| Author |
Message |
crypto
Worker
Joined: Aug 02, 2004
Posts: 105
|
 Posted:
Wed Aug 30, 2006 3:05 am |
 
|
Hi! I'm running latest Ravennuke version and lately I have got lots of spam messages which are submitted via submit feedback webpage. I believe that those are made with some kind of harvesting tool?
Can there be done some extra protection somehow so spammers cannot spam via submit feedback page (e.g. you have to type several security numbers manually). I dont want to put feedback page to registered-members-only page. Now I have to add manully those IP's to blocked IP table.
Is there any ideas how to get protection against those spam feedbacks?
Have you met also this kind of problems? |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 4868
|
| Posted:
Wed Aug 30, 2006 3:24 am |
|
This is part of my 'pet project' - spam stopper.
Automated abuse of the feedback module can be dramatically reduced by using CAPTCHA's though I have not got around to integrating one yet.
More than likely though, it will be a manual entry, i.e. a real human sending you spam you can usually tell by if the volume od spam is small.
I'm working on modifying the Feedback module to include hidden fields (referer, IP etc) to be sent to the admin.
Another approach I'm working on is to use a similar approach used by the account registration process - the spammer (whether its a human or bot) submits the feedabck, they are then sent a confirmation link in an email before the feedback is sent to the admin.
However, if you turn the feedback module permission to 'registered user' (which is not the ideal situation) you'll find all the spam stops immediately - why is that then?
Simple, they cannot be bothered to register, they are too bust sending spam and move on to another target. |
|
|
 
|
|
crypto
Worker
Joined: Aug 02, 2004
Posts: 105
|
| Posted:
Wed Aug 30, 2006 4:07 am |
|
I have enabled IP information to the feedback form and it look likes this:
- - - - - - - - - - - -
IP-address: xxx.xxx.xxx.xxx
Browser: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
What do you think about to implementing security code to feedback page? Can this be done easily? Then all bot feedbacks are denied because bot cannot read security code. |
|
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 4868
|
| Posted:
Wed Aug 30, 2006 6:15 am |
|
The more sophisticated bots CAN read the security codes we just need to develop solutions that make it more difficult for them, whilst not making it too difficult for those who genuinely want to leave feedback. |
|
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 2287
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Wed Aug 30, 2006 7:01 am |
|
crypto
if its the same kind of spam e.g. "Hello, nice site" do a search on google for this title you will find the most IPs from those spammers and you can ban them easily with cidr in your htaccess. |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
