[Off] Detecting Spam
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
[Off] Detecting Spam
by Bill Leddy
::
Rate this Message:
[Sorry if this is a duplicate. First attempt didn't seem to go
through...] Hi All, On our site we offer the option for visitors to send emails to our members enrolled in the site. Clicking the link opens a simple form that we then process and forward to the member. Problem is that we've been discovered by one or more bots. Most send an email body of pure gibberish formated to look like a combination of html and BBcode. None of the links will lead anywhere as the domains don't exist. Some of the emails contain references to the usual porn content. I assume these are probes to see how we react. We don't send any response to the bots, but the messages do get delivered to our members. This is what we'd like to avoid. I'm wondering if anyone has experienced this sort of problem and if you were able to address it. My current thinking is to filter the messages against a banned word list assigning points. Too many points and the message is Spam. I also have the idea to test the message against a spell checker and determine the percentage of miss spelled words (gibberish). Percent too high = spam. I'm sure there is a command line spell checker available in Mac OS X, but haven't found that info yet. I appreciate any comments and suggestions anyone could offer. Kind Regards, ********************************************************************* Bill Leddy bill@... William Leddy Business Consulting Custom Database Solutions 3145 17th Street Sacramento, CA 95818 Phone: (916) 444-2903 "On the desktop and on the web" ********************************************************************* _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: [Off] Detecting Spam
by B. Perkins
::
Rate this Message:
Bill,
The typical solution to this is to use a "captcha" (google it if you don't know what it is). Another alternative is to place a field on the form and hide it with CSS (not w/ type="hidden"). Name the field to look like it would expect "extra" data. Since bots can't "see" the page they'll try to inject data. Your regular users will never see it w/ normal use, therefore they won't enter into it unless they are being snooping around w/ Firebug or the Web Developer toolbar etc or they've turned off CSS. If the form post contains data in that special field, don't send the mail. hth, -- Brad > [Sorry if this is a duplicate. First attempt didn't seem to go > through...] > > Hi All, > On our site we offer the option for visitors to send emails to our > members enrolled in the site. Clicking the link opens a simple form > that we then process and forward to the member. > > Problem is that we've been discovered by one or more bots. Most send > an email body of pure gibberish formated to look like a combination of > html and BBcode. None of the links will lead anywhere as the domains > don't exist. Some of the emails contain references to the usual porn > content. > > I assume these are probes to see how we react. We don't send any > response to the bots, but the messages do get delivered to our > members. This is what we'd like to avoid. > > I'm wondering if anyone has experienced this sort of problem and if > you were able to address it. > > My current thinking is to filter the messages against a banned word > list assigning points. Too many points and the message is Spam. I > also have the idea to test the message against a spell checker and > determine the percentage of miss spelled words (gibberish). Percent > too high = spam. I'm sure there is a command line spell checker > available in Mac OS X, but haven't found that info yet. > > I appreciate any comments and suggestions anyone could offer. > > > Kind Regards, > > ********************************************************************* > Bill Leddy > bill@... > William Leddy Business Consulting > Custom Database Solutions > 3145 17th Street > Sacramento, CA 95818 Phone: (916) 444-2903 > > "On the desktop and on the web" > > ********************************************************************* > > > > _______________________________________________ > Active4D-dev mailing list > Active4D-dev@... > http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev > Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ > _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: [Off] Detecting Spam
by Michael Kaye-4
::
Rate this Message:
Although I've not used it, you may want to check out this captcha web
