Spam opinions please

I have several sites that are getting hit with form spam. I have the script
set up to capture the IP address so I know from where they come. I found a
short script that is supposed to stop these IP addresses from accessing the
form page, it redirects the spammer to another page (I was going to redirect
to a page that has lots of pop-ups, scantily clad men and offers of joy
beyond imagination), but someone suggested I redirect to the Federal Trade
Commission or perhpas the FBI.

Any thoughts on the script and its effectivness?

$deny = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header("location: http://www.google.com/");
exit();
} ?>Gary



__________ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

That will work just for one IP, but they could spam you from another
IP. I suggest you add a good captcha to the form and that way you can
avoid spam forever.

Regards,

Jonathan

On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote:
> I have several sites that are getting hit with form spam. =A0I have the s=
cript
> set up to capture the IP address so I know from where they come. =A0I fou=
nd a
> short script that is supposed to stop these IP addresses from accessing t=
he
> form page, it redirects the spammer to another page (I was going to redir=
ect
> to a page that has lots of pop-ups, scantily clad men and offers of joy
> beyond imagination), but someone suggested I redirect to the Federal Trad=
e
> Commission or perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny =3D array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> =A0 header("location: http://www.google.com/");
> =A0 exit();
> } ?>Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signatu=
re database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

--=-2uhoXWpWzOiO357QlUck
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-10-20 at 14:31 -0400, Gary wrote:

> I have several sites that are getting hit with form spam. I have the script
> set up to capture the IP address so I know from where they come. I found a
> short script that is supposed to stop these IP addresses from accessing the
> form page, it redirects the spammer to another page (I was going to redirect
> to a page that has lots of pop-ups, scantily clad men and offers of joy
> beyond imagination), but someone suggested I redirect to the Federal Trade
> Commission or perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny = array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> header("location: http://www.google.com/");
> exit();
> } ?>Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>


A few things immediately spring to mind:

How are you being hit? Is it through an automated process (bot) on your
form, or a real person?
If you are being hit from bots, is it from a zombie network or a few
machines?

If you are being hit by bots from a zombie, then this solution won't
work well, as the list of IP addresses you'll have will be huge, and
will potentially include many of your real visitors who didn't realise
their computer was not their own any more.

If you are being hit by bots that are not part of a botnet, then
redirecting them to another page is essentially fruitless, as the bots
really don't care.

If you are being hit by humans, then are the IP addresses always going
to relate to those same persons, or are they part of a dynamic range
that and ISP serves out amongst all of its customers?

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-2uhoXWpWzOiO357QlUck--

Re: Spam opinions please

Thanks, and I understand, however I am trying to avoid the captcha if
possible. They are all or mostly coming from the same IP which is why I
thought this would help.

Gary

"Jonathan Tapicer" wrote in message
news:4603e2db0910201136q5e835193he4abbac75ef11172@mail.gmail .com...
That will work just for one IP, but they could spam you from another
IP. I suggest you add a good captcha to the form and that way you can
avoid spam forever.

Regards,

Jonathan

On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote:
> I have several sites that are getting hit with form spam. I have the
> script
> set up to capture the IP address so I know from where they come. I found a
> short script that is supposed to stop these IP addresses from accessing
> the
> form page, it redirects the spammer to another page (I was going to
> redirect
> to a page that has lots of pop-ups, scantily clad men and offers of joy
> beyond imagination), but someone suggested I redirect to the Federal Trade
> Commission or perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny = array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> header("location: http://www.google.com/");
> exit();
> } ?>Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

__________ Information from ESET Smart Security, version of virus signature
database 4526 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





__________ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

--0016e6d9a3274b051b0476622dbb
Content-Type: text/plain; charset=UTF-8

On Tue, Oct 20, 2009 at 2:36 PM, Jonathan Tapicer wrote:

