Re: [PHP] Spam opinions please
On Fri, 2009-10-23 at 08:55 +0100, Peter Ford wrote: > Ashley Sheridan wrote: > > > > > > Won't stop a bot worth it's salt either, hence the need for more complex > > and confusing captchas. The best way to stop spam, is to use linguistic > > testing on the content being offered, which protects against bot and > > human spammer alike. > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > > > Unfortunately, it might also confound someone who doesn't speak the language. > Admittedly, they would probably already be struggling with the rest of the > site... > > I guess locale-dependent captchas are a possibility. > > > -- > Peter Ford phone: 01580 89 > Developer fax: 01580 893399 > Justcroft International Ltd., Staplehurst, Kent > I'm not talking about language problems for the user to solve. This question originally started by the op asking for solutions to human spam, but most of what I've seen so far in the thread is all about how to stop bots. By Linguistic analysis, I'm talking about passing the user offered content through a filter to check for the probability that it is spam. This goes beyond just looking for spammy words by looking at the relationship between words, frequency of words, and much more. It's very complex, but by the end of it, each post gets a rating value, which can be used as part of a threshold to reach in order to have a post automatically verified. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
Ashley Sheridan wrote: > > > Won't stop a bot worth it's salt either, hence the need for more complex > and confusing captchas. The best way to stop spam, is to use linguistic > testing on the content being offered, which protects against bot and > human spammer alike. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > Unfortunately, it might also confound someone who doesn't speak the language. Admittedly, they would probably already be struggling with the rest of the site... I guess locale-dependent captchas are a possibility. -- Peter Ford phone: 01580 89 Developer fax: 01580 893399 Justcroft International Ltd., Staplehurst, Kent -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Thu, 2009-10-22 at 19:39 -0400, Gary wrote: > I have always thought that by putting some simple, readable ttext into a > graphic (eg.apple) and asking people to type it in a space, that would work, > but that does not stop the humans.. > > Gary > > > "Philip Thompson" wrote in message > news:9bf33458-4a91-4a23-bcb8-ebe13269f...@gmail.com... > > On Oct 20, 2009, at 1:48 PM, Gary wrote: > > > >> NO I have not, I think my issue is I hate when I run across one, it > >> usually > >> takes me more than one try to actually figure out what the charactor is, > >> so > >> hence my disdain. > >> > >> > >> GAry > > > > Here are some captchas: > > > > "What's three minus two?" > > "Which word is listed first in the dictionary: apple, banana, pizza?" > > "Add 4 plus 5" > > > > Create a list of simple questions that only humans can answer. I find > > these to be less annoying. > > > > ~Philip > > > > > >> "Paul M Foster" wrote in message > >> news:20091020184001.gi3...@quillandmouse.com... > >>> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote: > >>> > I have several sites that are getting hit with form spam. I have the > script > set up to capture the IP address so I know from where they come. I > found > a > short script that is supposed to stop these IP addresses from > accessing > the > form page, it redirects the spammer to another page (I was going to > redirect > to a page that has lots of pop-ups, scantily clad men and offers of > joy > beyond imagination), but someone suggested I redirect to the Federal > Trade > Commission or perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { > header("location: http://www.google.com/";); > exit(); > } ?>Gary > > >>> > >>> Have you tried CAPTCHA? > >>> > >>> Paul > > > > __ Information from ESET Smart Security, version of virus > > signature database 4534 (20091022) __ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > > > __ Information from ESET Smart Security, version of virus signature > database 4534 (20091022) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > Won't stop a bot worth it's salt either, hence the need for more complex and confusing captchas. The best way to stop spam, is to use linguistic testing on the content being offered, which protects against bot and human spammer alike. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
