Posted by Schraalhans Keukenmeester on 05/24/07 10:58

At Thu, 24 May 2007 09:37:50 +0000, boclair let his monkeys type:

> Schraalhans Keukenmeester wrote:
>> One of my customers' site has been 'discovered' by the spammers community.
>> What else is new.
>>
>> None of the messages they posted sofar ended up showing in the guestbook,
>> since they fail to pass the correct verification string. (yes, available
>> in written text and audio for the visually impaired)
>>
>> Yet the volume and size of unsuccesful posts is increasing to a point
>> where they may become a burden on server and bandwith.
>>
>> I added some logic to the scripts blocking spammer ip adresses via
>> .htaccess, but this proves pretty useless, and might block the innocent.
>> Their addresses may be spoofed, their systems unknowingly abused by
>> others.
>>
>> Given the fact I have rather limited freedom on this client's host, what
>> would be your recommended means of preventing spam submission in the first
>> place, if possible? Of course, anything taking up as much or more
>> resources than my current solution wouldn't really improve things.
>
> Prevent unacceptable submissions being written to the dat file, database
> table. One way is to apply substr_count() as a condition of the record
> being inserted. eg
>
> if (
> ($message)
> AND ((substr_count($message, 'porn')==0))
> AND ((substr_count($message, 'sex')==0))
> )
> {insert record}
>
> Louise

Thanks for your reply, Louise.

It's a mysql database table. The spam posts are not inserted into the db.
I have stored them in a log file for two months to have a grasp of what's
cookin'. But the data is still sent to the server and a script has to
evaluate the data. First check is the verification, followed by a content
filter.

Since mid March 2.8% of all attempted messages proved acceptable, and a
whopping 97.2% was discarded. In total 4319 attempts were logged by apache.

The last two weeks the spam intensity has increased, a wagonload of 66.*
and 24.* addresses have been bulk-posting. I also noted the average
message size increased.

My main concern is this problem will only grow, since these spambots don't
seem to check if their spam is succesful.

I just thought of the following: I could use a Javascript function to
verify at least 'something resembling a possible verification string' was
entered in the right field before I allow form submission. Most of the
banned stuff simply left that field blank.

Or would this only be a pyrrhic victory, do they catch on soon enough and
simply adapt their scripts to add a field value for verification?

(So I'm still interested in alternatives)

Sh.

[Back to original message]