> That will work just for one IP, but they could spam you from another
> IP. I suggest you add a good captcha to the form and that way you can
> avoid spam forever.
>
> Regards,
>
> Jonathan
>
> On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote:
> > I have several sites that are getting hit with form spam. I have the
> script
> > set up to capture the IP address so I know from where they come. I found
> a
> > short script that is supposed to stop these IP addresses from accessing
> the
> > form page, it redirects the spammer to another page (I was going to
> redirect
> > to a page that has lots of pop-ups, scantily clad men and offers of joy
> > beyond imagination), but someone suggested I redirect to the Federal
> Trade
> > Commission or perhpas the FBI.
> >
> > Any thoughts on the script and its effectivness?
> >
> > > > $deny = array("111.111.111", "222.222.222", "333.333.333");
> > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> > header("location: http://www.google.com/");
> > exit();
> > } ?>Gary
> >
> >
> >
> > __________ Information from ESET Smart Security, version of virus
> signature database 4526 (20091020) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Here is a tutorial on captcha

http://blog.sankhomallik.com/2008/12/17/tutorial-using-zend_ captcha_image/


--
"Good Enough" is not good enough.
To give anything less than your best is to sacrifice the gift.
Quality First. Measure Twice. Cut Once.

--0016e6d9a3274b051b0476622dbb--

Re: Spam opinions please

--=-a8PTUiPvBojsZV8IjvAo
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:

> That will work just for one IP, but they could spam you from another
> IP. I suggest you add a good captcha to the form and that way you can
> avoid spam forever.
>
> Regards,
>
> Jonathan


Firstly, in_array() is used in his example, so it will look for all the
IP addresses in the array, not just one.

Secondly, even the best captchas can be got around. Just look at what
happened to Google a while back. And then what if you make the captcha
too hard to discern? You'd essentially be breaking the law by impeding
hard of seeing or blind users...

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-a8PTUiPvBojsZV8IjvAo--

Re: Spam opinions please

On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:

> I have several sites that are getting hit with form spam. I have the script
> set up to capture the IP address so I know from where they come. I found a
> short script that is supposed to stop these IP addresses from accessing the
> form page, it redirects the spammer to another page (I was going to redirect
> to a page that has lots of pop-ups, scantily clad men and offers of joy
> beyond imagination), but someone suggested I redirect to the Federal Trade
> Commission or perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny = array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> header("location: http://www.google.com/");
> exit();
> } ?>Gary
>

Have you tried CAPTCHA?

Paul

--
Paul M. Foster

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan
wrote:
>
> On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:
>
> That will work just for one IP, but they could spam you from another
> IP. I suggest you add a good captcha to the form and that way you can
> avoid spam forever.
>
> Regards,
>
> Jonathan
>
> Firstly, in_array() is used in his example, so it will look for all the IP addresses in the array, not just one.
>
> Secondly, even the best captchas can be got around. Just look at what happened to Google a while back. And then what if you make the captcha too hard to discern? You'd essentially be breaking the law by impeding hard of seeing or blind users...
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>

Even if he puts a list or range of IPs he could always be attacked
from an IP not in that list/range.

About the blind users, he can use recaptcha (recently aquired by
Google), http://recaptcha.net/, which has an audio version captcha.

I'm not saying that the filter by IP won't work, but it won't be 100%
effective, and a captcha will.

Regards,

Jonathan

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

NO I have not, I think my issue is I hate when I run across one, it usually
takes me more than one try to actually figure out what the charactor is, so
hence my disdain.


GAry


"Paul M Foster" wrote in message
news:20091020184001.GI3163@quillandmouse.com...
> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:
>
>> I have several sites that are getting hit with form spam. I have the
>> script
>> set up to capture the IP address so I know from where they come. I found
>> a
>> short script that is supposed to stop these IP addresses from accessing
>> the
>> form page, it redirects the spammer to another page (I was going to
>> redirect
>> to a page that has lots of pop-ups, scantily clad men and offers of joy
>> beyond imagination), but someone suggested I redirect to the Federal
>> Trade
>> Commission or perhpas the FBI.
>>
>> Any thoughts on the script and its effectivness?
>>
>> >> $deny = array("111.111.111", "222.222.222", "333.333.333");
>> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
>> header("location: http://www.google.com/");
>> exit();
>> } ?>Gary
>>
>
> Have you tried CAPTCHA?
>
> Paul
>
> --
> Paul M. Foster
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>



__________ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

Jonathan Tapicer wrote:
> I suggest you add a good captcha to the form and that way you can
> avoid spam forever.

You can find a question/answer based CAPTCHA system here.
http://www.network-technologies.org/tiny.php?id=1

The system can be used to protect comment forms, email forms or act as a
bot trap.
The system works by writing the IP of the offender to the .htaccess
file, blocking the bot from the entire site. A page is displayed where
someone can remove his/her IP from the blocklist and regain access to
the page.
The class also checks the DNS record before blocking to prevent a good
bot, like Googlebot, from being blocked.