I have always thought that by putting some simple, readable ttext into a graphic (eg.apple) and asking people to type it in a space, that would work, but that does not stop the humans.. Gary "Philip Thompson" wrote in message news:9bf33458-4a91-4a23-bcb8-ebe13269f...@gmail.com... > On Oct 20, 2009, at 1:48 PM, Gary wrote: > >> NO I have not, I think my issue is I hate when I run across one, it >> usually >> takes me more than one try to actually figure out what the charactor is, >> so >> hence my disdain. >> >> >> GAry > > Here are some captchas: > > "What's three minus two?" > "Which word is listed first in the dictionary: apple, banana, pizza?" > "Add 4 plus 5" > > Create a list of simple questions that only humans can answer. I find > these to be less annoying. > > ~Philip > > >> "Paul M Foster" wrote in message >> news:20091020184001.gi3...@quillandmouse.com... >>> On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote: >>> I have several sites that are getting hit with form spam. I have the script set up to capture the IP address so I know from where they come. I found a short script that is supposed to stop these IP addresses from accessing the form page, it redirects the spammer to another page (I was going to redirect to a page that has lots of pop-ups, scantily clad men and offers of joy beyond imagination), but someone suggested I redirect to the Federal Trade Commission or perhpas the FBI. Any thoughts on the script and its effectivness? >>> $deny = array("111.111.111", "222.222.222", "333.333.333"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: http://www.google.com/";); exit(); } ?>Gary >>> >>> Have you tried CAPTCHA? >>> >>> Paul > > __ Information from ESET Smart Security, version of virus > signature database 4534 (20091022) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4534 (20091022) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Oct 20, 2009, at 1:48 PM, Gary wrote: NO I have not, I think my issue is I hate when I run across one, it usually takes me more than one try to actually figure out what the charactor is, so hence my disdain. GAry Here are some captchas: "What's three minus two?" "Which word is listed first in the dictionary: apple, banana, pizza?" "Add 4 plus 5" Create a list of simple questions that only humans can answer. I find these to be less annoying. ~Philip "Paul M Foster" wrote in message news:20091020184001.gi3...@quillandmouse.com... On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote: I have several sites that are getting hit with form spam. I have the script set up to capture the IP address so I know from where they come. I found a short script that is supposed to stop these IP addresses from accessing the form page, it redirects the spammer to another page (I was going to redirect to a page that has lots of pop-ups, scantily clad men and offers of joy beyond imagination), but someone suggested I redirect to the Federal Trade Commission or perhpas the FBI. Any thoughts on the script and its effectivness? http://www.google.com/";); exit(); } ?>Gary Have you tried CAPTCHA? Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, 2009-10-20 at 23:41 +0200, Kim Madsen wrote: > Gary wrote on 2009-10-20 22:55: > > I like that idea,so in other words they have to get to the form from > > another > > page on the site, and you set a time limit for a minimum amount of time > > they > > spend on the page(5-10 seconds)? > > I don't set any time, just the session to prevent direct hits from a > spam script. But if you wanna improve the solution using a time check > you could save a microtime() value in the session and the test it > against current time on the form page and the have a min. threshold that > is accepted. > > -- > Kind regards > Kim Emax - masterminds.dk > Almost all of the suggestions so far have been to prevent bots, which is great, but the op has mentioned a few times that it's human spammers that are the problem. Have you considered using some sort of language analysis algorithm on the text to determine if it is spam or not, in a way similar to email spam detection. Do a search for 'php spam filters' and there are quite a few different possible options. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
On Tue, 20 Oct 2009 14:31:53 -0400 "Gary" wrote: > I have several sites that are getting hit with form spam. I have the > script set up to capture the IP address so I know from where they > come. I found a short script that is supposed to stop these IP > addresses from accessing the form page, it redirects the spammer to > another page (I was going to redirect to a page that has lots of > pop-ups, scantily clad men and offers of joy beyond imagination), but > someone suggested I redirect to the Federal Trade Commission or > perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { >header("location: http://www.google.com/";); >exit(); > } ?>Gary > > There are several options to stop spammers, although none of them will completely eliminate all spam. For a forum I prefer the .htaccess method. There is a website dedicated to keeping track of forum spammers, http://stopforumspam.com and depending on your forum you could add an anti-spam mod that will query their database. On the site they have mods for phpbb, vBulletin and SMF. I wrote a Python script that uses a Python Library that's also posted on their site. The Python program basically use an Apache log file for the IP's checks them at Stop Forum Spam and adds spam IP in the .htaccess file. I have it set up in cron to run daily. For a little bit more detailed description and the program itself: http://blog.avirtualhome.com/2009/10/08/stop-spammers-in-your-htaccess/ -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Twitter: @petervanderdoes WordPress Plugin Developer Blog: http://blog.avirtualhome.com Forums: http://forums.avirtualhome.com Twitter: @avhsoftware -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
