Mike Kear
> I think its important to give the spammer no indication that you are onto
> them.   If you give them any kind of feedback, they can use that to work a
> way through your maze.    The filters i use (which are similar to yours on
> the client side, but I also use some tests on the server side, but the
> submitter sees the same result either way.   Even if the submission is just
> discarded to the bitbucket in the sky.     They have no way to know their
> submission has been discarded.

That's awfully public-spirited of you, as it makes the spammer slower
to move on to attacking another website, but it can get expensive.  If
some spammers think they are being successful, they will absolutely
hammer your server and that could burn your data transfer allowance,
or even overload your server if the tests aren't written carefully.

Let them submit a few forms and then 302 redirect them to
something like http://spam-ip.com/honeypot.php perhaps.

MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/

List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm
Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm
Help: memberh...@webstandardsgroup.org

Reply via email to