Comment spam has been reduced to almost zero on all my pages thanks to
CAPTCHAv2. The only ones getting through now are the ones submitted by
humans.


--
John

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

I believe they are human spammers as all the input fields are correctly
filled out (phone in phone, address in address etc).

As I said they are mostly the same IP.

Would it be better to include this script in the processing script rather
than at the top of the page?

Gary

"Ashley Sheridan" wrote in message
news:1256063819.2359.4.camel@localhost...
> On Tue, 2009-10-20 at 14:31 -0400, Gary wrote:
>
>> I have several sites that are getting hit with form spam. I have the
>> script
>> set up to capture the IP address so I know from where they come. I found
>> a
>> short script that is supposed to stop these IP addresses from accessing
>> the
>> form page, it redirects the spammer to another page (I was going to
>> redirect
>> to a page that has lots of pop-ups, scantily clad men and offers of joy
>> beyond imagination), but someone suggested I redirect to the Federal
>> Trade
>> Commission or perhpas the FBI.
>>
>> Any thoughts on the script and its effectivness?
>>
>> >> $deny = array("111.111.111", "222.222.222", "333.333.333");
>> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
>> header("location: http://www.google.com/");
>> exit();
>> } ?>Gary
>>
>>
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 4526 (20091020) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>>
>
>
> A few things immediately spring to mind:
>
> How are you being hit? Is it through an automated process (bot) on your
> form, or a real person?
> If you are being hit from bots, is it from a zombie network or a few
> machines?
>
> If you are being hit by bots from a zombie, then this solution won't
> work well, as the list of IP addresses you'll have will be huge, and
> will potentially include many of your real visitors who didn't realise
> their computer was not their own any more.
>
> If you are being hit by bots that are not part of a botnet, then
> redirecting them to another page is essentially fruitless, as the bots
> really don't care.
>
> If you are being hit by humans, then are the IP addresses always going
> to relate to those same persons, or are they part of a dynamic range
> that and ISP serves out amongst all of its customers?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>



__________ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

Gary wrote:
> I believe they are human spammers as all the input fields are correctly
> filled out (phone in phone, address in address etc).
> As I said they are mostly the same IP.
> Would it be better to include this script in the processing script rather
> than at the top of the page?


If it is fixed list of IPs you could add them to the .htaccess file like
this:

order allow,deny
deny from xxx.xxx.xxx.xxx
allow from all

This way it is handled by your webserver and you don't need to run a
script on every page.

Keep in mind that a lot of comment spam is sent out from infected
machines. So if the IPs belong to a big ISP it is possible to block a
lot of users if you block the proxy.
Check the IPs via Arin to be sure
http://ws.arin.net/whois/
I have noticed that a blocked spammer will sometimes reconnect from a
totally different IP and resubmit the same information.

Regarding the properly filled out forms, spam bots are pretty good about
placing valid data into the correct fields, some are better then others.

--
John

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

I had once by mistake had an include that included itself, so an endless
loop was created and it crashed my machine, my other thought was to redirect
to a page like that. (of course revengful visions of entire 3rd world
servers crashing and entire annoying industries imploding soon follow...but
I digress).

Gary

""Gary"" wrote in message
news:DA.85.39240.D220EDA4@pb1.pair.com...
>I have several sites that are getting hit with form spam. I have the
>script set up to capture the IP address so I know from where they come. I
>found a short script that is supposed to stop these IP addresses from
>accessing the form page, it redirects the spammer to another page (I was
>going to redirect to a page that has lots of pop-ups, scantily clad men and
>offers of joy beyond imagination), but someone suggested I redirect to the
>Federal Trade Commission or perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny = array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> header("location: http://www.google.com/");
> exit();
> } ?>Gary
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4526 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4527 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>



__________ Information from ESET Smart Security, version of virus signature database 4527 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: Spam opinions please

--_4c1a6911-4809-4cfe-bfd1-b08aa85192b8_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


I agree=2C o good captcha will be better=2C but the idea to redirect can be=
better=2C you can save in db the ip=2C and send then to fbi in a periodic =
time.


Yuri Yarlei.
www.yuriyarlei.net (under construction)
Programmer PHP=2C CSS=2C Java=2C PostregreSQL=3B
Today PHP=2C tomorrow Java=2C after the world.
Kyou wa PHP=2C ashita wa Java=2C sono ato sekai desu.



