|
|
Posted by shimmyshack on 03/26/07 01:58
On 26 Mar, 01:39, "Steve" <no....@example.com> wrote:
> | > So the question is how are they getting pasted it?
> |
> | They use a blue wand, kind of the same as Harry Potter, but a blue one.
>
> roflmfao !
>
> i use a pink wand, just like your blue wand, but pink. ;^)
you are both so naughty.
look Brian, as has been said, don't be afraid to provide the link, so
we can actually tell you have done wrong, after all your link is
public already; you will have peace of mind after you fix it - if
indeed anything is wrong!
You should know though sessions don't provide protection, the ID is
sent to the user-agent to be sent straight back, that's it!
If you think you are being targeted by a human, there's little you can
do, as they can solve Captcha's. If you think it is automatic then you
have either done something wrong - named the image by the random text
it contains, or have the image src="image.php?random=Rt8d" both of
which I have seen in the wild - or perhaps you have attracted a
professional - someone whose script finds the captcha url and grabs
the image sending it off to one of his/her sites which is heavily
used, the captcha is then presented to a real likfe person on /that/
site and the answer sent back through to your site - harder.
Perhaps you can just make it harder for the script by
(there are accessiblity problems with the following)
* randomising the names of the input fields, and image url
* time the solving time.
*have the posts build up (if you are getting loads of them) dump
collections of them based on IP and other data colected (see below) or
have them emailed to you first, with a validation link at the top,
then have the emails go through a Bayseian antispam filter like
spamassasin or spampal, which learns adaptively, so you only get to
see stuff considered ok.
* have the image dynamically inserted into the DOM using a separate
XHR call
* require that the IP that makes the request for the page be the same
that makes the request for the image
* require that the page must be part of a "flow" that is don't allow
post from someone who requests the html and no css/script/images,
track their requests to ensure the browser they claim to be using
matches the requests made. This is like using referer but is not so
easily spoofed as each page takes a "breadcrumb" and stored it to
track the user, award point to users who continue on round your site,
or come from somewhere within. Using a session i nice here.
* in a similar way require javascript to ask questions of the
capability of the user, if it's a script the js will fail, so require
js if you need to, if they are automating firefox, download some auto
stuff like chicken foot/solvent etc.. and see what it takes to fuzz
their script. Have a fake input hidden above the real one etc...?
* require validation of an email address, preventing mytrashmail
etc...
* prevent the script from accepting posts if at certain times.
* google for latest techniques in revealing true IP, often script
kiddies use tor/privoxy which by itself isn't enough, ask the user-
agent what time they have, screen res, use google analytics for this,
etc..
* try to tag you user with persistent data objects (eg flash),
cookies.
* download a list of know proxies at start of play, and check the
poster's IP. (including those associated with tor)
there are loads more of course, but I think you are now thinking - man
it's not worth it, I'll just delete them, so write a routine that
gathers info on the poster, and store it in the db table or wherever
and use that in a where clause, you will find they come from a
selection of IPs which repeat, so store them.
finally, have some fun, if you suspect its an autobrowser, send a
bunch of CPU chewing code to gobble up their memory using javascript,
or maybe if you get a request from a known proxy send it
I get this kind of spam from one of my sites, they have similarites,
so get killed. I find it amusing how persistent, relentless and futile
it all is, I havent taken any of the above steps to prevent it, just
to see if it will ever stop of it's own accord!
Navigation:
[Reply to this message]
|