Gary wrote on 2009-10-20 22:55: I like that idea,so in other words they have to get to the form from another page on the site, and you set a time limit for a minimum amount of time they spend on the page(5-10 seconds)? I don't set any time, just the session to prevent direct hits from a spam script. But if you wanna improve the solution using a time check you could save a microtime() value in the session and the test it against current time on the form page and the have a min. threshold that is accepted. -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
I like that idea,so in other words they have to get to the form from another page on the site, and you set a time limit for a minimum amount of time they spend on the page(5-10 seconds)? Gary "Kim Madsen" wrote in message news:4ade206f.6030...@emax.dk... > Hey Gary > > Gary wrote on 2009-10-20 20:31: >> I have several sites that are getting hit with form spam. I have the >> script set up to capture the IP address so I know from where they come. > > I see that a lot suggested CAPTCHA, I don't like those either. > > The IP solution will give you a constant maintaince problem unless you > save the submissions in database and look for similar postings, then > blocks the IPs. Or just block them right away if they suggests the usual > sheiitee like 400 euro casino rewards etc... > > What I've done to fix those issues when I had them was to set a session > var on the frontpage of the site and check on that. If it doesn't exists > when the user enters the page with the form, then I tell them and just > don't show the form. Of course the clever programmer can create a script > that first goes to the frontpage, then the form page, but so far I'm > pretty happy with the solution, no spam for 3 years :-) > > -- > Kind regards > Kim Emax - masterminds.dk > > __ Information from ESET Smart Security, version of virus > signature database 4527 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4527 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
I have a honeypot in there already, another reason I think it is human spam and not da bot. Gary "Bastien Koert" wrote in message news:d7b6cab70910201337v5c18284aya022f48e13943...@mail.gmail.com... > On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan > wrote: >> On Tue, 2009-10-20 at 21:01 +0200, John Black wrote: >> >>> Gary wrote: >>> > I believe they are human spammers as all the input fields are >>> > correctly >>> > filled out (phone in phone, address in address etc). >>> > As I said they are mostly the same IP. >>> > Would it be better to include this script in the processing script >>> > rather >>> > than at the top of the page? >>> >>> >>> If it is fixed list of IPs you could add them to the .htaccess file like >>> this: >>> >>> order allow,deny >>> deny from xxx.xxx.xxx.xxx >>> allow from all >>> >>> This way it is handled by your webserver and you don't need to run a >>> script on every page. >>> >>> Keep in mind that a lot of comment spam is sent out from infected >>> machines. So if the IPs belong to a big ISP it is possible to block a >>> lot of users if you block the proxy. >>> Check the IPs via Arin to be sure >>> http://ws.arin.net/whois/ >>> I have noticed that a blocked spammer will sometimes reconnect from a >>> totally different IP and resubmit the same information. >>> >>> Regarding the properly filled out forms, spam bots are pretty good about >>> placing valid data into the correct fields, some are better then others. >>> >>> -- >>> John >>> >> >> >> I'd go with this method if you can, as it will take quite a load off of >> your servers. However, try not to be too liberal with it, as it may end >> up preventing genuine access if the spammers are coming from dynamic IP >> addresses. >> >> Thanks, >> Ash >> http://www.ashleysheridan.co.uk >> >> >> > > Add a hidden field that should not hold a value. Spam bots will try to > fill all fields with that value, so if there is one send back a 404 > message to the bot and dump the record > > -- > > Bastien > > Cat, the other other white meat > > __ Information from ESET Smart Security, version of virus > signature database 4527 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4527 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
Hey Gary Gary wrote on 2009-10-20 20:31: I have several sites that are getting hit with form spam. I have the script set up to capture the IP address so I know from where they come. I see that a lot suggested CAPTCHA, I don't like those either. The IP solution will give you a constant maintaince problem unless you save the submissions in database and look for similar postings, then blocks the IPs. Or just block them right away if they suggests the usual sheiitee like 400 euro casino rewards etc... What I've done to fix those issues when I had them was to set a session var on the frontpage of the site and check on that. If it doesn't exists when the user enters the page with the form, then I tell them and just don't show the form. Of course the clever programmer can create a script that first goes