[thelist] spammers/spambots
Bob Meetin
bobm at dottedi.biz
Wed Jul 29 17:42:28 CDT 2009
Barry Woolgar wrote:
> Hello
>
> Although it's generalising to an extent, I believe bots will harvest your
> form's details and then just start blind posting common field names and
> values to the form's action.
>
> Based on this assumption we've had a fair bit of success with a text field
> named 'url' (or something similarly juicy) hidden with CSS, a label of 'Not
> for public use' (for people with CSS disabled), and a value of 'blank'. Then
> our form processor checks $_POST['url'] is set and has the value of 'blank'.
> Anything else is spam or a rather dense form filler who will be displayed
> the form again. I can't remember if this was originally suggested here or on
> A List Apart, but I've yet to see a spambot get around it.
>
> For what it's worth, I don't think blacklists are useful as they'll always
> find a way around them, or you'll spend ages tweaking and tweaking.
>
> Hope that helps.
>
> Barry
>
> -----Original Message-----
> From: thelist-bounces at lists.evolt.org
> [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Bob Meetin
> Sent: 27 July 2009 16:05
> To: thelist at lists.evolt.org
> Subject: [thelist] spammers/spambots
>
> Just curious, I am finishing up a little program, the preprocessor,
> which will be used to grab $_POST or $_REQUEST content, and if it meets
> certain criteria, reject any further processing.
>
> So the first question, automated spambots, do they attempt to fill in
> content in any/all fields even if the field is bogus/contrived?
>
> And the second question, much of the spam content I see is posted in
> non-English dialects, way not English. If I knew where to start I can
> probably include some of this "stuff" in a reject list, but I'm not
> surehow to get or convert these odd looking characters into something my
> forms can handle. Suggestions?
>
>
* Setting up the proprocessor to do some pattern matching comparing
field input has helped tremendously (100%) already
* Just to see what it brings, I added a new field similar to your URL
field with a default value and (not for public use)
I also set up a log file that captures specific fields and will log the
not for public use field - just gotta know...
I concur, the blacklist method isn't particularly useful but it has its
moments. The wordpress component in Joomla uses this. The list of
moderated comments displays subject, IP address, email, comment, etc. I
see many comments from the same email address coming from different IP
addresses. They move around.
By adding the following list of phrases to the blacklist it does help.
As I am unfamiliar with the language I wonder if adding what appears to
be a foreign alphabet (each character at a time) will help?
????????????
viagra
our pharmacy
pupkin.net
getz
adultfriendfinder
[url=http://
Why does the term "desperate" come to mind when I read the spam content?
--
Bob
More information about the thelist
mailing list