SmartFeedSmartFeed          



WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Suggestions for stopping form spam on websites?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Tue May 29, 2007 12:08 pm Reply with quoteBack to top

As an afterthought to my post below I wonder has anyone good ideas for combatting form spam.I do have a website and must get about 20 a day on top of all the other junk.Have try relocating the form page url but they catch on quick.I can't afforf to miss an email so the usefullness of filters is limited I feel.


Changed subject title. TS
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Tue May 29, 2007 2:12 pm Reply with quoteBack to top

Gary,
Did you mean to post this as part of an ongoing thread?

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Tue May 29, 2007 2:43 pm Reply with quoteBack to top

no not really.
It doesn't really apply to this forum I know (have asked about it elsewhere but found no really good answer)
Just thought a busy forum on scams might have posters with that kind of experience.
View user's profileSend private message
Tsnerd
Not quite a Newb


Joined: 14 Jul 2005
Posts: 41


PostPosted: Tue May 29, 2007 2:48 pm Reply with quoteBack to top

Quote:
As an afterthought to my post below I wonder has anyone good ideas for combatting form spam.


Ok; this bit confused me, since there wasn't a post below.

I'll move this to Gen Chat- I'm sure somebody will have helpful suggestions.

_________________

Fakers: many, many, lots; an SSL and a couple of Resellers.
Mortar x 6
AH, AH, AH! Two little !
View user's profileSend private message
Radden
** SUSPENDED **


Joined: 26 Mar 2005
Posts: 1267


PostPosted: Tue May 29, 2007 3:04 pm Reply with quoteBack to top

Depends if a bot is doing it. Why not add a word verification they must type in to be able to submit something? Like such..

Image
View user's profileSend private message
Don
Baiting Guru


Joined: 25 May 2004
Posts: 3045
Location: Italy, 87.2.222.132


PostPosted: Tue May 29, 2007 3:11 pm Reply with quoteBack to top

There's two basic strategies to avoid form spam that I'm aware of: a) You look for strings that would typically identify a spammer or b) you ask for user input (a string of characters or the answer to a question) that an automated script wouldn't know (see nutjob Radden's post above).

I usually opt for b) because it quite effectively sorts out spammers (they will usually never get numeric ZIP codes right or they will usually have html-code in their fields) and saves you the hassle of dealing with users that are too thick to deal with option b).

Basically you run your desired form fields through an "if" -> clause and if this particular string exists don't send the contents of the form. If eventually another form spammer gets through you look for another pattern only a spammer would use and insert it. That keeps my sites spam free for most of the year. For more detailed advice we would of course have to know what language you use. Very Happy

A quick hack in PHP would look something like this:

Code:
if ($ZIP=="Unknown") { $error .=" ZIP,";}
  if ($place=="") { $error .=" place,";} 
  if (preg_match("/([\<])([^\>]{1,})*([\>])/i", $query)) { $error .=" query,";}


etc.

I know there's more sophisticated methods to be found using google but the above is what I usually do.

_________________
Mortar x12
No sugar plum fairies have been hurt during the process of creating this message.

**"Freedom? There ain't no fuckin' Freedom!"**
View user's profileSend private messageYahoo MessengerSkype Name
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Tue May 29, 2007 3:15 pm Reply with quoteBack to top

@Radden,

I have condidered that and personally it nearly always takes me a few goes to get it and so I don't think I can put my site visitors through that or lose them out of frustration.
I do have a simpler version on the page but that is no obstacle to these geezers.
View user's profileSend private message
Anti-419
Elite Baiter


Joined: 28 Jul 2004
Posts: 1804
Location: Bay Area, CA


PostPosted: Tue May 29, 2007 9:48 pm Reply with quoteBack to top

I don't know how much this will help. But you can opt. to have your whois information listed as private so your contact information can't be sniffed out that easily. You may have to pay a few buck extra.

http://www.networksolutions.com/domain-name-registration/private.jsp

_________________
Barr Marc Hycinth: "I HATE HOW MY NAME IS BEEN RUBISHED AT THE CASHING OFFICE TODAY."
Safari Lad: "...your mails are a healing balm to my condiction here."
Jeremiah Nnamani: "With you I wouldn't mind being a fool for the rest of my life."
James Bruce: "Thanks for your mail and also your insult to my personality and company."