to the frontpage, then the form page, but so far I'm pretty happy with the solution, no spam for 3 years :-) -- Kind regards Kim Emax - masterminds.dk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan wrote: > On Tue, 2009-10-20 at 21:01 +0200, John Black wrote: > >> Gary wrote: >> > I believe they are human spammers as all the input fields are correctly >> > filled out (phone in phone, address in address etc). >> > As I said they are mostly the same IP. >> > Would it be better to include this script in the processing script rather >> > than at the top of the page? >> >> >> If it is fixed list of IPs you could add them to the .htaccess file like >> this: >> >> order allow,deny >> deny from xxx.xxx.xxx.xxx >> allow from all >> >> This way it is handled by your webserver and you don't need to run a >> script on every page. >> >> Keep in mind that a lot of comment spam is sent out from infected >> machines. So if the IPs belong to a big ISP it is possible to block a >> lot of users if you block the proxy. >> Check the IPs via Arin to be sure >> http://ws.arin.net/whois/ >> I have noticed that a blocked spammer will sometimes reconnect from a >> totally different IP and resubmit the same information. >> >> Regarding the properly filled out forms, spam bots are pretty good about >> placing valid data into the correct fields, some are better then others. >> >> -- >> John >> > > > I'd go with this method if you can, as it will take quite a load off of > your servers. However, try not to be too liberal with it, as it may end > up preventing genuine access if the spammers are coming from dynamic IP > addresses. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > Add a hidden field that should not hold a value. Spam bots will try to fill all fields with that value, so if there is one send back a 404 message to the bot and dump the record -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, 2009-10-20 at 21:01 +0200, John Black wrote: > Gary wrote: > > I believe they are human spammers as all the input fields are correctly > > filled out (phone in phone, address in address etc). > > As I said they are mostly the same IP. > > Would it be better to include this script in the processing script rather > > than at the top of the page? > > > If it is fixed list of IPs you could add them to the .htaccess file like > this: > > order allow,deny > deny from xxx.xxx.xxx.xxx > allow from all > > This way it is handled by your webserver and you don't need to run a > script on every page. > > Keep in mind that a lot of comment spam is sent out from infected > machines. So if the IPs belong to a big ISP it is possible to block a > lot of users if you block the proxy. > Check the IPs via Arin to be sure > http://ws.arin.net/whois/ > I have noticed that a blocked spammer will sometimes reconnect from a > totally different IP and resubmit the same information. > > Regarding the properly filled out forms, spam bots are pretty good about > placing valid data into the correct fields, some are better then others. > > -- > John > I'd go with this method if you can, as it will take quite a load off of your servers. However, try not to be too liberal with it, as it may end up preventing genuine access if the spammers are coming from dynamic IP addresses. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
On Tue, 2009-10-20 at 15:46 -0300, Jonathan Tapicer wrote: > On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan > wrote: > > > > On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote: > > > > That will work just for one IP, but they could spam you from another > > IP. I suggest you add a good captcha to the form and that way you can > > avoid spam forever. > > > > Regards, > > > > Jonathan > > > > Firstly, in_array() is used in his example, so it will look for all the IP > > addresses in the array, not just one. > > > > Secondly, even the best captchas can be got around. Just look at what > > happened to Google a while back. And then what if you make the captcha too > > hard to discern? You'd essentially be breaking the law by impeding hard of > > seeing or blind users... > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > Even if he puts a list or range of IPs he could always be attacked > from an IP not in that list/range. > > About the blind users, he can use recaptcha (recently aquired by > Google), http://recaptcha.net/, which has an audio version captcha. > > I'm not saying that the filter by IP won't work, but it won't be 100% > effective, and a captcha will. > > Regards, > > Jonathan > You still missed the point I made about Googles captcha being circumvented by bots. Also, as he's stated a few times, the entries are made by humans. I know of no captchas which stop only spammers... Thanks, Ash http://www.ashleysheridan.co.uk
RE: [PHP] Spam opinions please
