Help!!! I'm being attacked...
Greetings fellow webmasters.
I run an averagely successful website, and there is a handful of folks spamming me every day.
My guestbook and subscriber opt in list is beingspammed (something like 30 to 50 entries a day). It is the same few people, because the pattern of info is similar.
I tried to use ip blocking, but the spammer is using ip cloak, so everytime the ip address is changing. As a stop gap measure, I changed to use a moderated system, where every guestbook entry has to be approved.
Then I implemented cookie, so that once an entry is posted, the script will not allow any further postings.
But the spammer countered this as well, by rejecting cookies.
So everyday, I'm receiving like 50 subscribers into my opt-in list, which are all in the tune of [email protected] or just rubbish like that.
I really don't know why they want to spam me.
What can I do? Am I completely helpless and at the mercy of this spammer?
I tried to use Perl to detect if cookies are disabled. So that the script can automatically reject a posting if cookies are disallowed. But Perl can't seem to be able to test if cookies are allowed.
Please help. What should I do?
Busy posted this at 00:18 — 16th April 2006.
He has: 6,151 posts
Joined: May 2001
Use rules, if message contains ".......the spam words ..." do not enter into database, or if the message is similar to "...spam words...." put in a queue for you to check post/remove.
You will have to update the conditions, as the spammer learns the trick but is easier for him to repeat the same thing than come up with 100 new things to say. I am sure you get the spam emails for where they try make the word not appear what it is so spam filter dont block it, ie: free, fr ee, fre.e, fr.ee, f.r.e.e ... they are so many combinations but is easy for you as you just have to strip out the non letters/symbols and even spaces and no matter how they try spell it, it will always return to you as free
davido posted this at 01:40 — 16th April 2006.
They have: 4 posts
Joined: Apr 2006
Hello Busy,
Thanks for your inputs. I have implemented that for my guestbook.
If it contains any url links, or any other trigger conditions, then it just rejects.
I think this guy found out that I have built in the spam filter because now he started spamming my opt-in list.
Unfortunately for opt-in list, I cannot build rules because its a single email field. No trigger conditions to check, because he keeps entering different emails like [email protected], [email protected], etc.
It appears to me that this guy is ill intentioned and is taking revenge on my opt-in list because I won't publish his guestbook postings.
In addition, it also seems like this guy is challenging me with a "stop me if you can" attitude.
I'm now afraid for my "Contact Us" form and "Upload Photo" feature is also open to spam attack. So far, nobody has spammed those.
My website is www dot uboat aces dot com ==> remove the spaces and format it together.
If you would like further info, please let me know and thank you very much for your support.
Busy posted this at 10:43 — 16th April 2006.
He has: 6,151 posts
Joined: May 2001
If they are out for revenge it can be more productive for you to remove the posting rights to everyone on your forum/guestbook.
Sure you can fight it and remove the bad posts etc but your other viewers will tire of it and go elsewhere. If they are challenging you, give up, admit defeat and they will tire of you as there is no challenge. Your not being a coward by backing down, if anything it makes you the stronger person.
good luck
timjpriebe posted this at 16:15 — 17th April 2006.
He has: 2,667 posts
Joined: Dec 2004
You might also check the referrer. In a program I wrote, I recently starting getting people spam it with nonsensical babbling. I added in a referrer check to make sure that the input was actually coming from people clicking submit on the form on my site.
That fixed everything for me.
Tim
http://www.tandswebdesign.com
Busy posted this at 21:59 — 17th April 2006.
He has: 6,151 posts
Joined: May 2001
here is a referrer code I used on several sites
<?php$referrers = array ('sitename.con','www.sitename.con');
$temp = explode(\"/\",getenv(\"HTTP_REFERER\"));
$count = 0;
while($count < count($referrers))
{
if (ereg($referrers[$count], $temp[2]))
{
$correct = \"true\";
}
$count++;
}
if($correct != \"true\")
{
//include(\"header.php\");
echo \"This site is <b>not authorized</b> to send emails using this script!\";
//include(\"footer.php\");
exit;
}
?>
steve40 posted this at 03:19 — 18th April 2006.
He has: 490 posts
Joined: May 2005
I have just experienced the same problem. I had a guest book entry, so I went to look at it. It was 30 suceeding links in a row.
So I set my book so you had to enter a code to post. Then I thought it's hard enough to get someone to sign the book, much less fool with entering a code.
Bottom line I turned off the html, that should discourage them. They may be able to flood me with text, but their stupid links wont work. In the end they will get tired of it, and quit. And I always have that delete button.
davido posted this at 12:59 — 19th April 2006.
They have: 4 posts
Joined: Apr 2006
Thank you all, everyone.
While brainstorming with you folks, an idea came to mind which will stop ip cloakers in its tracks. It works like this :-
Step 1
The guestbook form will accept entries as usual.
When "Submit" is pressed, the processing script captures the ip address and places it into a cookie. Then it displays another screen and says "Please click here to confirm your entry".
Step 2
The user clicks confirm. The second processing script tries to retrieve the original ip address from the cookie. If there is no cookie, then fail it and tell the user they must accept cookies.
Then it checks if the two ip addresses match.
If the spammer is using ip cloak, the ip addresses will be different. Then you could just display a message to piss him off.
I did this for my opt-in list and it worked. For two days now, it has been peaceful as only legitimate subscribers are getting through.
Now I'm going to implement this for the guestbook as well.
Of course, the other measures such as "filter words" (message contains), referrer checking, etc, are already in place.
The main thing is all these is such a waste of my time.
You know what I did? When spam is detected, my perl script did a "sleep 9999", so the spammer will be waiting there for a response that will never come. My revenge to waste their time for wasting my time
From my experience, this is not enough to stop spammers. Not even with disabling html (mine has always been disabled).
steve40 posted this at 15:02 — 19th April 2006.
He has: 490 posts
Joined: May 2005
YEP. The very next day after I made the above post, I woke up to a guest book full again. I was the stupid one, the bot just switched over to [url] uni-code or whatever you call it. So I reset the code entry thing, it's one of those where you have to enter 4 letters in a box. So far today I haven't seen a thing.
I guess I have been lucky, I've had that book for several months or so with no trouble. I think mine is an automated spam bot, so maybe I am rid of that one.
Where the problem comes from is there are several sort of shady companies, that will pay you to drop their links places. They do not tell you to use any discretion, nor do they care. So you end up with guest books full of s--t.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.