=20
> Date: Tue=2C 20 Oct 2009 15:36:04 -0300
> From: tapicer@gmail.com
> To: gwpaul@ptd.net
> CC: php-general@lists.php.net
> Subject: Re: [PHP] Spam opinions please
>=20
> That will work just for one IP=2C but they could spam you from another
> IP. I suggest you add a good captcha to the form and that way you can
> avoid spam forever.
>=20
> Regards=2C
>=20
> Jonathan
>=20
> On Tue=2C Oct 20=2C 2009 at 3:31 PM=2C Gary wrote:
> > I have several sites that are getting hit with form spam. I have the s=
cript
> > set up to capture the IP address so I know from where they come. I fou=
nd a
> > short script that is supposed to stop these IP addresses from accessing=
the
> > form page=2C it redirects the spammer to another page (I was going to r=
edirect
> > to a page that has lots of pop-ups=2C scantily clad men and offers of j=
oy
> > beyond imagination)=2C but someone suggested I redirect to the Federal =
Trade
> > Commission or perhpas the FBI.
> >
> > Any thoughts on the script and its effectivness?
> >
> > > > $deny =3D array("111.111.111"=2C "222.222.222"=2C "333.333.333")=3B
> > if (in_array ($_SERVER['REMOTE_ADDR']=2C $deny)) {
> > header("location: http://www.google.com/")=3B
> > exit()=3B
> > } ?>Gary
> >
> >
> >
> > __________ Information from ESET Smart Security=2C version of virus sig=
nature database 4526 (20091020) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe=2C visit: http://www.php.net/unsub.php
> >
> >
>=20
> --=20
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe=2C visit: http://www.php.net/unsub.php
>=20
=20
____________________________________________________________ _____
Acesse o Portal MSN do seu celular e se mantenha sempre atualizado. Clique =
aqui.
http://www.windowslive.com.br/celular/home.asp?utm_source=3D MSN_Hotmail&utm=
_medium=3DTagline&utm_campaign=3DMobileServices200908=

--_4c1a6911-4809-4cfe-bfd1-b08aa85192b8_--

Re: Spam opinions please

--=-ce8YS7I1YQDJpHav/h6W
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-10-20 at 15:46 -0300, Jonathan Tapicer wrote:

> On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan
> wrote:
> >
> > On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote:
> >
> > That will work just for one IP, but they could spam you from another
> > IP. I suggest you add a good captcha to the form and that way you can
> > avoid spam forever.
> >
> > Regards,
> >
> > Jonathan
> >
> > Firstly, in_array() is used in his example, so it will look for all the IP addresses in the array, not just one.
> >
> > Secondly, even the best captchas can be got around. Just look at what happened to Google a while back. And then what if you make the captcha too hard to discern? You'd essentially be breaking the law by impeding hard of seeing or blind users...
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
>
> Even if he puts a list or range of IPs he could always be attacked
> from an IP not in that list/range.
>
> About the blind users, he can use recaptcha (recently aquired by
> Google), http://recaptcha.net/, which has an audio version captcha.
>
> I'm not saying that the filter by IP won't work, but it won't be 100%
> effective, and a captcha will.
>
> Regards,
>
> Jonathan
>


You still missed the point I made about Googles captcha being
circumvented by bots. Also, as he's stated a few times, the entries are
made by humans. I know of no captchas which stop only spammers...

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-ce8YS7I1YQDJpHav/h6W--

Re: Spam opinions please

--=-UqDVxb/4oAJbgyu6seqP
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:

> Gary wrote:
> > I believe they are human spammers as all the input fields are correctly
> > filled out (phone in phone, address in address etc).
> > As I said they are mostly the same IP.
> > Would it be better to include this script in the processing script rather
> > than at the top of the page?
>
>
> If it is fixed list of IPs you could add them to the .htaccess file like
> this:
>
> order allow,deny
> deny from xxx.xxx.xxx.xxx
> allow from all
>
> This way it is handled by your webserver and you don't need to run a
> script on every page.
>
> Keep in mind that a lot of comment spam is sent out from infected
> machines. So if the IPs belong to a big ISP it is possible to block a
> lot of users if you block the proxy.
> Check the IPs via Arin to be sure
> http://ws.arin.net/whois/
> I have noticed that a blocked spammer will sometimes reconnect from a
> totally different IP and resubmit the same information.
>
> Regarding the properly filled out forms, spam bots are pretty good about
> placing valid data into the correct fields, some are better then others.
>
> --
> John
>


I'd go with this method if you can, as it will take quite a load off of
your servers. However, try not to be too liberal with it, as it may end
up preventing genuine access if the spammers are coming from dynamic IP
addresses.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-UqDVxb/4oAJbgyu6seqP--

Re: Spam opinions please

On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan
wrote:
> On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:
>
>> Gary wrote:
>> > I believe they are human spammers as all the input fields are correctly
>> > filled out (phone in phone, address in address etc).
>> > As I said they are mostly the same IP.
>> > Would it be better to include this script in the processing script rather
>> > than at the top of the page?
>>
>>
>> If it is fixed list of IPs you could add them to the .htaccess file like
>> this:
>>
>> order allow,deny
>> deny from xxx.xxx.xxx.xxx
>> allow from all
>>
>> This way it is handled by your webserver and you don't need to run a
>> script on every page.
>>
>> Keep in mind that a lot of comment spam is sent out from infected
>> machines. So if the IPs belong to a big ISP it is possible to block a
>> lot of users if you block the proxy.
>> Check the IPs via Arin to be sure
>> http://ws.arin.net/whois/
>> I have noticed that a blocked spammer will sometimes reconnect from a
>> totally different IP and resubmit the same information.
>>
>> Regarding the properly filled out forms, spam bots are pretty good about
>> placing valid data into the correct fields, some are better then others.
>>
>> --
>> John
>>
>
>
> I'd go with this method if you can, as it will take quite a load off of
> your servers. However, try not to be too liberal with it, as it may end
> up preventing genuine access if the spammers are coming from dynamic IP
> addresses.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>

Add a hidden field that should not hold a value. Spam bots will try to
fill all fields with that value, so if there is one send back a 404
message to the bot and dump the record

--

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

Hey Gary

Gary wrote on 2009-10-20 20:31:
> I have several sites that are getting hit with form spam. I have the script
> set up to capture the IP address so I know from where they come.

I see that a lot suggested CAPTCHA, I don't like those either.

The IP solution will give you a constant maintaince problem unless you
save the submissions in database and look for similar postings, then
blocks the IPs. Or just block them right away if they suggests the usual
sheiitee like 400 euro casino rewards etc...

What I've done to fix those issues when I had them was to set a session
var on the frontpage of the site and check on that. If it doesn't exists
when the user enters the page with the form, then I tell them and just
don't show the form. Of course the clever programmer can create a script
that first goes to the frontpage, then the form page, but so far I'm
pretty happy with the solution, no spam for 3 years :-)

--
Kind regards
Kim Emax - masterminds.dk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

I have a honeypot in there already, another reason I think it is human spam
and not da bot.

Gary


"Bastien Koert" wrote in message
news:d7b6cab70910201337v5c18284aya022f48e139437b1@mail.gmail .com...
> On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan
> wrote:
>> On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:
>>
>>> Gary wrote:
>>> > I believe they are human spammers as all the input fields are
>>> > correctly
>>> > filled out (phone in phone, address in address etc).
>>> > As I said they are mostly the same IP.
>>> > Would it be better to include this script in the processing script
>>> > rather
>>> > than at the top of the page?
>>>
>>>
>>> If it is fixed list of IPs you could add them to the .htaccess file like
>>> this:
>>>
>>> order allow,deny
>>> deny from xxx.xxx.xxx.xxx
>>> allow from all
>>>
>>> This way it is handled by your webserver and you don't need to run a
>>> script on every page.
>>>
>>> Keep in mind that a lot of comment spam is sent out from infected
>>> machines. So if the IPs belong to a big ISP it is possible to block a
>>> lot of users if you block the proxy.
>>> Check the IPs via Arin to be sure
>>> http://ws.arin.net/whois/
>>> I have noticed that a blocked spammer will sometimes reconnect from a
>>> totally different IP and resubmit the same information.
>>>
>>> Regarding the properly filled out forms, spam bots are pretty good about
>>> placing valid data into the correct fields, some are better then others.
>>>
>>> --
>>> John
>>>
>>
>>
>> I'd go with this method if you can, as it will take quite a load off of
>> your servers. However, try not to be too liberal with it, as it may end
>> up preventing genuine access if the spammers are coming from dynamic IP
>> addresses.
>>
>> Thanks,
>> Ash
>> http://www.ashleysheridan.co.uk
>>
>>
>>
>
> Add a hidden field that should not hold a value. Spam bots will try to
> fill all fields with that value, so if there is one send back a 404
> message to the bot and dump the record
>
> --
>
> Bastien
>
> Cat, the other other white meat
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4527 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>



__________ Information from ESET Smart Security, version of virus signature database 4527 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

I like that idea,so in other words they have to get to the form from another
page on the site, and you set a time limit for a minimum amount of time they
spend on the page(5-10 seconds)?

