SPAMing php Captcha pages
Well.. they figured out how to SPAM a php server side Captcha comments page that I thought would eliminate SPAM.
Now it's become a major problem. About 40 SPAMs an hour keep coming in.
I can delete them ok, but they are clogging up my email inbox and I assume, using CPU and other resources from the server.. fair assumption?
Anyway, I'm searching for ideas to add a layer of security or resistance to these SPAMS.
I really am at a loss this time.
The Dagon Php formmail was working so good, too.
Anyone have any ideas?
I appreciate any advice you may have.. even if you want to flame me.
BTW.. The web links and the email links are all gibberish. Just random letters, like monkeys typing.
Here's an example of what I receive in my email:
Date: Mon, 2 Jul 2007 16:39:32 -0600
To: [email protected]
Subject: General Visitor Comments
From: "qvyzbmir" Add to Address BookAdd to Address Book Add Mobile Alert
CC:[email protected]
Message =
fyahmonm http://czewgxlg .com oupzbeaz cmassaim
Host: www. xyz.org
IP: 64.49.255.108
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
The IP address listed above is supposedly where it came from; but
I've researched these and they are random and probably forged.
Help!
Rick (shobuz99)
webwiz posted this at 01:19 — 3rd July 2007.
He has: 629 posts
Joined: May 2007
Not familiar with that Formmail program, so don't know how difficult this would be to implement, but I recently came across this idea for foiling spambots:
Fighting spam with CSS/.
Cordially, David
--
delete from internet where user_agent="MSIE" and version < 8;
shobuz99 posted this at 02:03 — 3rd July 2007.
They have: 42 posts
Joined: Oct 2006
Thanks webwiz!
I checked out the site. It's a cool idea; BUT
I don't know for sure that it's a bot doing the SPAMing.
Reason? Because I am using a Php form with a"Captcha" type of process. The SPAMs are coming in at a 10 per hour rate. Not too aggressive, but they go to an email instead of a DB. That email gets filled quickly and monitoring is not practical 24/7.
It still sounds good, though. Anyway, thanks for the idea.
Rick (shobuz99)
demonhale posted this at 02:27 — 3rd July 2007.
He has: 3,278 posts
Joined: May 2005
is your captcha custom coded and secure? If you get a lot of traffic and your captcha aint secure or is commercial, then theres a good chance bots found a backdoor for this. It could well possibly be humans too...
shobuz99 posted this at 02:50 — 3rd July 2007.
They have: 42 posts
Joined: Oct 2006
demonhale
My Captcha is coded by dagondesign.com. He has a new version now, so maybe I should look into that. It may have some features to help me with this. As far as secure goes, I'm not sure what additional security you mean, other than that it's a Php server-side form. Sorry I'm so dumb on this point.
Otherwise, I'm thinking humans, too. Reason is: how slow the posts come in.. 1 or 2 in 15 minutes, then maybe 20 in 5 minutes.. as though they made a concerted effort to bomb me into submission. Then it backs off for a while.. like 2 or 3 hours.....then starts up again.
The good news is; the Spammer doesn't get satisfaction because I simply delete them from my email. They never get posted. Small consolation for me, though. Since I have to deal with a stuffed mailbox every few hours.. PITA!
Anyway, thanks
Rick (Shobuz99)
demonhale posted this at 06:54 — 3rd July 2007.
He has: 3,278 posts
Joined: May 2005
Have you tried the php captcha from puremango, I use it on my site and had about 20,000 spams a day to about 1 a month from a human... Check the link on my credits page... its easy to customize and install too...
webwiz posted this at 19:45 — 3rd July 2007.
He has: 629 posts
Joined: May 2007
Hard to believe someone is being paid just to target your site. I mean, how many more sites can a human target at that same rate? Not too many, I'd wager.
I do know that some captchas can be read by a bot. So you probably should update your captcha system if you can.
Of course, as spambots get more sophisticated, able to read more distorted captchas, we inevitable will arrive at a point the captchas will be unreadable by humans. They already exclude those with screen readers, of course.
Whither the "world-wide" in "world-wide web"?
Cordially, David
--
delete from internet where user_agent="MSIE" and version < 8;
webwiz posted this at 19:49 — 3rd July 2007.
He has: 629 posts
Joined: May 2007
Oh! I just remembered. Have you looked at Akismet? I have heard that it's pretty effective.
shobuz99 posted this at 15:02 — 4th July 2007.
They have: 42 posts
Joined: Oct 2006
Webwiz,
Thanks for the suggestions. No I haven't looked at akismet; but I will.
The posts seem to have stopped. Haven't gotten one in two days.. However, I'm not assuming it's over. I am starting to think it is a human; since the poster is getting no satisfaction from doing it because I don't post the SPAM. He has no way of knowing for sure if it is annoying me or disrupting the web site. I guess we'll see what happens..
