Re: [PHP] IP Address Filtering - Problem Continues
Ave, I had to eliminate that option because his IP is varying drastically. There is no range, it's just drastically varying. I wouldn't be surprised if he's using an IP Spoofing script/program etcetera. On 4/5/06 11:16 AM, Jay Blanchard [EMAIL PROTECTED] wrote: You could always block a range of IP addresses, but you may cut out a legitimate user. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Rahul S. Johari Coordinator, Internet Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: [EMAIL PROTECTED] http://www.informed-sources.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering - Problem Continues
Ave, I'm being left with lesser and lesser choices then to try CAPCHTA. I'm gonna look into it now and see if I need to implement this now. Thanks. On 4/5/06 3:52 PM, tedd [EMAIL PROTECTED] wrote: disclaimer Not that I promote CAPCHTA, but there are simple solutions that will slow down some spam while allowing some with vision problems to pass, such as -- http://www.xn--ovg.com/captcha -- namely, the graphic selection demo. Granted it's not the best, it doesn't solve everything, and I never said it did (at least no one can prove it) -- so don't whack me for it -- it's just a suggestion. /disclaimer tedd Rahul S. Johari Coordinator, Internet Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: [EMAIL PROTECTED] http://www.informed-sources.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] IP Address Filtering - Problem Continues
[snip] The problem is, the spammer is using multiple IP Address. His IP Address changes every 6 - 8 entries. I have so far recorded 5 different IP Addresses of the spammer. Although I can create a Database and keep adding his IP Address to the database, and run a check from the Guestbook script to scan against Blocked Addresses, It¹s not the most efficient method in the world. What other logic can I apply to automatically block the spammer? Or at least have a more efficient method of blocking the Spammer and his IP¹s? [/snip] You could always block a range of IP addresses, but you may cut out a legitimate user. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering - Problem Continues
Jay Blanchard wrote: [snip] The problem is, the spammer is using multiple IP Address. His IP Address changes every 6 - 8 entries. I have so far recorded 5 different IP Addresses of the spammer. Although I can create a Database and keep adding his IP Address to the database, and run a check from the Guestbook script to scan against Blocked Addresses, It¹s not the most efficient method in the world. What other logic can I apply to automatically block the spammer? Or at least have a more efficient method of blocking the Spammer and his IP¹s? [/snip] You could always block a range of IP addresses, but you may cut out a legitimate user. I'm missing the beginning of this thread so maybe it's be mentioned before but is an image CAPTCHA not an option? (and yes I know the accesibility arguments against using CAPTCHA, and the fact that crap CAPCHTA can be broken by image recognition tools - but my pragmatic feeling is that it's often better than a bucket load of SPAM.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering - Problem Continues
At 5:58 PM +0200 4/5/06, Jochem Maas wrote: Jay Blanchard wrote: [snip] The problem is, the spammer is using multiple IP Address. His IP Address changes every 6 - 8 entries. I have so far recorded 5 different IP Addresses of the spammer. Although I can create a Database and keep adding his IP Address to the database, and run a check from the Guestbook script to scan against Blocked Addresses, It's not the most efficient method in the world. What other logic can I apply to automatically block the spammer? Or at least have a more efficient method of blocking the Spammer and his IP's? [/snip] You could always block a range of IP addresses, but you may cut out a legitimate user. I'm missing the beginning of this thread so maybe it's be mentioned before but is an image CAPTCHA not an option? (and yes I know the accesibility arguments against using CAPTCHA, and the fact that crap CAPCHTA can be broken by image recognition tools - but my pragmatic feeling is that it's often better than a bucket load of SPAM.) disclaimer Not that I promote CAPCHTA, but there are simple solutions that will slow down some spam while allowing some with vision problems to pass, such as -- http://www.xn--ovg.com/captcha -- namely, the graphic selection demo. Granted it's not the best, it doesn't solve everything, and I never said it did (at least no one can prove it) -- so don't whack me for it -- it's just a suggestion. /disclaimer tedd -- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
Ave, I have to say I absolutely love your idea! It¹s probably a solution for my problem, at the same time, like the other guy said, freaking hilarious!!! :0) I think I¹ll probably write up a script that displays everything except records with NULL as IP for regular audience... And displays all records with NULL as IP for audience who¹s IP is recorded as NULL. Thanks! Rahul S. Johari Coordinator, Internet Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: [EMAIL PROTECTED] http://www.informed-sources.com On 3/29/06 4:13 PM, Joe Harman [EMAIL PROTECTED] wrote: if you really want to mess with them.. only show the user with the NULL IP address all the spam posts.. .make them think that they've been successful On 3/29/06, Rahul S. Johari [EMAIL PROTECTED] wrote: -- Joe Harman - * My programs never have bugs, they just develop random features. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
Rahul S. Johari wrote: Ave, I have to say I absolutely love your idea! It¹s probably a solution for my problem, at the same time, like the other guy said, freaking hilarious!!! :0) I think I¹ll probably write up a script that displays everything except records with NULL as IP for regular audience... And displays all records with NULL as IP for audience who¹s IP is recorded as NULL. Thanks! Could ipv6 make problems here? If apache or similiar apps don't recognize it you also will get NULL. Greets Barry -- Smileys rule (cX.x)C --o(^_^o) Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