Gary


"Kim Madsen" wrote in message
news:4ADE206F.6030209@emax.dk...
> Hey Gary
>
> Gary wrote on 2009-10-20 20:31:
>> I have several sites that are getting hit with form spam. I have the
>> script set up to capture the IP address so I know from where they come.
>
> I see that a lot suggested CAPTCHA, I don't like those either.
>
> The IP solution will give you a constant maintaince problem unless you
> save the submissions in database and look for similar postings, then
> blocks the IPs. Or just block them right away if they suggests the usual
> sheiitee like 400 euro casino rewards etc...
>
> What I've done to fix those issues when I had them was to set a session
> var on the frontpage of the site and check on that. If it doesn't exists
> when the user enters the page with the form, then I tell them and just
> don't show the form. Of course the clever programmer can create a script
> that first goes to the frontpage, then the form page, but so far I'm
> pretty happy with the solution, no spam for 3 years :-)
>
> --
> Kind regards
> Kim Emax - masterminds.dk
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4527 (20091020) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>



__________ Information from ESET Smart Security, version of virus signature database 4527 (20091020) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

Gary wrote on 2009-10-20 22:55:
> I like that idea,so in other words they have to get to the form from another
> page on the site, and you set a time limit for a minimum amount of time they
> spend on the page(5-10 seconds)?

I don't set any time, just the session to prevent direct hits from a
spam script. But if you wanna improve the solution using a time check
you could save a microtime() value in the session and the test it
against current time on the form page and the have a min. threshold that
is accepted.

--
Kind regards
Kim Emax - masterminds.dk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

On Tue, 20 Oct 2009 14:31:53 -0400
"Gary" wrote:

> I have several sites that are getting hit with form spam. I have the
> script set up to capture the IP address so I know from where they
> come. I found a short script that is supposed to stop these IP
> addresses from accessing the form page, it redirects the spammer to
> another page (I was going to redirect to a page that has lots of
> pop-ups, scantily clad men and offers of joy beyond imagination), but
> someone suggested I redirect to the Federal Trade Commission or
> perhpas the FBI.
>
> Any thoughts on the script and its effectivness?
>
> > $deny = array("111.111.111", "222.222.222", "333.333.333");
> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> header("location: http://www.google.com/");
> exit();
> } ?>Gary
>
>

There are several options to stop spammers, although none of them will
completely eliminate all spam. For a forum I prefer the .htaccess
method.

There is a website dedicated to keeping track of forum spammers,
http://stopforumspam.com and depending on your forum you could add an
anti-spam mod that will query their database. On the site they have
mods for phpbb, vBulletin and SMF.

I wrote a Python script that uses a Python Library that's also posted
on their site. The Python program basically use an Apache log file for
the IP's checks them at Stop Forum Spam and adds spam IP in
the .htaccess file. I have it set up in cron to run daily.
For a little bit more detailed description and the program itself:
http://blog.avirtualhome.com/2009/10/08/stop-spammers-in-you r-htaccess/


--
Peter van der Does

GPG key: E77E8E98

IRC: Ganseki on irc.freenode.net
Twitter: @petervanderdoes

WordPress Plugin Developer
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Twitter: @avhsoftware

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

--=-EymtlGv7JvJaNoiObzvS
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-10-20 at 23:41 +0200, Kim Madsen wrote:

> Gary wrote on 2009-10-20 22:55:
> > I like that idea,so in other words they have to get to the form from another
> > page on the site, and you set a time limit for a minimum amount of time they
> > spend on the page(5-10 seconds)?
>
> I don't set any time, just the session to prevent direct hits from a
> spam script. But if you wanna improve the solution using a time check
> you could save a microtime() value in the session and the test it
> against current time on the form page and the have a min. threshold that
> is accepted.
>
> --
> Kind regards
> Kim Emax - masterminds.dk
>


Almost all of the suggestions so far have been to prevent bots, which is
great, but the op has mentioned a few times that it's human spammers
that are the problem.

