Re: [PHP] Beneficial site spamming framework
On Sat, Oct 13, 2012 at 5:10 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: It was only your replies coming through so often, so I doubt its my end. Also, the newsgroup is the same thing as the mailing list I believe, in this instance. Hmm I only got each reply once as well, so I'm not entirely convinced it's an issue with Maciek's setup. Ash, you don't happen to have any misfiring forwarders or multiple addresses subscribed, do you? -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
Daniel Brown danbr...@php.net wrote: On Sat, Oct 13, 2012 at 5:10 PM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: It was only your replies coming through so often, so I doubt its my end. Also, the newsgroup is the same thing as the mailing list I believe, in this instance. Hmm I only got each reply once as well, so I'm not entirely convinced it's an issue with Maciek's setup. Ash, you don't happen to have any misfiring forwarders or multiple addresses subscribed, do you? Nope, it was just that one email I received 5 times. Guess it was a hiccup somewhere along the lines... -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
On 13-10-2012 01:55, Ashley Sheridan wrote: On Fri, 2012-10-12 at 01:59 +0200, Maciek Sokolewicz wrote: On 11-10-2012 22:18, Ashley Sheridan wrote: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. I've recently looked into the more modern captcha systems. I personally can't stand the standard captcha of having to decipher what characters are present on a distorted image. The last few years I've noticed that more and more often I can't decipher what an image is supposed to say. And after a few tries of unsuccesful replying what the image says, I just give up. This seems to be a reverse-Turing-test by now. Computers being able to guess better than humans. Anyway, I wrote my own captcha system. I've noticed that simple things like what is the capital of the USA? and then being able to choose Hong-Kong, Washington or Rome or a question like Is water wet or dry? work very very well. Just make up a bunch of these, and then randomly pick one to have people answer on your blog. It completely stopped registration spam on my forum. Simply because bots don't understand such questions. - Tul There's a slight irony that this message got posted to the list 5 times, given the topic :p Haha, good point. I forgot to remove half of the reply-to addresses from the message (thus sending it to both the newsgroup and the mailinglist); still that should send it only twice, not 5 times(??). Oh well... :) - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
On Sat, 2012-10-13 at 08:57 +0200, Maciek Sokolewicz wrote: On 13-10-2012 01:55, Ashley Sheridan wrote: On Fri, 2012-10-12 at 01:59 +0200, Maciek Sokolewicz wrote: On 11-10-2012 22:18, Ashley Sheridan wrote: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. I've recently looked into the more modern captcha systems. I personally can't stand the standard captcha of having to decipher what characters are present on a distorted image. The last few years I've noticed that more and more often I can't decipher what an image is supposed to say. And after a few tries of unsuccesful replying what the image says, I just give up. This seems to be a reverse-Turing-test by now. Computers being able to guess better than humans. Anyway, I wrote my own captcha system. I've noticed that simple things like what is the capital of the USA? and then being able to choose Hong-Kong, Washington or Rome or a question like Is water wet or dry? work very very well. Just make up a bunch of these, and then randomly pick one to have people answer on your blog. It completely stopped registration spam on my forum. Simply because bots don't understand such questions. - Tul There's a slight irony that this message got posted to the list 5 times, given the topic :p Haha, good point. I forgot to remove half of the reply-to addresses from the message (thus sending it to both the newsgroup and the mailinglist); still that should send it only twice, not 5 times(??). Oh well... :) - Tul I think it might be an issue with your email client/server, as this one just came through 3 times too! -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Beneficial site spamming framework
On 13-10-2012 09:24, Ashley Sheridan wrote: I think it might be an issue with your email client/server, as this one just came through 3 times too! That is very odd, because it only shows up once in the newsgroup, only once in my own mailclient (Thunderbird) and only once in the archives of marc.info. Are you sure the problem isn't on your end? Perhaps someone else could confirm/deny the recieving of my previous message to the list 3x? I'm willing to try and fix whatever might be causing it, but I can't really find any proof of anything going wrong? - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
Maciek Sokolewicz maciek.sokolew...@gmail.com wrote: On 13-10-2012 09:24, Ashley Sheridan wrote: I think it might be an issue with your email client/server, as this one just came through 3 times too! That is very odd, because it only shows up once in the newsgroup, only once in my own mailclient (Thunderbird) and only once in the archives of marc.info. Are you sure the problem isn't on your end? Perhaps someone else could confirm/deny the recieving of my previous message to the list 3x? I'm willing to try and fix whatever might be causing it, but I can't really find any proof of anything going wrong? - Tul It was only your replies coming through so often, so I doubt its my end. Also, the newsgroup is the same thing as the mailing list I believe, in this instance. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