Ave, Curt, thanks for your response. Is this a common guestbook, like a 3rd party tool you got and added to the web site? If so, do they already have a solution in place with an add-on or such. No, actually it's a script I have written myself from scratch. And unfortunately (or fortunately perhaps), I haven't ever run into this problem before. You really want to use $_SERVER['REMOTE_ADDR']; That is should, I agree! A common method (now adays) is have the form that is being posted provide a challange/response method (like CAPTCHA) to verify that someone is actually sitting there filling out the form instead of a script doing the work. One of the problems with this method is well it limits your visually impared audience from being able to add to the guestbook, since it requires a visual response to the challenge. Another method is to require javascript for a challenge response method, this of course limits your audience to those who have javascript enabled, and I'm not sure if it really 'visually impared' friendly. I have implemented both those methods in different scripts I have written and maintain across different websites. Visual Confirmation using Image Verification and JavaScript Confirmation. However, I honestly don't want to add such an 'extra' step in my Guestbook for users who simply wish to put in a nice comment about the site, at least not at this point, which is why I do want to stay away from these methods for the Guestbook for now. Let me try a few other suggestions first and see how it goes, and then I'll decide if I need to add more capabilities/security to the Guestbook. Thanks for your insight, always brain-enhancing. Rahul S. Johari Coordinator, Internet Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: [EMAIL PROTECTED] http://www.informed-sources.com
RE: [PHP] IP Address Filtering
I¹ve run into a slight problem. We maintain a Guestbook for our company¹s website. Lately we have been getting a lot of ³Spam² entries into the Guestbook. I added a snippet into the PHP Script a field in the mySQL database to record the IP Address of posters. However, for the SPAM posts, it records ³Null² instead of an IP Address. I¹m using $REMOTE_ADDR to records the IP. It records IP Addresses of any genuine poster... But NULL for the spam poster. What else can I do to block the SPAM entry? Is there some other Unique Identifier that I can record of the Spam poster and then block him? How about block any poster that does not report a valid $REMOTE_ADDR? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
if you really want to mess with them.. only show the user with the NULL IP address all the spam posts.. .make them think that they've been successful On 3/29/06, Rahul S. Johari [EMAIL PROTECTED] wrote: Ave, I¹ve run into a slight problem. We maintain a Guestbook for our company¹s website. Lately we have been getting a lot of ³Spam² entries into the Guestbook. I added a snippet into the PHP Script a field in the mySQL database to record the IP Address of posters. However, for the SPAM posts, it records ³Null² instead of an IP Address. I¹m using $REMOTE_ADDR to records the IP. It records IP Addresses of any genuine poster... But NULL for the spam poster. What else can I do to block the SPAM entry? Is there some other Unique Identifier that I can record of the Spam poster and then block him? Thanks, Rahul S. Johari Coordinator, Internet Administration Informed Marketing Services Inc. 500 Federal Street, Suite 201 Troy NY 12180 Tel: (518) 687-6700 x154 Fax: (518) 687-6799 Email: [EMAIL PROTECTED] http://www.informed-sources.com -- Joe Harman - * My programs never have bugs, they just develop random features. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
Joe Harman wrote: if you really want to mess with them.. only show the user with the NULL IP address all the spam posts.. .make them think that they've been successful Freaking hilarious idea!! Remind me not to let my kids play with yours. :-D Of course, there's probably not any Real People(tm) behind these addys. Kevin Kinsey -- Sentient plasmoids are a gas. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
Good thing I don't have kids! On 3/29/06, Kevin Kinsey [EMAIL PROTECTED] wrote: Joe Harman wrote: if you really want to mess with them.. only show the user with the NULL IP address all the spam posts.. .make them think that they've been successful Freaking hilarious idea!! Remind me not to let my kids play with yours. :-D Of course, there's probably not any Real People(tm) behind these addys. Kevin Kinsey -- Sentient plasmoids are a gas. -- Joe Harman - * My programs never have bugs, they just develop random features. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] IP Address Filtering
On Wed, Mar 29, 2006 at 02:52:39PM -0500, Rahul S. Johari wrote: Ave, I�ve run into a slight problem. We maintain a Guestbook for our company�s website. Lately we have been getting a lot of �Spam� entries into the Guestbook. Is this a common guestbook, like a 3rd party tool you got and added to the web site? If so, do they already have a solution in place with an add-on or such. I added a snippet into the PHP Script a field in the mySQL database to record the IP Address of posters. However, for the SPAM posts, it records �Null� instead of an IP Address. I�m using $REMOTE_ADDR to records the IP. It records IP Addresses of any genuine poster... But NULL for the spam poster. You really want to use $_SERVER['REMOTE_ADDR']; What else can I do to block the SPAM entry? Is there some other Unique Identifier that I can record of the Spam poster and then block him? Well, i'll try to keep this short without going into a big rant about SPAM... A common method (now adays) is have the form that is being posted provide a challange/response method (like CAPTCHA) to verify that someone is actually sitting there filling out the form instead of a script doing the work. One of the problems with this method is well it limits your visually impared audience from being able to add to the guestbook, since it requires a visual response to the challenge. Another method is to require javascript for a challenge response method, this of course limits your audience to those who have javascript enabled, and I'm not sure if it really 'visually impared' friendly. Even with those two methods, all we are doing is securing the form from spam by obscurity. Even if it sounds like these ideas are good because it will remove the un-needed spam i get. Consider this: Email gets prbably the worst spam, and there are several applications that go out and harvest emails for spamming purposes. So we all think hey they are looking form: [EMAIL PROTECTED] ... so thus we think, lets not write it that way but make it so a person can read it. So now we enter this so it isn't harvested: user [at] domain [dot] com now, if you think about this for a moment, if everyone used the latter format to write their emails on the web, would it not be easy for a email harvester to come up with a little regex to read either or? Ok, i promised not to rant to much about spam, so yeah, this is a tuff thing to get around and very hard to find a realistic solution for. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
