Re: [PHP] Form Spam
I have a honey pot on their already. Plus all the fields are correctly matched (first name to first name, comments to comments), which is what makes me think this is some .45 @ hour spammer just hunting and pecking from a hut in india. "Adam Randall" wrote in message news:b6d6f8360908200953s7b68ed13xe05fa7ab7ad1c...@mail.gmail.com... I was getting those as well on my website's form, so I added a honeypot field and a math question (I'm not overly fond of captchas for my own stuff, but anyway). The field itself is hidden, so bots will fill it out causing the e-mail sending routine to bail out (though they don't know that since it looks like it was sent :) That's assuming that they were able to figure out the math question before hand. Maybe not fort knox, but it does help out for me at least. Adam. On Thu, Aug 20, 2009 at 6:11 AM, Gary wrote: > I have a client with a form on his site and he is getting spammed. It > appears not to be from bots but human generated. While they are coming > from > India, they do not all have the same IP address, but they all have gmail > addresses, New York addresses are used in the input field and they all > offer SEO services. It is not overwhleming, but about 5 a month. > > What is the best way to stop this. > > Thanks > > Gary > > > > __ Information from ESET Smart Security, version of virus > signature database 4351 (20090820) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Adam Randall http://www.xaren.net AIM: blitz574 __ Information from ESET Smart Security, version of virus signature database 4351 (20090820) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4351 (20090820) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Spam
I was getting those as well on my website's form, so I added a honeypot field and a math question (I'm not overly fond of captchas for my own stuff, but anyway). The field itself is hidden, so bots will fill it out causing the e-mail sending routine to bail out (though they don't know that since it looks like it was sent :) That's assuming that they were able to figure out the math question before hand. Maybe not fort knox, but it does help out for me at least. Adam. On Thu, Aug 20, 2009 at 6:11 AM, Gary wrote: > I have a client with a form on his site and he is getting spammed. It > appears not to be from bots but human generated. While they are coming from > India, they do not all have the same IP address, but they all have gmail > addresses, New York addresses are used in the input field and they all > offer SEO services. It is not overwhleming, but about 5 a month. > > What is the best way to stop this. > > Thanks > > Gary > > > > __ Information from ESET Smart Security, version of virus signature > database 4351 (20090820) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Adam Randall http://www.xaren.net AIM: blitz574 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Spam
On Thu, 20 Aug 2009 09:11:47 -0400 "Gary" wrote: > I have a client with a form on his site and he is getting spammed. > It appears not to be from bots but human generated. While they are > coming from India, they do not all have the same IP address, but they > all have gmail addresses, New York addresses are used in the input > field and they all offer SEO services. It is not overwhleming, but > about 5 a month. > > What is the best way to stop this. > > Thanks > > Gary > One of the things you could check is if they do direct posting. What I mean by that if that sometimes a POST URL only is send. They figured out the fields you have in your form and directly send a POST with the appropriate fields. You could check this in the webserver logs. Just look for the IP and see if it only has a POST URL. If this is the case you could implement a nonce on your form and check it during the processing of the post. A second idea is to check the IP of the visitor during the POST process, with something like stopforumspam or project honey pot. If you want more info let me know. -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Blog: http://blog.avirtualhome.com Forums: http://forums.avirtualhome.com Jabber ID: pvanderd...@gmail.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Spam
On Thu, Aug 20, 2009 at 10:25:15AM -0400, Gary wrote: > There is plenty of commonaltiy in the submissions, all ip addresses start > with an 122. They all offer SEO services, but change the wording, so if I > tried to bannish any submissions with Search Engine, Ranking, Google etc, > they would probably just shift messages. There are also special charactors > in the messages, although I am not sure if that is just a foreign charactor > that is being translated. > > I also noticed that one of the messages start with "\ and end with \", which > I assume is put in to beat system. > > I did find on stopforumspam.com this ip address and they had whois > information, it points to india. There is also a "report abuse" to the ISP, > but I wonder if that is just another trap. > > Any thoughts would be appriciated. I wouldn't spend a lot of time on this. If this is the worst your customer has to deal with, they're doing okay. They could simply block these at their mail client on their local machine. Ashley's suggestion is the best solution. If I ever see spam on any form of mine or my customers', I immediately implement CAPTCHA to block it. This may not block human-generated spam, but human-generated spam is a huge minority because it's so labor-intensive. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Spam
There is plenty of commonaltiy in the submissions, all ip addresses start with an 122. They all offer SEO services, but change the wording, so if I tried to bannish any submissions with Search Engine, Ranking, Google etc, they would probably just shift messages. There are also special charactors in the messages, although I am not sure if that is just a foreign charactor that is being translated. I also noticed that one of the messages start with "\ and end with \", which I assume is put in to beat system. I did find on stopforumspam.com this ip address and they had whois information, it points to india. There is also a "report abuse" to the ISP, but I wonder if that is just another trap. Any thoughts would be appriciated. Gary "Ashley Sheridan" wrote in message news:1250774581.10895.54.ca...@localhost... > On Thu, 2009-08-20 at 09:11 -0400, Gary wrote: >> I have a client with a form on his site and he is getting spammed. It >> appears not to be from bots but human generated. While they are coming >> from >> India, they do not all have the same IP address, but they all have gmail >> addresses, New York addresses are used in the input field and they all >> offer SEO services. It is not overwhleming, but about 5 a month. >> >> What is the best way to stop this. >> >> Thanks >> >> Gary >> >> >> >> __ Information from ESET Smart Security, version of virus >> signature database 4351 (20090820) __ >> >> The message was checked by ESET Smart Security. >> >> http://www.eset.com >> >> >> >> >> > > To ensure that it isn't bots, maybe look at adding some sort captcha. > > As it is quite infrequent, the chances are that it is a human scumbag. > Is there anything common to the spam posts that you can see? What about > looking for that prior to the post being added. If you find it, then set > a flag in the database next to that post and record the IP address of > whoever made it. Then, if someone visits with that IP address, show them > the post as if there was no problem, but only to that IP, giving you a > chance of verifying the legitimacy of the post before it goes live to > everyone. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > > > __ Information from ESET Smart Security, version of virus > signature database 4351 (20090820) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4351 (20090820) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Form Spam
On Thu, 2009-08-20 at 09:11 -0400, Gary wrote: > I have a client with a form on his site and he is getting spammed. It > appears not to be from bots but human generated. While they are coming from > India, they do not all have the same IP address, but they all have gmail > addresses, New York addresses are used in the input field and they all > offer SEO services. It is not overwhleming, but about 5 a month. > > What is the best way to stop this. > > Thanks > > Gary > > > > __ Information from ESET Smart Security, version of virus signature > database 4351 (20090820) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > To ensure that it isn't bots, maybe look at adding some sort captcha. As it is quite infrequent, the chances are that it is a human scumbag. Is there anything common to the spam posts that you can see? What about looking for that prior to the post being added. If you find it, then set a flag in the database next to that post and record the IP address of whoever made it. Then, if someone visits with that IP address, show them the post as if there was no problem, but only to that IP, giving you a chance of verifying the legitimacy of the post before it goes live to everyone. Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Form Spam
I have a client with a form on his site and he is getting spammed. It appears not to be from bots but human generated. While they are coming from India, they do not all have the same IP address, but they all have gmail addresses, New York addresses are used in the input field and they all offer SEO services. It is not overwhleming, but about 5 a month. What is the best way to stop this. Thanks Gary __ Information from ESET Smart Security, version of virus signature database 4351 (20090820) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php