|
»
»
»
Dealing with forum spammers
|
View:
New views
6 Messages
—
Rating Filter:
Alert me
|
 |
Dealing with forum spammers
by Joe-119
::
Rate this Message:
In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it.
Other ideas. Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot. Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer. Hope this helps. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
|
|
Re: Dealing with forum spammers
by csnyder
::
Rate this Message:
On Tue, Oct 14, 2008 at 11:44 AM, Joe <joedevon@...> wrote:
> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. > > Other ideas. > > Create a question where people have answer for example "5+2". Or forego that because it's a pain and simply add a form field that you use css to hide from humans and if that field gets filled out, then you know it's a bot and you don't let them in. Or alternatively, if they fail that test, you can pop up a captcha. You can also add some javascript which scrapers tend not to scrape, so if the javascript wasn't pulled with the page, you know it's likely a bot. > > Also add a referer requirement. Make sure the previous page to form submission came from one of your domains. If it didn't, it's likely a scammer. > > Hope this helps. > Yeah, this is a "really hard" problem, on the order of stopping spam from coming into your inbox. For most sites, on most days, you can get by with a few of the hacks suggested above. Your goal is really to make your site just different enough that the spammers will have to rewrite their script in order to spam you. Most will simply move on rather than do that. But since we're developers here, we kind of need to think long-term about the problem. The more 5+2 solutions and tarpit hidden fields that spammers encounter over time, the smarter their scripts are going to get. It's a classic arms race. If I was going to write any sort of comments framework today (and that includes web forms, or anything else that solicits input from the anonymous web) I would design it so that everything went through a spam filter first, and the bigger the better. Like GMail if you can accept that from a privacy point of view, or your organization's internal spam filter. Then, and only then, would I allow the filtered comments/responses back into the web system. The downside is a huge increase in complexity, and a potential lack of transparency (false positives are a problem, and how do you train the system?). But comment spam IS spam, they are the same problem. Actually a little worse, because it's much easier to find comments forms on the web than it is to find working email addresses. Chris Snyder http://chxor.chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
|
|
Re: Dealing with forum spammers
by csnyder
::
Rate this Message:
On Tue, Oct 14, 2008 at 12:39 PM, csnyder <chsnyder@...> wrote:
> On Tue, Oct 14, 2008 at 11:44 AM, Joe <joedevon@...> wrote: >> In response to the fellow having problems with forum spammer, google "Bad Behavior" and install it. Just looked at Bad Behavior, and it looks like an excellent tool to add to the kit. But really, how primitive are your spamming bots if they can't deliver a plausible set of HTTP headers? _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
|
|
Re: Dealing with forum spammers
by sbeam-2
::
Rate this Message:
On Tuesday 14 October 2008 12:39, csnyder wrote:
> I would design it so that everything went through a > spam filter first, and the bigger the better. Like GMail if you can > accept that from a privacy point of view, or your organization's > internal spam filter. Then, and only then, would I allow the filtered > comments/responses back into the web system. > > The downside is a huge increase in complexity, and a potential lack of > transparency (false positives are a problem, and how do you train the > system?). But comment spam IS spam, they are the same problem. > Actually a little worse, because it's much easier to find comments > forms on the web than it is to find working email addresses. Akismet should be mentioned here, a popular spam detection ASP, free for non-commercial use http://akismet.com/ Have used it in a couple sites, easy to use API and it has a really good effect. False positives about 2% of the time - but you can usually see why it "thought" they were spam.... The admin backend has a comment log where moderator can manually approve where needed, similar to wordpress. enjoy, Sam _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
|
|
Re: Dealing with forum spammers
by sbeam-2
::
Rate this Message:
On Tuesday 14 October 2008 13:11, csnyder wrote:
> Just looked at Bad Behavior, and it looks like an excellent tool to > add to the kit. > hey. that looks interesting too. But it sounds http://www.bad-behavior.ioerror.us/documentation/how-it-works/ like it is just looking at HTTP headers? if you are running Apache is maybe better handled by mod_security http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html which does that and a whole lot more, with less overhead because it never gets to the request processing phase. If you are a hosting provider and have untrusted web apps running on it, it has to be recommended. It will deny not only spam bots but most w0rms and brute force attacks (false positives being a problem here as well though) OTOH if you don't have root, then BB would be a good line of defense. > But really, how primitive are your spamming bots if they can't deliver > a plausible set of HTTP headers? most of them are very stupid and have "Perl/LWP" in the User-Agent header for instance. They are no more advanced than they have to be. Sam _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
|
|
Re: Dealing with forum spammers
by Steve Manes
::
Rate this Message:
sbeam wrote:
> Akismet should be mentioned here, a popular spam detection ASP, free for > non-commercial use > http://akismet.com/ Another new entry is Mollum (www.mollum.com). It was created by the lead developer of Drupal, Dries Buytaert. It bundles up concepts from Akismet, Captcha, Razor and SpamAssassin (Baysian filtering) into a pretty effective anti-spam package. I use it on BrooklynRowHouse.com. It only generates a Captcha (visual and aural) when it's unsure. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php |
| Free Forum Powered by Nabble | Forum Help |