I agree, o good captcha will be better, but the idea to redirect can be better, you can save in db the ip, and send then to fbi in a periodic time. Yuri Yarlei. www.yuriyarlei.net (under construction) Programmer PHP, CSS, Java, PostregreSQL; Today PHP, tomorrow Java, after the world. Kyou wa PHP, ashita wa Java, sono ato sekai desu. > Date: Tue, 20 Oct 2009 15:36:04 -0300 > From: tapi...@gmail.com > To: gwp...@ptd.net > CC: php-general@lists.php.net > Subject: Re: [PHP] Spam opinions please > > That will work just for one IP, but they could spam you from another > IP. I suggest you add a good captcha to the form and that way you can > avoid spam forever. > > Regards, > > Jonathan > > On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote: > > I have several sites that are getting hit with form spam. I have the script > > set up to capture the IP address so I know from where they come. I found a > > short script that is supposed to stop these IP addresses from accessing the > > form page, it redirects the spammer to another page (I was going to redirect > > to a page that has lots of pop-ups, scantily clad men and offers of joy > > beyond imagination), but someone suggested I redirect to the Federal Trade > > Commission or perhpas the FBI. > > > > Any thoughts on the script and its effectivness? > > > > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { > > header("location: http://www.google.com/";); > > exit(); > > } ?>Gary > > > > > > > > __ Information from ESET Smart Security, version of virus signature > > database 4526 (20091020) __ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > _ Acesse o Portal MSN do seu celular e se mantenha sempre atualizado. Clique aqui. http://www.windowslive.com.br/celular/home.asp?utm_source=MSN_Hotmail&utm_medium=Tagline&utm_campaign=MobileServices200908
Re: [PHP] Spam opinions please
Gary wrote: I believe they are human spammers as all the input fields are correctly filled out (phone in phone, address in address etc). As I said they are mostly the same IP. Would it be better to include this script in the processing script rather than at the top of the page? If it is fixed list of IPs you could add them to the .htaccess file like this: order allow,deny deny from xxx.xxx.xxx.xxx allow from all This way it is handled by your webserver and you don't need to run a script on every page. Keep in mind that a lot of comment spam is sent out from infected machines. So if the IPs belong to a big ISP it is possible to block a lot of users if you block the proxy. Check the IPs via Arin to be sure http://ws.arin.net/whois/ I have noticed that a blocked spammer will sometimes reconnect from a totally different IP and resubmit the same information. Regarding the properly filled out forms, spam bots are pretty good about placing valid data into the correct fields, some are better then others. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
I believe they are human spammers as all the input fields are correctly filled out (phone in phone, address in address etc). As I said they are mostly the same IP. Would it be better to include this script in the processing script rather than at the top of the page? Gary "Ashley Sheridan" wrote in message news:1256063819.2359.4.ca...@localhost... > On Tue, 2009-10-20 at 14:31 -0400, Gary wrote: > >> I have several sites that are getting hit with form spam. I have the >> script >> set up to capture the IP address so I know from where they come. I found >> a >> short script that is supposed to stop these IP addresses from accessing >> the >> form page, it redirects the spammer to another page (I was going to >> redirect >> to a page that has lots of pop-ups, scantily clad men and offers of joy >> beyond imagination), but someone suggested I redirect to the Federal >> Trade >> Commission or perhpas the FBI. >> >> Any thoughts on the script and its effectivness? >> >> > $deny = array("111.111.111", "222.222.222", "333.333.333"); >> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { >>header("location: http://www.google.com/";); >>exit(); >> } ?>Gary >> >> >> >> __ Information from ESET Smart Security, version of virus >> signature database 4526 (20091020) __ >> >> The message was checked by ESET Smart Security. >> >> http://www.eset.com >> >> >> >> >> > > > A few things immediately spring to mind: > > How are you being hit? Is it through an automated process (bot) on your > form, or a real person? > If you are being hit from bots, is it from a zombie network or a few > machines? > > If you are being hit by bots from a zombie, then this solution won't > work well, as the list of IP addresses you'll have will be huge, and > will potentially include many of your real visitors who didn't realise > their computer was not their own any more. > > If you are being hit by bots that are not part of a botnet, then > redirecting them to another page is essentially fruitless, as the bots > really don't care. > > If you are being hit by humans, then are the IP addresses always going > to relate to those same persons, or are they part of a dynamic range > that and ISP serves out amongst all of its customers? > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > > > > __ Information from ESET Smart Security, version of virus > signature database 4526 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > __ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
Jonathan Tapicer wrote: I suggest you add a good captcha to the form and that way you can avoid spam forever. You can find a question/answer based CAPTCHA system here. http://www.network-technologies.org/tiny.php?id=1 The system can be used to protect comment forms, email forms or act as a bot trap. The system works by writing the IP of the offender to the .htaccess file, blocking the bot from the entire site. A page is displayed where someone can remove his/her IP from the blocklist and regain access to the page. The class also checks the DNS record before blocking to prevent a good bot, like Googlebot, from being blocked. Comment spam has been reduced to almost zero on all my pages thanks to CAPTCHAv2. The only ones getting through now are the ones submitted by humans. -- John -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
NO I have not, I think my issue is I hate when I run across one, it usually takes me more than one try to actually figure out what the charactor is, so hence my disdain. GAry "Paul M Foster" wrote in message news:20091020184001.gi3...@quillandmouse.com... > On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote: > >> I have several sites that are getting hit with form spam. I have the >> script >> set up to capture the IP address so I know from where they come. I found >> a >> short script that is supposed to stop these IP addresses from accessing >> the >> form page, it redirects the spammer to another page (I was going to >> redirect >> to a page that has lots of pop-ups, scantily clad men and offers of joy >> beyond imagination), but someone suggested I redirect to the Federal >> Trade >> Commission or perhpas the FBI. >> >> Any thoughts on the script and its effectivness? >> >> > $deny = array("111.111.111", "222.222.222", "333.333.333"); >> if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { >>header("location: http://www.google.com/";); >>exit(); >> } ?>Gary >> > > Have you tried CAPTCHA? > > Paul > > -- > Paul M. Foster > > __ Information from ESET Smart Security, version of virus > signature database 4526 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, Oct 20, 2009 at 3:39 PM, Ashley Sheridan wrote: > > On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote: > > That will work just for one IP, but they could spam you from another > IP. I suggest you add a good captcha to the form and that way you can > avoid spam forever. > > Regards, > > Jonathan > > Firstly, in_array() is used in his example, so it will look for all the IP > addresses in the array, not just one. > > Secondly, even the best captchas can be got around. Just look at what > happened to Google a while back. And then what if you make the captcha too > hard to discern? You'd essentially be breaking the law by impeding hard of > seeing or blind users... > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > Even if he puts a list or range of IPs he could always be attacked from an IP not in that list/range. About the blind users, he can use recaptcha (recently aquired by Google), http://recaptcha.net/, which has an audio version captcha. I'm not saying that the filter by IP won't work, but it won't be 100% effective, and a captcha will. Regards, Jonathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, 2009-10-20 at 15:36 -0300, Jonathan Tapicer wrote: > That will work just for one IP, but they could spam you from another > IP. I suggest you add a good captcha to the form and that way you can > avoid spam forever. > > Regards, > > Jonathan Firstly, in_array() is used in his example, so it will look for all the IP addresses in the array, not just one. Secondly, even the best captchas can be got around. Just look at what happened to Google a while back. And then what if you make the captcha too hard to discern? You'd essentially be breaking the law by impeding hard of seeing or blind users... Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
On Tue, Oct 20, 2009 at 02:31:53PM -0400, Gary wrote: > I have several sites that are getting hit with form spam. I have the script > set up to capture the IP address so I know from where they come. I found a > short script that is supposed to stop these IP addresses from accessing the > form page, it redirects the spammer to another page (I was going to redirect > to a page that has lots of pop-ups, scantily clad men and offers of joy > beyond imagination), but someone suggested I redirect to the Federal Trade > Commission or perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { >header("location: http://www.google.com/";); >exit(); > } ?>Gary > Have you tried CAPTCHA? Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
