[WSG] More on spam traps
Hi All,
I have recently attempted to 'trap' spammers who use autofilling tactics on the
site at www.gwelanmor-internet.co.uk. This is written in html5 and uses a
mixture of simple tests to validate the form. However, yesterday I recvd a
mail thus:
a.. name
a.. igmgrtasel
a.. email
a..
a.. hidden
a.. -9
a.. comments
a.. CaWePF a href=http://ipdszgwutyvp.com/;ipdszgwutyvp/a,
[url=http://fkpbtvpaxitv.com/]fkpbtvpaxitv[/url],
[link=http://rtcdalwdjrkb.com/]rtcdalwdjrkb[/link], http://xsejahukjzdr.com/
a.. send
a.. send message .
The script I used to validate the form is this:
script type=text/javascript
function validateForm()
{
var x=document.forms[contact][email].value;
var atpos=x.indexOf(@);
var dotpos=x.lastIndexOf(.);
if (atpos1 || dotposatpos+2 || dotpos+2=x.length)
{
alert(This is Not a valid e-mail address);
return false;
}
//
var y=document.forms[contact][hidden].value;
if (y==null || y==)
{
return true;}
else
{
alert(I think you are a machine)
return false;
}
}
!--// --
function check(node)
{
var re = new RegExp('[\[\\]]', 'g');
document.getElementById('send').disabled = re.test(node.value);
}
/script
and it works locally and online. However the mail I quote from above is
completely unaffected. Does this mean I give up trying, or what?
Any thing?
Thanks,
Bob
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
Re: [WSG] More on spam traps
Client side validation fails when scammers screen scrape your site and then
directly send to your receiving script. You really need to consider using a
server side validation.
Ken
Sent from my Verizon Wireless BlackBerry
-Original Message-
From: coder co...@gwelanmor-internet.co.uk
Sender: li...@webstandardsgroup.org
Date: Wed, 22 Aug 2012 12:37:51
To: wsg@webstandardsgroup.org
Reply-to: wsg@webstandardsgroup.org
Subject: [WSG] More on spam traps
Hi All,
I have recently attempted to 'trap' spammers who use autofilling tactics on the
site at www.gwelanmor-internet.co.uk. This is written in html5 and uses a
mixture of simple tests to validate the form. However, yesterday I recvd a
mail thus:
a.. name
a.. igmgrtasel
a.. email
a..
a.. hidden
a.. -9
a.. comments
a.. CaWePF a href=http://ipdszgwutyvp.com/;ipdszgwutyvp/a,
[url=http://fkpbtvpaxitv.com/]fkpbtvpaxitv[/url],
[link=http://rtcdalwdjrkb.com/]rtcdalwdjrkb[/link], http://xsejahukjzdr.com/
a.. send
a.. send message .
The script I used to validate the form is this:
script type=text/javascript
function validateForm()
{
var x=document.forms[contact][email].value;
var atpos=x.indexOf(@);
var dotpos=x.lastIndexOf(.);
if (atpos1 || dotposatpos+2 || dotpos+2=x.length)
{
alert(This is Not a valid e-mail address);
return false;
}
//
var y=document.forms[contact][hidden].value;
if (y==null || y==)
{
return true;}
else
{
alert(I think you are a machine)
return false;
}
}
!--// --
function check(node)
{
var re = new RegExp('[\[\\]]', 'g');
document.getElementById('send').disabled = re.test(node.value);
}
/script
and it works locally and online. However the mail I quote from above is
completely unaffected. Does this mean I give up trying, or what?
Any thing?
Thanks,
Bob
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
Re: [WSG] More on spam traps
Hi Bob,
A few points:
- The form submission was likely posted without JavaScript
- There is no point confronting a robot with the reality of it’s existence
Look into writing a filter on your email inbox or server that can
eliminate such messages without your intervention.
Don’t give up :)
Ollie
--
@ollicle
On 22 August 2012 21:07, coder co...@gwelanmor-internet.co.uk wrote:
I have recently attempted to 'trap' spammers who use autofilling tactics on
the site at www.gwelanmor-internet.co.uk. This is written in html5 and uses
a mixture of simple tests to validate the form. However, yesterday I recvd
a mail thus:
name
igmgrtasel
email
hidden
-9
comments
CaWePF a href=http://ipdszgwutyvp.com/;ipdszgwutyvp/a,
[url=http://fkpbtvpaxitv.com/]fkpbtvpaxitv[/url],
[link=http://rtcdalwdjrkb.com/]rtcdalwdjrkb[/link], http://xsejahukjzdr.com/
send
send message .