Have you considered using some sort of language analysis algorithm on
the text to determine if it is spam or not, in a way similar to email
spam detection. Do a search for 'php spam filters' and there are quite a
few different possible options.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-EymtlGv7JvJaNoiObzvS--

Re: Spam opinions please

On Oct 20, 2009, at 1:48 PM, Gary wrote:

> NO I have not, I think my issue is I hate when I run across one, it
> usually
> takes me more than one try to actually figure out what the charactor
> is, so
> hence my disdain.
>
>
> GAry

Here are some captchas:

"What's three minus two?"
"Which word is listed first in the dictionary: apple, banana, pizza?"
"Add 4 plus 5"

Create a list of simple questions that only humans can answer. I find
these to be less annoying.

~Philip


> "Paul M Foster" wrote in message
> news:20091020184001.GI3163@quillandmouse.com...
>> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:
>>
>>> I have several sites that are getting hit with form spam. I have
>>> the
>>> script
>>> set up to capture the IP address so I know from where they come.
>>> I found
>>> a
>>> short script that is supposed to stop these IP addresses from
>>> accessing
>>> the
>>> form page, it redirects the spammer to another page (I was going to
>>> redirect
>>> to a page that has lots of pop-ups, scantily clad men and offers
>>> of joy
>>> beyond imagination), but someone suggested I redirect to the Federal
>>> Trade
>>> Commission or perhpas the FBI.
>>>
>>> Any thoughts on the script and its effectivness?
>>>
>>> >>> $deny = array("111.111.111", "222.222.222", "333.333.333");
>>> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
>>> header("location: http://www.google.com/");
>>> exit();
>>> } ?>Gary
>>>
>>
>> Have you tried CAPTCHA?
>>
>> Paul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

I have always thought that by putting some simple, readable ttext into a
graphic (eg.apple) and asking people to type it in a space, that would work,
but that does not stop the humans..

Gary


"Philip Thompson" wrote in message
news:9BF33458-4A91-4A23-BCB8-EBE13269F0F1@gmail.com...
> On Oct 20, 2009, at 1:48 PM, Gary wrote:
>
>> NO I have not, I think my issue is I hate when I run across one, it
>> usually
>> takes me more than one try to actually figure out what the charactor is,
>> so
>> hence my disdain.
>>
>>
>> GAry
>
> Here are some captchas:
>
> "What's three minus two?"
> "Which word is listed first in the dictionary: apple, banana, pizza?"
> "Add 4 plus 5"
>
> Create a list of simple questions that only humans can answer. I find
> these to be less annoying.
>
> ~Philip
>
>
>> "Paul M Foster" wrote in message
>> news:20091020184001.GI3163@quillandmouse.com...
>>> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:
>>>
>>>> I have several sites that are getting hit with form spam. I have the
>>>> script
>>>> set up to capture the IP address so I know from where they come. I
>>>> found
>>>> a
>>>> short script that is supposed to stop these IP addresses from
>>>> accessing
>>>> the
>>>> form page, it redirects the spammer to another page (I was going to
>>>> redirect
>>>> to a page that has lots of pop-ups, scantily clad men and offers of
>>>> joy
>>>> beyond imagination), but someone suggested I redirect to the Federal
>>>> Trade
>>>> Commission or perhpas the FBI.
>>>>
>>>> Any thoughts on the script and its effectivness?
>>>>
>>>> >>>> $deny = array("111.111.111", "222.222.222", "333.333.333");
>>>> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
>>>> header("location: http://www.google.com/");
>>>> exit();
>>>> } ?>Gary
>>>>
>>>
>>> Have you tried CAPTCHA?
>>>
>>> Paul
>
> __________ Information from ESET Smart Security, version of virus
> signature database 4534 (20091022) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>



__________ Information from ESET Smart Security, version of virus signature database 4534 (20091022) __________

The message was checked by ESET Smart Security.

http://www.eset.com





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

--=-lZ0yGXBkWLRXso9YZTdd
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Thu, 2009-10-22 at 19:39 -0400, Gary wrote:

