|
Posted by Kentor on 12/19/06 21:49
Nvm that font question, how about the sessions =/
Kentor wrote:
> Also, could someone point me to a font that would not be easily
> decodable by a bot for captcha purposes.
>
> Kentor wrote:
> > Good stuff guys, alright so how can i use sessions to prevent the
> > spammers? can somebody give me a piece of code or an example so i can
> > see how this can be done.
> > Rik wrote:
> > > Kentor wrote:
> > > > I dont understand how to use sessions to prevent spam. Bots have
> > > > sessions too no?
> > >
> > > They have indeed.
> > >
> > > > I thought that a good way would be to simply prevent
> > > > a
> > > > user from sending too many emails in 30 seconds or something like
> > > > that.
> > > > But according to Rik spammers can play with this using ips and
> > > > whatever.
> > >
> > > Without a problem. The main reason NOT to use ip's is that several people
> > > could have the same ip. Consider company x. Someone there finds your site
> > > and is all excited and tells all his collegues about it. Those lazy
> > > bastards will, instead of working like they should, all go to your site
> > > through the companies internet access, which uses but a single ip. All
> > > those people also enjoy your site to the fullest. (Let's face it, your site
> > > rocks! Anyone not impressed could not be called human...). They try to tell
> > > people, but everyone in the company already knows. Highly frustrated they
> > > HAVE to share the news of such an excellent piece of work on the web with
> > > others. And lo, you've given them a possibily to tell their friends about
> > > you, bypassing that evil firewall that blocks personal emails (someone
> > > actually did a full days work after they installed it, the horror!). They
> > > try to tell their friends, all over the same ip again. Then it happens:
> > > This site, this wonder on the internet, this wonderfull thing that was
> > > almost a god to them says: "This shall not be, for it is my believe you are
> > > a spammer." What does one do? Suddenly this little wonder isn't so
> > > wonderfull anymore. At first, they doubt themselves, they must have done
> > > something to affront this wonderfull being. But no, others too are
> > > wandering the halls with glazed over eyes. Their god rejected them... It's
> > > like a terrible break-up. What's the first thing anyone does who had been
> > > so utterly rejected? They start to badmouth it. It couldn't be them, it's
> > > this thing, this vile trap placed especially to humiliate good people...
> > > They'll have to warn others not to fall into its clutches, normally they
> > > aren't that altruistic, but everyone should be spared this trauma. After
> > > some talking groups are formed and the rest of the day is spent trying to
> > > overcome this black, black day, they finally come home. Here there's no
> > > email block, let's spread the word...
> > >
> > > > I like the idea of queuing the messages but how could i
> > > > filter out spamming messages? I could check them myself but then this
> > > > will require me spending time... =/
> > >
> > > Well, queueing and checking can be automated given enough rights on the
> > > server offcourse. Then again, if they call up the person who they sent it
> > > to (*sigh*, don't you just get mad when someone calls just to say "you've
> > > got mail"), and it doesn't arrive for a long period of time, this also
> > > doesn't look good.
> > >
> > > But my major point was that it is impossible to exclude spammers a 100%,
> > > however if:
> > > - you use your own custom script for it (i.e. not a script thousands of
> > > people already use).
> > > - you build in some basic checking (header-injection is impossible, maybe
> > > indeed use a session to filter out the dumber bots, captchas)
> > > then as a spammer, I've got a choice to try to use your script for my evil
> > > purposes. However, in the time that would take him, he can find 10 other
> > > mailforms who are vulnarable to header-injection, which saves a hell of a
> > > lot of time. It's like parking end locking your old rusty car next to an
> > > unlocked brand new BMW. Given a choice, they'll offcourse steal the BMW,
> > > and leave your car alone. Probably, although there are always greedy
> > > bastards who'll still take both :-)
> > > --
> > > Rik Wasmus
[Back to original message]
|