On Thu, 20 Aug 2009 09:11:47 -0400
"Gary" <gwp...@ptd.net> wrote:

> I have a client with a form on his site and he is getting spammed.
> It appears not to be from bots but human generated.  While they are
> coming from India, they do not all have the same IP address, but they
> all have gmail addresses, New York  addresses are used in the input
> field and they all offer SEO services.  It is not overwhleming, but
> about 5 a month.
> What is the best way to stop this.
> Thanks
> Gary 

One of the things you could check is if they do direct posting.
What I mean by that if that sometimes a POST URL only is send. They
figured out the fields you have in your form and directly send a POST
with the appropriate fields.
You could check this in the webserver logs. Just look for the IP and
see if it only has a POST URL.

If this is the case you could implement a nonce on your form and check
it during the processing of the post.

A second idea is to check the IP of the visitor during the POST
process, with something like stopforumspam or project honey pot.

If you want more info let me know.

Peter van der Does

GPG key: E77E8E98
IRC: Ganseki on irc.freenode.net
Blog: http://blog.avirtualhome.com
Forums: http://forums.avirtualhome.com
Jabber ID: pvanderd...@gmail.com

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to