Thanks again for your help.
Rick (Shobuz99)
andy206uk posted this at 15:49 — 6th July 2007.
He has: 1,758 posts
Joined: Jul 2002
I use the following code in my PHP formmail script to ascertain if there is anything a bit spammy in any of the posted data:
<?php
foreach($_POST as $postvar => $postdata) {
//***** check for spammy stuff
if(substr_count($postdata,\"\r\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"\n\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"%0a\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"%0d\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"Content-Type:\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"bcc:\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"to:\") > 0) { $error[input] = \"Illegal Character in form input\"; }
if(substr_count($postdata,\"cc:\") > 0) { $error[input] = \"Illegal Character in form input\"; }
}
?>
All of the above are common things that a spammer will try to inject into a message to send spam. Once you've detected spam you can either make the spammer believe that it works and give the normal output, or return them to another page with a 'no spam' error.
The spammers like easy exploitable code - add this little bit of code and they'll likely give up and leave you alone....
Andy
TheVoice posted this at 19:43 — 31st July 2007.
They have: 10 posts
Joined: Jul 2007
Will this work on a html FormMail form?
nameeta posted this at 08:56 — 9th July 2007.
She has: 4 posts
Joined: Oct 2005
This problem with Captcha is very common and we have also installed it on many of our sites but still we get alot of spam on daily basis.
andy206uk posted this at 19:53 — 9th July 2007.
He has: 1,758 posts
Joined: Jul 2002
I agree - CAPTCHA's are only useful against computer generated spam. Quite a few spamming organisations pay slave wages to kids in a third world country to go around spamming contact forms, blog comments and forums because it's cheap and gets past all security.
Trust me on this one - the code above will stop 100% of all spam, automated or otherwise.
Andy
!ASK! posted this at 16:46 — 15th July 2007.
They have: 2 posts
Joined: Jul 2007
I found a new web site blogg that has posted some very interesting information about the ask-dir.com directory it apears to be a spam directory and also. ask-dir.com steals peoples money and does not keep them in the directory and he wont give refunds .
check out this blog from http://www.ask-dir-com.info to see more about what a crook is.
Ask dir is a broad topic on the web with some 20,000 plus links. Unfortunately most ask dir links are not great places to visit. For parents who want to protect their young children from parents material. Here is one website example, ask-dir.com we recommend you ban or black list ask-dir.com so your children will be protected from great and nice. Here are just 2 examples of why this site is on the naughty list. ask-dir.com/Society/Gay-Lesbian-Bisexual/: ask-dir.com/Society/Gay-Lesbian-Bisexual/ . Its time that parents take a closer look at some directories before the let the little one surf these types of website. So before you visit all these ask-dir links you can check here first to get the facts before you visit these ask dir links.
It seems to me the Ask-dir.com should be banned from search engines.
ask-dir.com - The Fake PR Rank directory cheats people buying links.
andy206uk posted this at 19:37 — 2nd August 2007.
He has: 1,758 posts
Joined: Jul 2002
It'll have to be implimented on the PHP script that processes the form, not the html form itself.
shobuz99 posted this at 01:54 — 3rd August 2007.
They have: 42 posts
Joined: Oct 2006
andy,
I would like to insert your code into the php formmail that I am using... where within the form code should I insert this?
I'm not good at all when it comes to code structure and ettiquette..
Rick (Shobuz99)
shobuz99 posted this at 23:07 — 6th August 2007.
They have: 42 posts
Joined: Oct 2006
Andy,
I inserted your code in the formmail.php that I use from Dagon.
I tried testing it, but what I sent got through to my email.
Is there a way I can test this to make sure it's working and that
I haven't inserted your code in the wrong place?
Thanks very much for your help on this. I do appreciate it!
Rick (Shobuz99)
Steve1943 posted this at 02:12 — 5th August 2007.
He has: 4 posts
Joined: Jul 2007
Slightly off topic but it has long puzzled me.
Why do they send these gibberish mails - what's in it for them?
Steve
Fashion School Choices
shobuz99 posted this at 23:12 — 6th August 2007.
They have: 42 posts
Joined: Oct 2006
I guess they get some sorta sick kick out of sending this crap.. I don't know.
I've never been good at figuring out people with mental problems.
It kind of mirrors the SPAM that gets sent out every day that gives you a link that never works... no I haven't tried them, but I have checked their domain
and nearly every time, it's phony... so you can't contact them, why would they send you the SPAM in the first place.. same as your question.
Beats me.
Rick (Shobuz99)
andy206uk posted this at 21:42 — 9th August 2007.
He has: 1,758 posts
Joined: Jul 2002
Hi,
I can't really advise you on how to use it within the script that you are using, since I've never seen your script
The kind of stuff spammers put into forms is quite hard to type in manually, however you can tell if it's picking it up by just typing 'BCC:' in any of your fields.
Andy
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.