Re: Spam Post Defense / ID spam form posts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Instruct ICC wrote:
Not sure what you mean by "hand off the socket to multiple threads on multiple servers". I think you're talking about detecting that a POST is spam and passing that off to another machine to handle it.
Yes, that is what I meant. A socket is a lower level "object" that the web server is using to communicate.

Wow, that's for that egg-sucking lesson. I would think it was clear from my answer that I know what a socket is.

Why would you waste any more time with it than you need to.
This was my knee-jerk response that wanted to bring down the attacker's server. I was wondering if I could spawn multiple threads and on multiple servers to write back to that attacker socket.

That is pointless since most spam comments come from compromised machines, so you'd only succeed in pissing essentially innocent (albeit probably stupid) users.

Moreover that would definitely be illegal and you're more likely to be sued than the person behind the spam.

Legally?

Grey area. You can put restrictions in the terms and conditions of use on your site, but AFAIK those have never been legally tested and would be extremely difficult and prohibitively expensive to enforce.
I'm pretty sure I read that bringing down an attacker's server (or making the attempt) would put me in the wrong. And yes, I was thinking of adding legal terms to the form of the type "Bogus form submissions will be {dealt with}."

Sorry, I thought you were questioning the legality of them posting spam to your site.

Again, no terms and conditions can enable you to break the law.

Then your boss is an idiot. Some form of CAPTCHA is the best defence currently available.
No comment, except that pay-day is approaching.

Doesn't stop him/her being an idiot. Curious that you only value your job when payday is approaching.

There are alternatives such as putting a generated key into a hidden field in the form which you also store in the session. When you get the POST you check the key you get to make sure that request has come from the form you just generated and not something/someone just using the field set. However, this is not overly secure since spammers just need to get the page containing the form each time.
I was thinking of this and came to the same conclusion.

There are projects out there ...taking part in a larger effort will certainly be more effective than doing it on your own.
Thanks.

You might want to check out the source for Akismet which is one of the anti-comment-spam plugins available for Wordpress. There are others around that do similar things.
I think I saw this name "Akismet" in my defense searches. I'll take another look.

You don't say what context you're taking this data in, but if you can refuse to accept posts containing bbcode-style markup and links you will get rid of 70-80% of bogus posts.
They do seem to have the bbcode url style markup.  Thanks again.

You've got to bear in mind that they are trying to achieve something, and that something is usually to build traffic and/or inbound links to their sites. The only way they can do this is to include URLs in their posts.

-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux