Instruct ICC wrote:
Can server1 receive a web page form post from remoteAttacker,
identify it as spam (or a DoS or DDoS attack),
hand off the socket to multiple threads on multiple servers owned by
server1's owner,
return multiple responses to remoteAttacker which normally would have
been a single response returned by server1,
so that server1 is not busy responding to remoteAttacker and is able to
handle legitimate requests?
Technically?
Not sure what you mean by "hand off the socket to multiple threads on
multiple servers". I think you're talking about detecting that a POST is
spam and passing that off to another machine to handle it. Far easier
and more effective is to stop processing the request the moment you know
it's spam. Why would you waste any more time with it than you need to.
Legally?
Grey area. You can put restrictions in the terms and conditions of use
on your site, but AFAIK those have never been legally tested and would
be extremely difficult and prohibitively expensive to enforce.
The boss doesn't want to use a CAPTCHA on the form but wants us to
identify it without additional user input.
Then your boss is an idiot. Some form of CAPTCHA is the best defence
currently available.
There are alternatives such as putting a generated key into a hidden
field in the form which you also store in the session. When you get the
POST you check the key you get to make sure that request has come from
the form you just generated and not something/someone just using the
field set. However, this is not overly secure since spammers just need
to get the page containing the form each time.
Also, can a form post be run through an email spam filter to identify it
as spam?
Certainly can. It takes a lot more time and resources to do it but it
can be very effective.
Do you have any ideas to detect spam form posts?
I'm tracking the spam posts in an attempt to find a pattern I can use to
detect them.
There are projects out there that build databases of spam posts reported
by users. You can uses these to filter out spam but it only works if the
post is identical to one that has been identified as spam elsewhere. You
are usually expected to feed back into those systems with your own
reports of spam, but taking part in a larger effort will certainly be
more effective than doing it on your own.
You might want to check out the source for Akismet which is one of the
anti-comment-spam plugins available for Wordpress. There are others
around that do similar things.
You don't say what context you're taking this data in, but if you can
refuse to accept posts containing bbcode-style markup and links you will
get rid of 70-80% of bogus posts.
-Stut
--
http://stut.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
