[thelist] spammers/spambots

Bob Meetin bobm at dottedi.biz
Wed Jul 29 17:42:28 CDT 2009 

Barry Woolgar wrote:
> Hello
>
> Although it's generalising to an extent, I believe bots will harvest your
> form's details and then just start blind posting common field names and
> values to the form's action.
>
> Based on this assumption we've had a fair bit of success with a text field
> named 'url' (or something similarly juicy) hidden with CSS, a label of 'Not
> for public use' (for people with CSS disabled), and a value of 'blank'. Then
> our form processor checks $_POST['url'] is set and has the value of 'blank'.
> Anything else is spam or a rather dense form filler who will be displayed
> the form again. I can't remember if this was originally suggested here or on
> A List Apart, but I've yet to see a spambot get around it.
>
> For what it's worth, I don't think blacklists are useful as they'll always
> find a way around them, or you'll spend ages tweaking and tweaking.
>
> Hope that helps.
>
> Barry
>
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Meetin
> Sent: 27 July 2009 16:05
> To: thelist at lists.evolt.org
> Subject: [thelist] spammers/spambots
>
> Just curious,  I am finishing up a little program, the preprocessor, 
> which will be used to grab $_POST or $_REQUEST content, and if it meets 
> certain criteria, reject any further processing. 
>
> So the first question, automated spambots, do they attempt to fill in 
> content in any/all fields even if the field is bogus/contrived?
>
> And the second question, much of the spam content I see is posted in 
> non-English dialects, way not English.  If I knew where to start I can 
> probably include some of this "stuff" in a reject list, but I'm not 
> surehow to get or convert these odd looking characters into something my 
> forms can handle.  Suggestions?
>
>   
* Setting up the proprocessor to do some pattern matching comparing 
field input has helped tremendously (100%) already
* Just to see what it brings, I added a new field similar to your URL 
field with a default value and (not for public use)

I also set up a log file that captures specific fields and will log the 
not for public use field - just gotta know...

I concur, the blacklist method isn't particularly useful but it has its 
moments. The wordpress component in Joomla uses this. The list of 
moderated comments displays subject, IP address, email, comment, etc. I 
see many comments from the same email address coming from different IP 
addresses. They move around.

By adding the following list of phrases to the blacklist it does help. 
As I am unfamiliar with the language I wonder if adding what appears to 
be a foreign alphabet (each character at a time) will help?

????????????
viagra
our pharmacy
pupkin.net
getz
adultfriendfinder
[url=http://

Why does the term "desperate" come to mind when I read the spam content?

-- 
Bob

More information about the thelist mailing list