Spammers

[reed0427]

Recently we discovered our unused forum was being used by spammers and causing us to exceed our bandwidth limit.

The forum had been added when the new site at phpVMS was created, but we decided to use our old forum instead. The new forum sat idle until I approved a few new memberships from new hires in Afghanistan. I decided soon after that the applicants were bogus and deleted them from the roster, rejecting all future applicants too. (I think that Afghanistan doesn't reflect any Al Qeida connection. Afghanistan is just the first name on the country list).

We deleted the forum a couple of days ago and ever since I'm getting new Afghanistan applicants at the rate of about 15 per hour. Non-stop. Does anyone have any suggestions?

[mark1million]

Look at their IP address and ban it from your server.

[freshJet]

What are the names and emails?

[reed0427]

All different. Names and emails are different for each one, like some program is randomly generating them. Even the names often make no sense. Example:

Name: Rmesnt1900 Rmesnt1900 email: gmoeli1959@yahoo.co.uk

[Strider]

The easy give away of a spammer, he will always choose Afghanistan as his country, and whatever VA is the first in the list. They don't bother to search for another country. Get the person's IP and ban it.

[reed0427]

Been doing that. Most can be banned, but others are either unrecognized or too common, like gmail.com or yahoo.com. Too many legitimate pilots use these email sites.

[Strider]

It isn't always the email that will give them away, it is the country they select that gives them away all the time. They never change drop downs.

[stuartpb]

It isn't always the email that will give them away, it is the country they select that gives them away all the time. They never change drop downs.

There is an effective trick I use on some registration forms, and that is to have a hidden input field (with something like name as the field title) on the form. a spam engine will enter text into the field, even though it's hidden and not viewable in the html output. I then wrote into the form handler a function whereby any submitted forms with the hidden field completed would be discarded. The spambots look for common fields in forms, and will try to complete these fields, so choosing something like name for the title will usually catch the spambots out. When a pilot completes the form, they don't see the hidden field, so it remains empty and the form gets processed as normal. It's not 100% effective, but then nothing is when it comes to anti spambots.

[Tom]

Check the code snippets forum. I posed some code to prevent spammers. 100% effective for me.

[Strider]

There is an effective trick I use on some registration forms, and that is to have a hidden input field (with something like name as the field title) on the form. a spam engine will enter text into the field, even though it's hidden and not viewable in the html output. I then wrote into the form handler a function whereby any submitted forms with the hidden field completed would be discarded. The spambots look for common fields in forms, and will try to complete these fields, so choosing something like name for the title will usually catch the spambots out. When a pilot completes the form, they don't see the hidden field, so it remains empty and the form gets processed as normal. It's not 100% effective, but then nothing is when it comes to anti spambots.

What I said though is effective too, as I have gotten spam bots too, and they always use the same country of origin, and the same airline, I have 3 airlines using the same phpvms install, and the first airline is always used. Your way will catch them out, but if you don't know the code you use, knowing what to look for is the next best thing.

[stuartpb]

it was my tutor at uni who taught us this trick, and the website he gave us the info from is here:

http://www.advancedhtml.co.uk/hidden-field-spam-trap-for-phpformmail/

You just need to adapt the form handler to suit the phpVMS form handlers.

[Strider]

My reply still stands. As you said, nothing is really 100% going to work, but at least knowing what to look for, if you have no spam traps, is the next best thing.

[Tom]

My reply still stands. As you said, nothing is really 100% going to work, but at least knowing what to look for, if you have no spam traps, is the next best thing.

http://forum.phpvms.net/topic/5110-prevent-known-spammers/

Prevented 100% of spam registrations on a site that used to get 3-5 a day.

It is updated when other people get them, so you're almost never going to get a new spammer to you first.

[Strider]

I know, but if you dont have that, what I said, still stands. You guys don't seem to realise, that knowing what to look for works just as well. I am not saying that doesn't work, just another way of checking, as I have that code, in the right place, yet I still get the odd spambot, so it is not working 100% for me.

[stuartpb]

My reply still stands. As you said, nothing is really 100% going to work, but at least knowing what to look for, if you have no spam traps, is the next best thing.

I'm not trying to say you are wrong, I was merely offering another way to deal with spam. You seem to have got me wrong there?

@Tom, I've never seen that post, so thanks I'm going to use that for my site

[Strider]

All part of the discussion my good friend.

EDIT: Why did I get an ad for a dating service on a forum dedicated to flight simulation??? lol, is it trying to tell me something?

Edited July 26, 2011 by Mr.Bean

[stuartpb]

Get out more, you know it makes sense!

[Strider]

Man I think Nabeel wants us all to get out more and get a life haha, yet another online dating service ad. I get out plenty. Just not interested in any of the girls near me.

[reed0427]

Good ideas, I'll try them. I've been adding ip's in IP Deny Manager, but they still keep coming, even from the one's I denied, like aol.com, gmail.com, etc. Last night I got 198 spammer applications. The fight goes on...

[mark1million]

For the time being i would close your registrations for a few days, clearly someone has targeted your site for some reason.