On Thu, 20 Aug 2009 09:11:47 -0400 "Gary" <gwpaul@xxxxxxx> wrote: > I have a client with a form on his site and he is getting spammed. > It appears not to be from bots but human generated. While they are > coming from India, they do not all have the same IP address, but they > all have gmail addresses, New York addresses are used in the input > field and they all offer SEO services. It is not overwhleming, but > about 5 a month. > > What is the best way to stop this. > > Thanks > > Gary > One of the things you could check is if they do direct posting. What I mean by that if that sometimes a POST URL only is send. They figured out the fields you have in your form and directly send a POST with the appropriate fields. You could check this in the webserver logs. Just look for the IP and see if it only has a POST URL. If this is the case you could implement a nonce on your form and check it during the processing of the post. A second idea is to check the IP of the visitor during the POST process, with something like stopforumspam or project honey pot. If you want more info let me know. -- Peter van der Does GPG key: E77E8E98 IRC: Ganseki on irc.freenode.net Blog: http://blog.avirtualhome.com Forums: http://forums.avirtualhome.com Jabber ID: pvanderdoes@xxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
