On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan
<a...@ashleysheridan.co.uk> wrote:
> On Tue, 2009-10-20 at 21:01 +0200, John Black wrote:
>> Gary wrote:
>> > I believe they are human spammers as all the input fields are correctly
>> > filled out (phone in phone, address in address etc).
>> > As I said they are mostly the same IP.
>> > Would it be better to include this script in the processing script rather
>> > than at the top of the page?
>> If it is fixed list of IPs you could add them to the .htaccess file like
>> this:
>> order allow,deny
>> deny from xxx.xxx.xxx.xxx
>> allow from all
>> This way it is handled by your webserver and you don't need to run a
>> script on every page.
>> Keep in mind that a lot of comment spam is sent out from infected
>> machines. So if the IPs belong to a big ISP it is possible to block a
>> lot of users if you block the proxy.
>> Check the IPs via Arin to be sure
>> http://ws.arin.net/whois/
>> I have noticed that a blocked spammer will sometimes reconnect from a
>> totally different IP and resubmit the same information.
>> Regarding the properly filled out forms, spam bots are pretty good about
>> placing valid data into the correct fields, some are better then others.
>> --
>> John
> I'd go with this method if you can, as it will take quite a load off of
> your servers. However, try not to be too liberal with it, as it may end
> up preventing genuine access if the spammers are coming from dynamic IP
> addresses.
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk

Add a hidden field that should not hold a value. Spam bots will try to
fill all fields with that value, so if there is one send back a 404
message to the bot and dump the record



Cat, the other other white meat

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to