There is plenty of commonaltiy in the submissions, all ip addresses start with an 122. They all offer SEO services, but change the wording, so if I tried to bannish any submissions with Search Engine, Ranking, Google etc, they would probably just shift messages. There are also special charactors in the messages, although I am not sure if that is just a foreign charactor that is being translated. I also noticed that one of the messages start with "\ and end with \", which I assume is put in to beat system. I did find on stopforumspam.com this ip address and they had whois information, it points to india. There is also a "report abuse" to the ISP, but I wonder if that is just another trap. Any thoughts would be appriciated. Gary "Ashley Sheridan" <ash@xxxxxxxxxxxxxxxxxxxx> wrote in message news:1250774581.10895.54.camel@xxxxxxxxxxxx > On Thu, 2009-08-20 at 09:11 -0400, Gary wrote: >> I have a client with a form on his site and he is getting spammed. It >> appears not to be from bots but human generated. While they are coming >> from >> India, they do not all have the same IP address, but they all have gmail >> addresses, New York addresses are used in the input field and they all >> offer SEO services. It is not overwhleming, but about 5 a month. >> >> What is the best way to stop this. >> >> Thanks >> >> Gary >> >> >> >> __________ Information from ESET Smart Security, version of virus >> signature database 4351 (20090820) __________ >> >> The message was checked by ESET Smart Security. >> >> http://www.eset.com >> >> >> >> >> > > To ensure that it isn't bots, maybe look at adding some sort captcha. > > As it is quite infrequent, the chances are that it is a human scumbag. > Is there anything common to the spam posts that you can see? What about > looking for that prior to the post being added. If you find it, then set > a flag in the database next to that post and record the IP address of > whoever made it. Then, if someone visits with that IP address, show them > the post as if there was no problem, but only to that IP, giving you a > chance of verifying the legitimacy of the post before it goes live to > everyone. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > > > __________ Information from ESET Smart Security, version of virus > signature database 4351 (20090820) __________ > > The message was checked by ESET Smart Security. > > http://www.eset.com > > > __________ Information from ESET Smart Security, version of virus signature database 4351 (20090820) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