The script I used to validate the form is this:
script type=text/javascript
function validateForm()
{
var x=document.forms[contact][email].value;
var atpos=x.indexOf(@);
var dotpos=x.lastIndexOf(.);
if (atpos1 || dotposatpos+2 || dotpos+2=x.length)
{
alert(This is Not a valid e-mail address);
return false;
}
//
var y=document.forms[contact][hidden].value;
if (y==null || y==)
{
return true;}
else
{
alert(I think you are a machine)
return false;
}
}
!--// --
function check(node)
{
var re = new RegExp('[\[\\]]', 'g');
document.getElementById('send').disabled = re.test(node.value);
}
/script
and it works locally and online. However the mail I quote from above is
completely unaffected. Does this mean I give up trying, or what?
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
RE: [WSG] More on spam traps
I think its important to give the spammer no indication that you are onto
them. If you give them any kind of feedback, they can use that to work a
way through your maze.The filters i use (which are similar to yours on
the client side, but I also use some tests on the server side, but the
submitter sees the same result either way. Even if the submission is just
discarded to the bitbucket in the sky. They have no way to know their
submission has been discarded.
Cheers
Mike Kear
AFP Webworks
Windsor, NSW, Australia
http://afpwebworks.com
From: li...@webstandardsgroup.org [mailto:li...@webstandardsgroup.org] On
Behalf Of coder
Sent: Wednesday, 22 August 2012 9:38 PM
To: wsg@webstandardsgroup.org
Subject: [WSG] More on spam traps
Hi All,
I have recently attempted to 'trap' spammers who use autofilling tactics on
the site at www.gwelanmor-internet.co.uk. This is written in html5 and uses
a mixture of simple tests to validate the form. However, yesterday I recvd
a mail thus:
_
. name
* igmgrtasel
. email
*
. hidden
* -9
. comments
* CaWePF a href=http://ipdszgwutyvp.com/;ipdszgwutyvp/a,
[url=http://fkpbtvpaxitv.com/]fkpbtvpaxitv[/url],
[link=http://rtcdalwdjrkb.com/]rtcdalwdjrkb[/link], http://xsejahukjzdr.com/
. send
* send message .
_
The script I used to validate the form is this:
script type=text/javascript
function validateForm()
{
var x=document.forms[contact][email].value;
var atpos=x.indexOf(@);
var dotpos=x.lastIndexOf(.);
if (atpos1 || dotposatpos+2 || dotpos+2=x.length)
{
alert(This is Not a valid e-mail address);
return false;
}
//
var y=document.forms[contact][hidden].value;
if (y==null || y==)
{
return true;}
else
{
alert(I think you are a machine)
return false;
}
}
!--// --
function check(node)
{
var re = new RegExp('[\[\\]]', 'g');
document.getElementById('send').disabled = re.test(node.value);
}
/script
and it works locally and online. However the mail I quote from above is
completely unaffected. Does this mean I give up trying, or what?
Any thing?
Thanks,
Bob
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.2197 / Virus Database: 2437/5212 - Release Date: 08/20/12
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
***
List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org
***
Re: [WSG] More on spam traps
Mike Kear I think its important to give the spammer no indication that you are onto them. If you give them any kind of feedback, they can use that to work a way through your maze.The filters i use (which are similar to yours on the client side, but I also use some tests on the server side, but the submitter sees the same result either way. Even if the submission is just discarded to the bitbucket in the sky. They have no way to know their submission has been discarded. That's awfully public-spirited of you, as it makes the spammer slower to move on to attacking another website, but it can get expensive. If some spammers think they are being successful, they will absolutely hammer your server and that could burn your data transfer allowance, or even overload your server if the tests aren't written carefully. Let them submit a few forms and then 302 redirect them to something like http://spam-ip.com/honeypot.php perhaps. Thanks, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/ *** List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: memberh...@webstandardsgroup.org ***