Thanks, and I understand, however I am trying to avoid the captcha if possible. They are all or mostly coming from the same IP which is why I thought this would help. Gary "Jonathan Tapicer" wrote in message news:4603e2db0910201136q5e835193he4abbac75ef11...@mail.gmail.com... That will work just for one IP, but they could spam you from another IP. I suggest you add a good captcha to the form and that way you can avoid spam forever. Regards, Jonathan On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote: > I have several sites that are getting hit with form spam. I have the > script > set up to capture the IP address so I know from where they come. I found a > short script that is supposed to stop these IP addresses from accessing > the > form page, it redirects the spammer to another page (I was going to > redirect > to a page that has lots of pop-ups, scantily clad men and offers of joy > beyond imagination), but someone suggested I redirect to the Federal Trade > Commission or perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { > header("location: http://www.google.com/";); > exit(); > } ?>Gary > > > > __ Information from ESET Smart Security, version of virus > signature database 4526 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > __ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4526 (20091020) __ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Spam opinions please
On Tue, 2009-10-20 at 14:31 -0400, Gary wrote: > I have several sites that are getting hit with form spam. I have the script > set up to capture the IP address so I know from where they come. I found a > short script that is supposed to stop these IP addresses from accessing the > form page, it redirects the spammer to another page (I was going to redirect > to a page that has lots of pop-ups, scantily clad men and offers of joy > beyond imagination), but someone suggested I redirect to the Federal Trade > Commission or perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { >header("location: http://www.google.com/";); >exit(); > } ?>Gary > > > > __ Information from ESET Smart Security, version of virus signature > database 4526 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > A few things immediately spring to mind: How are you being hit? Is it through an automated process (bot) on your form, or a real person? If you are being hit from bots, is it from a zombie network or a few machines? If you are being hit by bots from a zombie, then this solution won't work well, as the list of IP addresses you'll have will be huge, and will potentially include many of your real visitors who didn't realise their computer was not their own any more. If you are being hit by bots that are not part of a botnet, then redirecting them to another page is essentially fruitless, as the bots really don't care. If you are being hit by humans, then are the IP addresses always going to relate to those same persons, or are they part of a dynamic range that and ISP serves out amongst all of its customers? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Spam opinions please
On Tue, Oct 20, 2009 at 2:36 PM, Jonathan Tapicer wrote: > That will work just for one IP, but they could spam you from another > IP. I suggest you add a good captcha to the form and that way you can > avoid spam forever. > > Regards, > > Jonathan > > On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote: > > I have several sites that are getting hit with form spam. I have the > script > > set up to capture the IP address so I know from where they come. I found > a > > short script that is supposed to stop these IP addresses from accessing > the > > form page, it redirects the spammer to another page (I was going to > redirect > > to a page that has lots of pop-ups, scantily clad men and offers of joy > > beyond imagination), but someone suggested I redirect to the Federal > Trade > > Commission or perhpas the FBI. > > > > Any thoughts on the script and its effectivness? > > > > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { > > header("location: http://www.google.com/";); > > exit(); > > } ?>Gary > > > > > > > > __ Information from ESET Smart Security, version of virus > signature database 4526 (20091020) __ > > > > The message was checked by ESET Smart Security. > > > > http://www.eset.com > > > > > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Here is a tutorial on captcha http://blog.sankhomallik.com/2008/12/17/tutorial-using-zend_captcha_image/ -- "Good Enough" is not good enough. To give anything less than your best is to sacrifice the gift. Quality First. Measure Twice. Cut Once.
Re: [PHP] Spam opinions please
That will work just for one IP, but they could spam you from another IP. I suggest you add a good captcha to the form and that way you can avoid spam forever. Regards, Jonathan On Tue, Oct 20, 2009 at 3:31 PM, Gary wrote: > I have several sites that are getting hit with form spam. I have the script > set up to capture the IP address so I know from where they come. I found a > short script that is supposed to stop these IP addresses from accessing the > form page, it redirects the spammer to another page (I was going to redirect > to a page that has lots of pop-ups, scantily clad men and offers of joy > beyond imagination), but someone suggested I redirect to the Federal Trade > Commission or perhpas the FBI. > > Any thoughts on the script and its effectivness? > > $deny = array("111.111.111", "222.222.222", "333.333.333"); > if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { > header("location: http://www.google.com/";); > exit(); > } ?>Gary > > > > __ Information from ESET Smart Security, version of virus signature > database 4526 (20091020) __ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php