Baiting Record:
Trophies - 128 | 4 AM Airport Taxi - 6
Nurse Nastys Audi TT Safari - Sierra Leone to Nigeria - "...please help me ,you brought me here to NIgeria.take me out."
Mortar x14
View user's profileSend private message
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Tue May 29, 2007 10:20 pm Reply with quoteBack to top

garydaw wrote:
it nearly always takes me a few goes to get it
Me too, but to my mind it doesn't have to be that obscure - How often do spammers have OCR? You should get 99% effectiveness by using clearly readable text.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Tue May 29, 2007 10:42 pm Reply with quoteBack to top

spam drives me nuts, especially on a forum.

.htaccess may be the better way to go its not all that complicated

first you need to get the ip of the computer visiting your website, then manually add that to the htaccess

order deny/allow

Also if you do get it wrong and block a genuine member - apologies lol and grovel lol too. It is a bit of extra work and a major headache but on registration with a blacklist etc it will make it less likely for spam to try to bother joining just to post a link. The idiots will still try to join but its harder as the mail emails i know of from my own site is *@mail##.com where the ## is generally a number (there are many more but for me its the ones at mail333.com that bug me Sad

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
Radden
** SUSPENDED **


Joined: 26 Mar 2005
Posts: 1267


PostPosted: Wed May 30, 2007 12:35 am Reply with quoteBack to top

"order deny/allow "

are you thinking about robots.txt? I've kept spam away without editing the .htaccess.
View user's profileSend private message
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Wed May 30, 2007 2:34 am Reply with quoteBack to top

@digital-one,

This interests me.Upon going through my last 50 or so form spam emails I discover all but 4 are different.Does this indicate to you that they are able to endlessly create new IPs and so entirely outrun my eforts at banning them in the htaccess file?Or if I keep trying will I eventually find that there is a manageable number-say under 1000 that just repeat themselves?It would be great if these IPs were available for download somewhere (Spamcop? Mailwasher?)
View user's profileSend private message
Radden
** SUSPENDED **


Joined: 26 Mar 2005
Posts: 1267


PostPosted: Wed May 30, 2007 3:28 am Reply with quoteBack to top

they're either using localhost machines or zombie computers (computers overtaken by a trojan/etc).

IP bans on spammers are useless.
View user's profileSend private message
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Wed May 30, 2007 11:35 am Reply with quoteBack to top

Full requote of previous post deleted. It's there ^^^^

If they are zombies is it possible to alert them?
By the way robots.txt has never worked for me.I think they are a voluntary code that doesn't apply to this crowd Sure you are not just lucky?


Last edited by garydaw on Wed May 30, 2007 11:46 am; edited 1 time in total
View user's profileSend private message
D11
Elite Baiter


Joined: 02 Jul 2006
Posts: 1702


PostPosted: Wed May 30, 2007 11:41 am Reply with quoteBack to top

umm radden i meant the other way round only allowed IP's can post lol so by default everyone he chooses to allow to join becomes a member and as long as he remembers each isp on broadband has around 10 ip's such as ranges then he should keep spammers away, because only allowed ip ranges can post but any ip can try to register Wink then a bit of moderation to kill the suspect spammers accounts

nope i didnt mix up the robots and .htaccess lol, but mentioning robots if the search engine does not list his online form then spammers wont know it exists lol so perhaps...

@gary you wouldnt block ip's en masse you would ALLOW ips from members, you can then make a script - if the member can login and the ip is different it adds it to the database as an allowable addy, this means spammers simply cant post unless you turn them into members thus blocking spam from appearing. if used in addition to email and username banning etc you have an effective spam system. It does however rely on human verification - simply to avoid banning real people for joining.

_________________
star
1x United Kingdom 0x
Click here to support 419Eater.com

I make software that drives lads crazy. Thats my revenge on lads. (it all helps)

this transaction is 100 percent risk/hitch free - bobo

why no pay me - abum bello
because the cops will know it was you - me
ok this is good - abum bello
View user's profileSend private message
garydaw
Hello I'm New here!


Joined: 14 May 2007
Posts: 8


PostPosted: Wed May 30, 2007 12:56 pm Reply with quoteBack to top

Unnecessary full requote of previous post deleted. We can all see it up there ^^^^


Unfortunately mine is only a contact form so I can't make the visitors login.Does anyone know if the Spam progs like Mailwasher rely on IPs at all?
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum





All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT