Hi there!
=20
Anyone who know who spammers operate? Is the content sent through the 80-po=
rt or what? I want to know for building a better spam-filter in php...
=20
Best regards
/Gustav Wiberg
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You're talking about comment spammers and such, right?
Most spammers use all their skillz to mimic real users as much as
possible. So yeah, they use port80, their softwares identify as ligit
browsers, they write stuff that looks almost real, and so on.
The best that's out there is captcha image verification systems, IMO...
Mostly because it's too much of a hassle for the spammers to get past..
They'd just move on to another site without captcha protection.
You have any cool ideas on how to further a spam protection beyond captcha?
Mike
Gustav Wiberg skrev:
> Hi there!
>
> Anyone who know who spammers operate? Is the content sent through the 80-port or what? I want to know for building a better spam-filter in php...
>
> Best regards
> /Gustav Wiberg
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Michael!
Yes, it's correct.
Actually I'm not using captha, I'm using another technique described in=20
http://www.phpclasses.org/browse/package/3817.html
I've tested it for a while in it works really great :-)
But now I'm interested HOW the spammers work, because I want to learn how m=
y enemies work ;-)
Best regards
/Gustav Wiberg
=20
-----Original Message-----
From: Mikael Grön [mailto:php@emgee.se]=20
Sent: Thursday, June 14, 2007 9:22 AM
To: 'php windows' (php-windows@lists.php.net)
Subject: Re: [PHP-WIN] Spammers?
You're talking about comment spammers and such, right?
Most spammers use all their skillz to mimic real users as much as=20
possible. So yeah, they use port80, their softwares identify as ligit=20
browsers, they write stuff that looks almost real, and so on.
The best that's out there is captcha image verification systems, IMO...=20
Mostly because it's too much of a hassle for the spammers to get past..=20
They'd just move on to another site without captcha protection.
You have any cool ideas on how to further a spam protection beyond captcha?
Mike
Gustav Wiberg skrev:
> Hi there!
> =20
> Anyone who know who spammers operate? Is the content sent through the 80-=
port or what? I want to know for building a better spam-filter in php...
> =20
> Best regards
> /Gustav Wiberg
>
> =20
--=20
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Thursday, June 14, 2007, 8:19:00 AM, Gustav wrote:
> Anyone who know who spammers operate?
---
I did at one time suffer injection attacks where the spammers used
their own form to take advantage of inherent weaknesses of the PHP
mail() function to inject messages and recipient addresses that
overrode the data in one of my "dial home" forms. I've now hardened up
my scripts considerably and any attempt to inject an email address
into a field that isn't expecting one causes an error message.
Search the Internet for "PHP mail() injection attack" for several
articles that both describe the issues and suggest defences.
HTH,
--
Geoff
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You could stop stuff like them using their own forms with referral
checking.. Though some people disable referrals in their browsers (i.e.
with the Web Developer Toolbar in Firefox), that would hinder some to post.
Mike
Geoff Lane skrev:
> On Thursday, June 14, 2007, 8:19:00 AM, Gustav wrote:
>
>
>> Anyone who know who spammers operate?
>>
> ---
>
> I did at one time suffer injection attacks where the spammers used
> their own form to take advantage of inherent weaknesses of the PHP
> mail() function to inject messages and recipient addresses that
> overrode the data in one of my "dial home" forms. I've now hardened up
> my scripts considerably and any attempt to inject an email address
> into a field that isn't expecting one causes an error message.
>
> Search the Internet for "PHP mail() injection attack" for several
> articles that both describe the issues and suggest defences.
>
> HTH,
>
>
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php