[thelist] spammers - perpetrators - improving...

Bob Meetin bobm at dottedi.biz
Wed Jan 30 08:06:34 CST 2008


Time will tell, but last night was 'optimistic'.  First thing first, I 
made some changes to the form since this email.  Review the .txt 
version. I re-added an optional, simple, math question.  It is enabled 
on the test form, but disabled on the active case.  The form now counts 
how many times someone enters the likes of:

mailto
http
www

I also set it to trap "<form".  Early last night with the live form one 
came through with 'http' in the body, but I had it set to allow one.  I 
changed it to "0" for http but almost have to allow "1" for www.  The 
last thing I did was to set up a simple logger that both both logs the 
IP, date, form name in a logfile and emails me the same in the subject.  
There were about 20 'attacks' last during the evening, but none got 
through. 

Q: With the IP addrsses I captured, there were a couple duplicates. If I 
add them to the IP Deny list with the hosting provider, am am likely 
running the risk of blocking  good folk with bad?  I did a google on a 
couple of the IP's last night and got an array of results.  Does anyone 
recommend a site that is good for qualifying true spammers?

Q: Thinking outside the box: Say you have two distinct forms with a few 
similar fields.  If the techniques above seem to work on form #1, can 
the spammer take the trick to the next level and post against form #2 
but make the SPAM appear to come from form #1? 

I think Phil or someone might have already padded the warning here.  Say 
form #1 posts an email message only.  Form #3 does not post but allows 
the viewer to search a database using a key phrase.  Can the spammer do 
the ugly and use the post if the input, etc is not filtered as is the 
email comment form?

-Bob
-----

Bob Meetin wrote:
> With Phil and Paul's help and some googling here's what I have:
>
> http://www.dottedi.biz/codesamples/scripts/comment_form.php
> http://www.dottedi.biz/codesamples/scripts/comment_form.txt (text 
> version - see the code)
>
> Assuming I implemented it correctly with the session, I have added the 
> token for $_POST and $_SESSION. I also added some basic email checking 
> and use a function to escape data for anything that would go into a 
> database (disabled here).  I also have it set up so that it will filter 
> out inappropriate content and use of 'http' in a field. 
>
> Anyone care to take a look/see and see if the logic is better and the 
> form less vulnerable?
>   




More information about the thelist mailing list