .=" ZIP,";}
if ($place=="") { $error .=" place,";}
if (preg_match("/([\<])([^\>]{1,})*([\>])/i", $query)) { $error .=" query,";} |
etc.
I know there's more sophisticated methods to be found using google but the above is what I usually do. |
_________________ x12
No sugar plum fairies have been hurt during the process of creating this message.
**"Freedom? There ain't no fuckin' Freedom!"** |
|
|
|
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Tue May 29, 2007 3:15 pm |
|
@Radden,
I have condidered that and personally it nearly always takes me a few goes to get it and so I don't think I can put my site visitors through that or lose them out of frustration.
I do have a simpler version on the page but that is no obstacle to these geezers. |
|
|
|
|
Anti-419
Elite Baiter
Joined: 28 Jul 2004
Posts: 1804
Location: Bay Area, CA
|
Posted:
Tue May 29, 2007 9:48 pm |
|
I don't know how much this will help. But you can opt. to have your whois information listed as private so your contact information can't be sniffed out that easily. You may have to pay a few buck extra.
http://www.networksolutions.com/domain-name-registration/private.jsp |
_________________ Barr Marc Hycinth: "I HATE HOW MY NAME IS BEEN RUBISHED AT THE CASHING OFFICE TODAY."
Safari Lad: "...your mails are a healing balm to my condiction here."
Jeremiah Nnamani: "With you I wouldn't mind being a fool for the rest of my life."
James Bruce: "Thanks for your mail and also your insult to my personality and company."
Baiting Record:
Trophies - 128 | 4 AM Airport Taxi - 6
- Sierra Leone to Nigeria - "...please help me ,you brought me here to NIgeria.take me out."
x14 |
|
|
|
thud419
Baiting Guru
Joined: 04 Jan 2006
Posts: 3193
|
Posted:
Tue May 29, 2007 10:20 pm |
|
garydaw wrote: |
it nearly always takes me a few goes to get it |
Me too, but to my mind it doesn't have to be that obscure - How often do spammers have OCR? You should get 99% effectiveness by using clearly readable text. |
_________________ Click here to feel warm and cozy.
I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Barr. Cole
x14
x 0.25 won from Reaper in a sucker's bet
x8 x several |
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Tue May 29, 2007 10:42 pm |
|
spam drives me nuts, especially on a forum.
.htaccess may be the better way to go its not all that complicated
first you need to get the ip of the computer visiting your website, then manually add that to the htaccess
order deny/allow
Also if you do get it wrong and block a genuine member - apologies lol and grovel lol too. It is a bit of extra work and a major headache but on registration with a blacklist etc it will make it less likely for spam to try to bother joining just to post a link. The idiots will still try to join but its harder as the mail emails i know of from my own site is *@mail##.com where the ## is generally a number (there are many more but for me its the ones at mail333.com that bug me |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
Radden
** SUSPENDED **
Joined: 26 Mar 2005
Posts: 1267
|
Posted:
Wed May 30, 2007 12:35 am |
|
"order deny/allow "
are you thinking about robots.txt? I've kept spam away without editing the .htaccess. |
|
|
|
|
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Wed May 30, 2007 2:34 am |
|
@digital-one,
This interests me.Upon going through my last 50 or so form spam emails I discover all but 4 are different.Does this indicate to you that they are able to endlessly create new IPs and so entirely outrun my eforts at banning them in the htaccess file?Or if I keep trying will I eventually find that there is a manageable number-say under 1000 that just repeat themselves?It would be great if these IPs were available for download somewhere (Spamcop? Mailwasher?) |
|
|
|
|
Radden
** SUSPENDED **
Joined: 26 Mar 2005
Posts: 1267
|
Posted:
Wed May 30, 2007 3:28 am |
|
they're either using localhost machines or zombie computers (computers overtaken by a trojan/etc).
IP bans on spammers are useless. |
|
|
|
|
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Wed May 30, 2007 11:35 am |
|
Full requote of previous post deleted. It's there ^^^^
If they are zombies is it possible to alert them?
By the way robots.txt has never worked for me.I think they are a voluntary code that doesn't apply to this crowd Sure you are not just lucky? |
Last edited by garydaw on Wed May 30, 2007 11:46 am; edited 1 time in total |
|
|
|
D11
Elite Baiter
Joined: 02 Jul 2006
Posts: 1702
|
Posted:
Wed May 30, 2007 11:41 am |
|
umm radden i meant the other way round only allowed IP's can post lol so by default everyone he chooses to allow to join becomes a member and as long as he remembers each isp on broadband has around 10 ip's such as ranges then he should keep spammers away, because only allowed ip ranges can post but any ip can try to register then a bit of moderation to kill the suspect spammers accounts
nope i didnt mix up the robots and .htaccess lol, but mentioning robots if the search engine does not list his online form then spammers wont know it exists lol so perhaps...
@gary you wouldnt block ip's en masse you would ALLOW ips from members, you can then make a script - if the member can login and the ip is different it adds it to the database as an allowable addy, this means spammers simply cant post unless you turn them into members thus blocking spam from appearing. if used in addition to email and username banning etc you have an effective spam system. It does however rely on human verification - simply to avoid banning real people for joining. |
_________________
1x 0x
Click here to support 419Eater.com
I make software that drives lads crazy. Thats my revenge on lads. (it all helps)
this transaction is 100 percent risk/hitch free - bobo
why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello |
|
|
|
garydaw
Hello I'm New here!
Joined: 14 May 2007
Posts: 8
|
Posted:
Wed May 30, 2007 12:56 pm |
|
Unnecessary full requote of previous post deleted. We can all see it up there ^^^^
Unfortunately mine is only a contact form so I can't make the visitors login.Does anyone know if the Spam progs like Mailwasher rely on IPs at all? |
|
|
|
|
|