PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Wed Oct 17, 2018 10:54 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3
Author Message
PostPosted: Mon Dec 30, 2013 5:55 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6424
Location: Montreal, Canada
The email field is obvious, but we have no idea what the other two fields are meant to represent. Are there other fields in the form not included in this document? Not much to work with, I'm afraid.

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:04 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Yeah, you're really getting hit! I'm not surprised it's Chinese, there's a lot of very active spammers there (well, it's a huge country!). Are there URL links in them? I'd say there's no point in complaining to anybody, they're not going to do anything to them. Better to concentrate on how to detect them and just not accept the baddies into your database. The detection is the hard part. For Chinese characters, I suppose you could test anything that is supposed to be English text to see if it contains any non-ASCII characters (I can't think right now just how to do that, but I'm sure it's possible), but that wouldn't help for plain English spams. A good Captcha routine might help, but as someone pointed out earlier in this thread, Captchas can be hacked, too. I wouldn't count on this being kids fooling around, though. That's possible, but I think it's more likely that it's a serious spammer who is getting paid by others to get their URLs in front of thousands of pairs of eyes. It's a shame some people aren't willing to do honest work, like maybe prostitution?? [Just kidding, gotta break the tension.]

The options that I can think of include:
  • Code it as a moderated forum, where a post isn't accepted until it has been reviewed by a moderator; but that means that somebody has to read all the posts!
  • Require the poster to supply a valid email address, then send an email to that address, with a validation link to a script that matches the ID of the post and actually posts it; there's probably a way to defeat that, too, but presumably that gives you somebody's real email address that you could later trace.
  • Use a strong Captcha that sends the Captcha data to the server for validation, as mentioned in another post earlier in this thread.

Good luck on this. I hope some of the other guys will respond to you.


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:09 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6424
Location: Montreal, Canada
The trouble, I think, is that these all look like throwaway Gmail accounts. They could easily retrieve and follow the confirmation links, but having the account reported and blocked probably wouldn't mean much to them. They'd just create another and another and another.... CAPTCHAs can be defeated, honeypots can be defeated, but certainly implementing either or both of those would be a step in the right direction.

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:16 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Hi Celauran. Happy New Year! :-) You're right, that's the downside of free email accounts like Gmail.

To clarify Tex's post for anyone who didn't read his own thread, it's a PHPBB forum and Tex is a vb.net developer, just getting his feet wet with Linux and PHP. His original thread is http://forums.devnetwork.net/viewtopic.php?f=1&t=138955&p=690109#p690109.


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:26 pm 
Offline
Forum Newbie

Joined: Sat Dec 28, 2013 5:02 pm
Posts: 15
I would only report the ones that actually got through and posted spam. So far all I do are three things and its working well, at least for now. One is the Q&A with a question that cannot be easily Goggled, Email confirmation, and 1 post moderation. But last month I was not doing all three and my site got hit bad. The past few years all I had was two of these three and my old Q&A question must of made their list. I also hear these spammers upgraded their scripts or what ever they use and I guess the got a database with all the common Q&A answers so now forum administrators need harder ones. Cat and mouse game for sure.


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:32 pm 
Offline
Jack of Zircons
User avatar

Joined: Thu Nov 09, 2006 9:30 pm
Posts: 4484
Location: California, USA
Tex, do the posts include URL links? That's the most common kind of spam. If they do, how about just rejecting any post that includes "http://"? I did that on my site and I haven't had a single bad post get thru since I did that. If you don't need to allow legitimate links, that might be a first line of defense.


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:42 pm 
Offline
Forum Newbie

Joined: Sat Dec 28, 2013 5:02 pm
Posts: 15
Yes the spammers did post links, but my members do post links that are legitimate as well we share links in our signatures. I hate to loose freedom due to these bandits! Of course pictures of hot babes are OK. Just kidding, I had a long night.

Thanks califdon for introducing my post here on your topic.


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:47 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6424
Location: Montreal, Canada
What about restricting the ability to post links until a certain post count threshold has been reached? Or requiring posts containing links to require moderation until a similar threshold has been reached?

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
PostPosted: Mon Dec 30, 2013 6:55 pm 
Offline
Forum Newbie

Joined: Sat Dec 28, 2013 5:02 pm
Posts: 15
Yeah that is a good idea. I like to also look at code development and detection and auto deletion ideas, such like was mentioned here.


Top
 Profile  
 
PostPosted: Sat May 17, 2014 9:09 pm 
Offline
Forum Newbie

Joined: Tue May 13, 2014 9:54 pm
Posts: 4
2 things I would do is either add captcha and/or not allow posts with links.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 40 posts ]  Go to page Previous  1, 2, 3

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group