On Tue, Oct 20, 2009 at 4:12 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, 2009-10-20 at 21:01 +0200, John Black wrote: > >> Gary wrote: >> > I believe they are human spammers as all the input fields are correctly >> > filled out (phone in phone, address in address etc). >> > As I said they are mostly the same IP. >> > Would it be better to include this script in the processing script rather >> > than at the top of the page? >> >> >> If it is fixed list of IPs you could add them to the .htaccess file like >> this: >> >> order allow,deny >> deny from xxx.xxx.xxx.xxx >> allow from all >> >> This way it is handled by your webserver and you don't need to run a >> script on every page. >> >> Keep in mind that a lot of comment spam is sent out from infected >> machines. So if the IPs belong to a big ISP it is possible to block a >> lot of users if you block the proxy. >> Check the IPs via Arin to be sure >> http://ws.arin.net/whois/ >> I have noticed that a blocked spammer will sometimes reconnect from a >> totally different IP and resubmit the same information. >> >> Regarding the properly filled out forms, spam bots are pretty good about >> placing valid data into the correct fields, some are better then others. >> >> -- >> John >> > > > I'd go with this method if you can, as it will take quite a load off of > your servers. However, try not to be too liberal with it, as it may end > up preventing genuine access if the spammers are coming from dynamic IP > addresses. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > > Add a hidden field that should not hold a value. Spam bots will try to fill all fields with that value, so if there is one send back a 404 message to the bot and dump the record -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
