[thelist] spammers/spambots

Nan Harbison nan at nanharbison.com
Thu Jul 30 06:28:02 CDT 2009 

The problem with blacklisting certain words is that spammers then use a zero
for an 'o', or a one for an 'l' or misspell the word so it is still
recongicable to the human eye but not to the blacklist.
Nan

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Meetin
Sent: Wednesday, July 29, 2009 6:42 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] spammers/spambots

Barry Woolgar wrote:
> Hello
>
> Although it's generalising to an extent, I believe bots will harvest 
> your form's details and then just start blind posting common field 
> names and values to the form's action.
>
> Based on this assumption we've had a fair bit of success with a text 
> field named 'url' (or something similarly juicy) hidden with CSS, a 
> label of 'Not for public use' (for people with CSS disabled), and a 
> value of 'blank'. Then our form processor checks $_POST['url'] is set and
has the value of 'blank'.
> Anything else is spam or a rather dense form filler who will be 
> displayed the form again. I can't remember if this was originally 
> suggested here or on A List Apart, but I've yet to see a spambot get
around it.
>
> For what it's worth, I don't think blacklists are useful as they'll 
> always find a way around them, or you'll spend ages tweaking and tweaking.
>
> Hope that helps.
>
> Barry
>
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Meetin
> Sent: 27 July 2009 16:05
> To: thelist at lists.evolt.org
> Subject: [thelist] spammers/spambots
>
> Just curious,  I am finishing up a little program, the preprocessor, 
> which will be used to grab $_POST or $_REQUEST content, and if it 
> meets certain criteria, reject any further processing.
>
> So the first question, automated spambots, do they attempt to fill in 
> content in any/all fields even if the field is bogus/contrived?
>
> And the second question, much of the spam content I see is posted in 
> non-English dialects, way not English.  If I knew where to start I can 
> probably include some of this "stuff" in a reject list, but I'm not 
> surehow to get or convert these odd looking characters into something 
> my forms can handle.  Suggestions?
>
>   
* Setting up the proprocessor to do some pattern matching comparing field
input has helped tremendously (100%) already
* Just to see what it brings, I added a new field similar to your URL field
with a default value and (not for public use)

I also set up a log file that captures specific fields and will log the not
for public use field - just gotta know...

I concur, the blacklist method isn't particularly useful but it has its
moments. The wordpress component in Joomla uses this. The list of moderated
comments displays subject, IP address, email, comment, etc. I see many
comments from the same email address coming from different IP addresses.
They move around.

By adding the following list of phrases to the blacklist it does help. 
As I am unfamiliar with the language I wonder if adding what appears to be a
foreign alphabet (each character at a time) will help?

????????????
viagra
our pharmacy
pupkin.net
getz
adultfriendfinder
[url=http://

Why does the term "desperate" come to mind when I read the spam content?

--
Bob 

-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester and archives
of thelist go to: http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list