Darin,
I think you missed what I was saying exactly. If the form spammer fills
out the fields that are hidden by DIV's, the E-mail wouldn't be sent by
the mailer script and it would pretend to have been successful.
Spammers use programs to do this stuff, and although they are
intelligent programs, they almost definitely will target fields named
"Name" and "E-mail", and if on their first try they fill these fields in
and they get a positive response from the script, their program will
stop trying to fix issues.
I won't claim that this method is 100% effective, but I have used it in
some cases and no one ever said that it didn't do the trick for them.
If they got through that trick, I would ban URL's with a JavaScript
alert and then silently with the mailer script (figuring that no real
people would get a URL to the mailer script).
This is the easiest of all methods to implement. It takes 5 to 10
minutes to fix a form and you don't hinder your visitors with CAPTCHAs.
It's not like there isn't code being used by spammers elsewhere that
read CAPTCHA's anyway, though I suspect that the current form spammers
are not doing that right now.
Matt
Darin Cox wrote:
Hi Matt,
Some do, some don't. I've seen both methods used on some customer sites.
Setting session variables on the form page definitely wouldn't work,
as a spammer that hits the form would receive the same session
information anyone else would.
Certainly checking data against constraints is _always_ important,
whether to prevent hacking, avoid data exceptions, enforce business
rules, etc.
The method you outline seems like it would only work if the spammer
doesn't submit to all fields. Some of the attempts we've seen
populated all fields, so this wouldn't work on those.
I'd stick with CAPTCHA as the best and most foolproof method to avoid
these problems. It's fairly easy to implement (there are a number of
free examples in public domain), is familiar to most people filling
out the forms, and works well.
Darin.
----- Original Message -----
*From:* Matt <mailto:[EMAIL PROTECTED]>
*To:* declude.junkmail@declude.com <mailto:declude.junkmail@declude.com>
*Sent:* Wednesday, April 09, 2008 8:55 AM
*Subject:* Re: [Declude.JunkMail] form spam filter
The form spammers are smarter than to go directly to the mail script.
They will hit for the form submission page with what appears to be IE
and submit the form. They even handle cookies correctly.
The trick for form spam is to take fields like your Name and E-mail
and rename the variables to something like "ignore-old-data1" and
"ignore-old-data2" and adjust your mailer script for the new names.
Then you insert new form fields in the form page that are hidden with
a DIV and call them Name and E-mail. Your mailer script should
pretend that the E-mail was successful if these fields have data in
them, but you should simply 86 the actual message. This will trick
their testing software into thinking that they were successful, and
the DIV's with visibility hidden will not be seen by normal visitors.
You might also want to put some javascript in the form submission page
that looks for a URL in the form and warn the submitter that they
can't send URL's, and then also have the mailer script silently reject
a submission that has a URL in it. RegEx would be required in both
JavaScript and the ASP or whatever code to do the URL checking.
As far as I know, this seems to work perfectly, but setting session
variables on the form page doesn't do a damn thing.
Matt
Darin Cox wrote:
Since forms all use different emailers, and the form content is
different as well, your only hope is content filtering based on what
the spammer submitted... like SURBL filtering or REGEX on the spammer
submission.
These days, web-based form processing pages should minimally check
that the referring page is what it is supposed to be (i.e. the form
page submit button was clicked as opposed to a spammer submitting
directly to the form action URL), and better yet implement CAPTCHA,
require a login, or some other similar security measure.
Darin.
----- Original Message -----
*From:* Craig Edmonds <mailto:[EMAIL PROTECTED]>
*To:* declude.junkmail@declude.com <mailto:declude.junkmail@declude.com>
*Sent:* Wednesday, April 09, 2008 3:16 AM
*Subject:* [Declude.JunkMail] form spam filter
Hi All,
Is there a filter for form spam?
Some clients complain that they get form spammers sending in junk via
their web forms.
Some clients have captchas on their forms some don't, but I would
like to be able to filter out the junk at declude level.
Any ideas?
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com <http://www.123marbella.com>
E : [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
LEGAL DISCLAIMER - This message may contain confidential, proprietary
or legally privileged information and is intended only for the use of
the addressee named above. If you are not the intended recipient of
this message you are hereby informed that you must not use,
disseminate, copy it in any form or take any action in reliance on
it. If you have received this message in error please delete it and
any copies of it and notify it to the sender.
AVISO LEGAL - Este mensaje puede contener informacion confidencial,
en propiedad o legalmente protegida y esta dirigida unicamente para
el uso de la persona destinataria. Si usted no es la persona
destinataria de este mensaje, por la presente se le comunica que no
debe usar, difundir, copiar de ninguna forma, ni emprender ninguna
accion en relacion con ella.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