> I have always thought that by putting some simple, readable ttext into a
> graphic (eg.apple) and asking people to type it in a space, that would work,
> but that does not stop the humans..
>
> Gary
>
>
> "Philip Thompson" wrote in message
> news:9BF33458-4A91-4A23-BCB8-EBE13269F0F1@gmail.com...
> > On Oct 20, 2009, at 1:48 PM, Gary wrote:
> >
> >> NO I have not, I think my issue is I hate when I run across one, it
> >> usually
> >> takes me more than one try to actually figure out what the charactor is,
> >> so
> >> hence my disdain.
> >>
> >>
> >> GAry
> >
> > Here are some captchas:
> >
> > "What's three minus two?"
> > "Which word is listed first in the dictionary: apple, banana, pizza?"
> > "Add 4 plus 5"
> >
> > Create a list of simple questions that only humans can answer. I find
> > these to be less annoying.
> >
> > ~Philip
> >
> >
> >> "Paul M Foster" wrote in message
> >> news:20091020184001.GI3163@quillandmouse.com...
> >>> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote:
> >>>
> >>>> I have several sites that are getting hit with form spam. I have the
> >>>> script
> >>>> set up to capture the IP address so I know from where they come. I
> >>>> found
> >>>> a
> >>>> short script that is supposed to stop these IP addresses from
> >>>> accessing
> >>>> the
> >>>> form page, it redirects the spammer to another page (I was going to
> >>>> redirect
> >>>> to a page that has lots of pop-ups, scantily clad men and offers of
> >>>> joy
> >>>> beyond imagination), but someone suggested I redirect to the Federal
> >>>> Trade
> >>>> Commission or perhpas the FBI.
> >>>>
> >>>> Any thoughts on the script and its effectivness?
> >>>>
> >>>> > >>>> $deny = array("111.111.111", "222.222.222", "333.333.333");
> >>>> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
> >>>> header("location: http://www.google.com/");
> >>>> exit();
> >>>> } ?>Gary
> >>>>
> >>>
> >>> Have you tried CAPTCHA?
> >>>
> >>> Paul
> >
> > __________ Information from ESET Smart Security, version of virus
> > signature database 4534 (20091022) __________
> >
> > The message was checked by ESET Smart Security.
> >
> > http://www.eset.com
> >
> >
> >
>
>
>
> __________ Information from ESET Smart Security, version of virus signature database 4534 (20091022) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>


Won't stop a bot worth it's salt either, hence the need for more complex
and confusing captchas. The best way to stop spam, is to use linguistic
testing on the content being offered, which protects against bot and
human spammer alike.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-lZ0yGXBkWLRXso9YZTdd--

Re: Spam opinions please

Ashley Sheridan wrote:
>
>
> Won't stop a bot worth it's salt either, hence the need for more complex
> and confusing captchas. The best way to stop spam, is to use linguistic
> testing on the content being offered, which protects against bot and
> human spammer alike.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>

Unfortunately, it might also confound someone who doesn't speak the language.
Admittedly, they would probably already be struggling with the rest of the site...

I guess locale-dependent captchas are a possibility.


--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Spam opinions please

--=-Wj0WbUOrhZICJYJ4hMdO
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Fri, 2009-10-23 at 08:55 +0100, Peter Ford wrote:

> Ashley Sheridan wrote:
> >
> >
> > Won't stop a bot worth it's salt either, hence the need for more complex
> > and confusing captchas. The best way to stop spam, is to use linguistic
> > testing on the content being offered, which protects against bot and
> > human spammer alike.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> >
>
> Unfortunately, it might also confound someone who doesn't speak the language.
> Admittedly, they would probably already be struggling with the rest of the site...
>
> I guess locale-dependent captchas are a possibility.
>
>
> --
> Peter Ford phone: 01580 893333
> Developer fax: 01580 893399
> Justcroft International Ltd., Staplehurst, Kent
>


I'm not talking about language problems for the user to solve. This
question originally started by the op asking for solutions to human
spam, but most of what I've seen so far in the thread is all about how
to stop bots. By Linguistic analysis, I'm talking about passing the user
offered content through a filter to check for the probability that it is
spam. This goes beyond just looking for spammy words by looking at the
relationship between words, frequency of words, and much more. It's very
complex, but by the end of it, each post gets a rating value, which can
be used as part of a threshold to reach in order to have a post
automatically verified.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-Wj0WbUOrhZICJYJ4hMdO--