StuartD

I built a simple guestbook script and recently it's been getting hit pretty hard by poker spammers with all kinds of various crap... over 200 submissions in 2 days.

The question is, what's a good way to prevent that without limiting genuine guestbook submissions?

And no, I don't want to go with image verification because it's just a guestbook for every day people. I don't want to make it a chore for them.

I checked the referrer and it is coming from my own site, so it's not an off the site submission. Someone must have built a spammer that submits the actual form on the page.. so I can't just check for the referrer

NdO

You could try to block them based on their ip's. Another option is a blacklist. (With urls / poker / pharmecy words etc.)

scottybuzz

yeh goodluck for you,

__________________
$$$$$ MAKE HUGE MONEY IN CAMS - CLICK HERE $$$$$

StuartD

different IP for each submission, I thought of that myself...

It's looking more and more like I'll have to go the "keyword" route, and try to keep on top of things that can't be submitted. That's going to suck though.

Especially since this seems to be affiliate type crap, which means getting some messed up urls such as online-poker-games . halpinos.com/ and internetpoker2.tblog . com/
(urls broken cause I don't want to send them any more traffic than they already get)

EdgeXXX

Tough to do without "making it a chore" for the legitimate people. What about screening for (filtering) certain keywords like poker, join, etc.?

__________________
.
.
.
.

MaddCaz

__________________

BigCocks.com -
MatureWomen.com -
Tranny.com -
DrunkGirls.com -
TeenGirls.com -
MonsterCock.com and
many more... Click
here to see them all!

Damian_Maxcash

Single letter verification would be ok on a small site...."Press '$randomletter' to post your comment" instead of a submit button for example.

Nobody is going to bother writing a script to post on a single small site - it would just go into the 'not worth it' file.

On a larger site where it would be worth the time and effort then I am out of ideas.

SMG

there are a few ways to do it from the ip things to other tricks that keep out most automated submissions ... if it's a php script, I can talk with you about hardening the script a bit to stop the spammers, just hit me up on icq 6354 0110

__________________
TGP Webmasters: sign up for the top 100 tgp list!
Submit galleries
If you add me to icq (title) make sure to mention GFY or I'll think you're a bot and deny you.

everestcash

got the same problem - with regbots on my dating forum & my blogs ((
on blogs i simply suspend posts with urls in them
on board i use visual code, email confirmation & ban spammers email periodicaly - but it doesn't help much ((

__________________

Got solo girls/teen traffic? Promote our exclusive solo girl sites and boost your income!

everestcash

sounds interesting
will try it )
thanks

__________________

Got solo girls/teen traffic? Promote our exclusive solo girl sites and boost your income!

EdgeXXX

This is a good idea and I like it. The only problem is that everyone is assuming that these are automated spams, which they may be, but what if it is just someone that is manually pasting the spam? If this were the case, they would have no problem clicking buttons or even verifying images. But like I said, I love your idea as an added measure of security.

__________________
.
.
.
.

smutx

try renaming the input feilds to something different.. like someone eles said no one really targets a site, its done on a mass level is it should do the trick

__________________

WiredGuy

Another idea involves making use of javascript. Basically, encode the html into a cryptic javascript such that bots can't parse the parameters out of the form. This does of course mean only javascript enabled users can use the form though.
WG

__________________
I play with Google.

StuartD

Hmm... that's certainly a thought... that would be a good way to prevent spammers from mass submitting.

WiredGuy

Ideally the OCR will probably stop the most spam and should work for most users. Javascript encryption would mean a small percentage of users will be unable to use it but should stop spammers as well. To me, I'd prefer the OCR with a simple 2-3 character recognition, that should hopefully not inconvenience the surfers too much.
WG

__________________
I play with Google.

CamsLord

yea ocr images will fix that

__________________
sig for sale - pornpicz(at)gmail.com

fris

i find image verify works best. anything without that on any kind of form is just silly.

__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


My Cam Feeds Script

WiredGuy

Another suggestion I also wanted to make was based on a simple question any human can answer, thereby making a simple password verification type deal. For example, instead of asking for an OCR just ask a simple question like what color is the sky? Bots will have no idea and leave this query blank, humans will just enter blue and get right through.
WG

__________________
I play with Google.

line

Wow, after seeing these suggestions I can see why spam is so pervasive.

__________________
[whore yourself here]

SmokeyTheBear

add this to your form <input type=hidden name=botcheck value=nobot>

then in the php script put this as your first line

if ($botcheck == "nobot") { } else {

$url = "SPAM"

}


where $url would be one of the items in your form like an url that will then get turned blank if the hidden input isn't present.

This isnt a great solution , but this will prevent most box-automated type submissions.

Just change the "botcheck" to something different every so often ( on both the form and the script )

__________________
hatisblack at yahoo.com

StuartD

Some great suggestions. Thanks everyone

Why

turing image.