service - by http://recaptcha.net/. Alternatively you can write your own Captcha.... On 2 May 2008, at 22:02, Bill Leddy wrote: > [Sorry if this is a duplicate. First attempt didn't seem to go > through...] > > Hi All, > On our site we offer the option for visitors to send emails to our > members enrolled in the site. Clicking the link opens a simple form > that we then process and forward to the member. > > Problem is that we've been discovered by one or more bots. Most > send an email body of pure gibberish formated to look like a > combination of html and BBcode. None of the links will lead anywhere > as the domains don't exist. Some of the emails contain references > to the usual porn content. > > I assume these are probes to see how we react. We don't send any > response to the bots, but the messages do get delivered to our > members. This is what we'd like to avoid. > > I'm wondering if anyone has experienced this sort of problem and if > you were able to address it. > > My current thinking is to filter the messages against a banned word > list assigning points. Too many points and the message is Spam. I > also have the idea to test the message against a spell checker and > determine the percentage of miss spelled words (gibberish). Percent > too high = spam. I'm sure there is a command line spell checker > available in Mac OS X, but haven't found that info yet. > > I appreciate any comments and suggestions anyone could offer. > > > Kind Regards, > > ********************************************************************* > Bill Leddy > bill@... > William Leddy Business Consulting > Custom Database Solutions > 3145 17th Street > Sacramento, CA 95818 Phone: (916) > 444-2903 > > "On the desktop and on the web" > > ********************************************************************* > > > > _______________________________________________ > Active4D-dev mailing list > Active4D-dev@... > http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev > Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: [Off] Detecting Spam
by Bill Leddy
::
Rate this Message:
Thanks all,
We ran phpBB forum which used a captcha style authentication of signups and the spammers still get past it. I understand that they scrape the Capcha and present it to a real person who is trying to access a porn or game site and then use it to enter the target site. That's what I've heard anyway. I do know that they get past it... I took a step back and decided to craft a specific test for the code the bots are using now (some BBcode tags). If i find the code I don't send the email to the user. I originally implemented the code about 2 years. The style of attack it was designed to address hasn't been seen by us for over a year, so I expect this will go the same way. Now my code is just a little smarter, so we'll see how it goes. On May 3, 2008, at 3:14 AM, Michael Kaye wrote: > Although I've not used it, you may want to check out this captcha > web service - by http://recaptcha.net/. Alternatively you can write > your own Captcha.... > > > On 2 May 2008, at 22:02, Bill Leddy wrote: > >> [Sorry if this is a duplicate. First attempt didn't seem to go >> through...] >> >> Hi All, >> On our site we offer the option for visitors to send emails to our >> members enrolled in the site. Clicking the link opens a simple form >> that we then process and forward to the member. >> >> Problem is that we've been discovered by one or more bots. Most >> send an email body of pure gibberish formated to look like a >> combination of html and BBcode. None of the links will lead >> anywhere as the domains don't exist. Some of the emails contain >> references to the usual porn content. >> >> I assume these are probes to see how we react. We don't send any >> response to the bots, but the messages do get delivered to our >> members. This is what we'd like to avoid. >> >> I'm wondering if anyone has experienced this sort of problem and >> if you were able to address it. >> >> My current thinking is to filter the messages against a banned >> word list assigning points. Too many points and the message is >> Spam. I also have the idea to test the message against a spell >> checker and determine the percentage of miss spelled words >> (gibberish). Percent too high = spam. I'm sure there is a command >> line spell checker available in Mac OS X, but haven't found that >> info yet. >> >> I appreciate any comments and suggestions anyone could offer. >> >> >> Kind Regards, >> >> ********************************************************************* >> Bill Leddy >> bill@... >> William Leddy Business Consulting >> Custom Database Solutions >> 3145 17th Street >> Sacramento, CA 95818 Phone: (916) >> 444-2903 >> >> "On the desktop and on the web" >> >> ********************************************************************* >> >> >> >> _______________________________________________ >> Active4D-dev mailing list >> Active4D-dev@... >> http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev >> Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ > > _______________________________________________ > Active4D-dev mailing list > Active4D-dev@... > http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev > Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ > _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
|
|
Re: [Off] Detecting Spam
by Mehboob Alam
::
Rate this Message:
Rather than trying to rewrite the wheel.. I'm giving this a
try.. the PHP version. It was on sale last week at 50% off, so it was an impulse buy. http://www.bebosoft.com/products/formstogo/ Once I set it up, I'll probably try to see if I can port the code back into Active4D. Or, may not :) sincerely, mehboob alam "My interest is in the future because I am going to spend the rest of my life there." - Charles Kettering _______________________________________________ Active4D-dev mailing list Active4D-dev@... http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/ |
| Free Forum Powered by Nabble | Forum Help |