On Fri, 2012-10-12 at 01:59 +0200, Maciek Sokolewicz wrote: On 11-10-2012 22:18, Ashley Sheridan wrote: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. I've recently looked into the more modern captcha systems. I personally can't stand the standard captcha of having to decipher what characters are present on a distorted image. The last few years I've noticed that more and more often I can't decipher what an image is supposed to say. And after a few tries of unsuccesful replying what the image says, I just give up. This seems to be a reverse-Turing-test by now. Computers being able to guess better than humans. Anyway, I wrote my own captcha system. I've noticed that simple things like what is the capital of the USA? and then being able to choose Hong-Kong, Washington or Rome or a question like Is water wet or dry? work very very well. Just make up a bunch of these, and then randomly pick one to have people answer on your blog. It completely stopped registration spam on my forum. Simply because bots don't understand such questions. - Tul There's a slight irony that this message got posted to the list 5 times, given the topic :p -- Thanks, Ash http://www.ashleysheridan.co.uk
[PHP] Beneficial site spamming framework
Folks: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
while true; do curl -X POST --data field=valuefield1=value1 http://myblog.com/comment.php; done Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Oct 11, 2012, at 4:07 PM, Paul M Foster pa...@quillandmouse.com wrote: Folks: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
Joshua Kehn j...@kehn.us wrote: while true; do curl -X POST --data field=valuefield1=value1 http://myblog.com/comment.php; done Best, –Josh Joshua Kehn | @joshkehn http://joshuakehn.com On Oct 11, 2012, at 4:07 PM, Paul M Foster pa...@quillandmouse.com wrote: Folks: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
On 11-10-2012 22:18, Ashley Sheridan wrote: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. I've recently looked into the more modern captcha systems. I personally can't stand the standard captcha of having to decipher what characters are present on a distorted image. The last few years I've noticed that more and more often I can't decipher what an image is supposed to say. And after a few tries of unsuccesful replying what the image says, I just give up. This seems to be a reverse-Turing-test by now. Computers being able to guess better than humans. Anyway, I wrote my own captcha system. I've noticed that simple things like what is the capital of the USA? and then being able to choose Hong-Kong, Washington or Rome or a question like Is water wet or dry? work very very well. Just make up a bunch of these, and then randomly pick one to have people answer on your blog. It completely stopped registration spam on my forum. Simply because bots don't understand such questions. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Beneficial site spamming framework
On Thu, Oct 11, 2012 at 6:59 PM, Maciek Sokolewicz tula...@php.net wrote: On 11-10-2012 22:18, Ashley Sheridan wrote: I've been getting spam comments on my personal blog (runs on self-written PHP blog software). I'd like to test some methods I've devised to prevent or block it. Does anyone know of a very lightweight framework for simulating an automated form fill-out on a site? Something where you could just add some code to designate the site for the attack and then what fields you wanted to send? This should be a relatively simple task for PHP and curl, but I'm not really familiar with the headers and that part of the HTTP conversation. Yes, I know this is a risky question for a public list. Feel free to contact me privately if you think the answer shouldn't be in the archives of a public list. Likewise, if you can point me to a source of quickly absorbable research on the subject. I frankly don't know how I'd google such a thing. Paul -- Paul M. Foster http://noferblatz.com http://quillandmouse.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php To avoid having to create your own anti-spam system, I recommend Akismet, which weights posts allowing you to set a rejection threshold. The great thing is that it is constantly improving over time. I've recently looked into the more modern captcha systems. I personally can't stand the standard captcha of having to decipher what characters are present on a distorted image. The last few years I've noticed that more and more often I can't decipher what an image is supposed to say. And after a few tries of unsuccesful replying what the image says, I just give up. This seems to be a reverse-Turing-test by now. Computers being able to guess better than humans. Anyway, I wrote my own captcha system. I've noticed that simple things like what is the capital of the USA? and then being able to choose Hong-Kong, Washington or Rome or a question like Is water wet or dry? work very very well. Just make up a bunch of these, and then randomly pick one to have people answer on your blog. It completely stopped registration spam on my forum. Simply because bots don't understand such questions. - Tul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php The reCAPTCHA de facto standard most sites use is painful for many of us. Many times I cannot decipher the visual words, and the audio version is quite impossible for me to figure out. The http://textcaptcha.com/ site has some very good ideas about using captchas, and even *more* insight into why you might not need them at all: http://textcaptcha.com/really and http://textcaptcha.com/why offer great explanations and ideas. The method Tul describes above is very much in line with what they are proposing and offering as a service, should one need one. I run a few public wikis, and amazingly have never had a spam problem. The wiki is locked to editing, however, the guest user and password are shown in plain text right on the login page. Even the commenting system, which is open to anyone, doesn't ever get any spam, and the sekrit code you have to enter is printed right in front of the box in plain text. The extent to which some people think they need to go to avoid spam are largely wasted, I feel. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
