Hi Matt,
No, I understood completely. I've seen forms with fields hidden by DIVs still
filled out. Some of the less sophisticated spam form fillers I've seen used
simply filled out every field. They were not looking to see what was "visible"
and what wasn't.
CAPTCHA is easy as well... takes similarly just a few minutes to add since
there is so much code in the public domain... and it is much more difficult to
bypass than a hidden DIV is. I'm not saying it's perfect since it is possible
that OCR could be developed to be smart enough to bypass CAPTCHA (though it has
not to date), and it does require an extra step by the website visitor, but it
certainly appears to be the best method currently, and no more difficult to
implement than others that I've seen.
Darin.
----- Original Message -----
From: Matt
To: declude.junkmail@declude.com
Sent: Wednesday, April 09, 2008 10:24 AM
Subject: Re: [Declude.JunkMail] form spam filter
Darin,
I think you missed what I was saying exactly. If the form spammer fills out
the fields that are hidden by DIV's, the E-mail wouldn't be sent by the mailer
script and it would pretend to have been successful.
Spammers use programs to do this stuff, and although they are intelligent
programs, they almost definitely will target fields named "Name" and "E-mail",
and if on their first try they fill these fields in and they get a positive
response from the script, their program will stop trying to fix issues.
I won't claim that this method is 100% effective, but I have used it in some
cases and no one ever said that it didn't do the trick for them. If they got
through that trick, I would ban URL's with a JavaScript alert and then silently
with the mailer script (figuring that no real people would get a URL to the
mailer script).
This is the easiest of all methods to implement. It takes 5 to 10 minutes to
fix a form and you don't hinder your visitors with CAPTCHAs. It's not like
there isn't code being used by spammers elsewhere that read CAPTCHA's anyway,
though I suspect that the current form spammers are not doing that right now.
Matt
Darin Cox wrote:
Hi Matt,
Some do, some don't. I've seen both methods used on some customer sites.
Setting session variables on the form page definitely wouldn't work, as a
spammer that hits the form would receive the same session information anyone
else would.
Certainly checking data against constraints is _always_ important, whether to
prevent hacking, avoid data exceptions, enforce business rules, etc.
The method you outline seems like it would only work if the spammer doesn't
submit to all fields. Some of the attempts we've seen populated all fields, so
this wouldn't work on those.
I'd stick with CAPTCHA as the best and most foolproof method to avoid these
problems. It's fairly easy to implement (there are a number of free examples
in public domain), is familiar to most people filling out the forms, and works
well.
Darin.
----- Original Message -----
From: Matt
To: declude.junkmail@declude.com
Sent: Wednesday, April 09, 2008 8:55 AM
Subject: Re: [Declude.JunkMail] form spam filter
The form spammers are smarter than to go directly to the mail script. They
will hit for the form submission page with what appears to be IE and submit the
form. They even handle cookies correctly.
The trick for form spam is to take fields like your Name and E-mail and
rename the variables to something like "ignore-old-data1" and
"ignore-old-data2" and adjust your mailer script for the new names. Then you
insert new form fields in the form page that are hidden with a DIV and call
them Name and E-mail. Your mailer script should pretend that the E-mail was
successful if these fields have data in them, but you should simply 86 the
actual message. This will trick their testing software into thinking that they
were successful, and the DIV's with visibility hidden will not be seen by
normal visitors. You might also want to put some javascript in the form
submission page that looks for a URL in the form and warn the submitter that
they can't send URL's, and then also have the mailer script silently reject a
submission that has a URL in it. RegEx would be required in both JavaScript
and the ASP or whatever code to do the URL checking.
As far as I know, this seems to work perfectly, but setting session variables
on the form page doesn't do a damn thing.
Matt
Darin Cox wrote:
Since forms all use different emailers, and the form content is different
as well, your only hope is content filtering based on what the spammer
submitted... like SURBL filtering or REGEX on the spammer submission.
These days, web-based form processing pages should minimally check that the
referring page is what it is supposed to be (i.e. the form page submit button
was clicked as opposed to a spammer submitting directly to the form action
URL), and better yet implement CAPTCHA, require a login, or some other similar
security measure.
Darin.
----- Original Message -----
From: Craig Edmonds
To: declude.junkmail@declude.com
Sent: Wednesday, April 09, 2008 3:16 AM
Subject: [Declude.JunkMail] form spam filter
Hi All,
Is there a filter for form spam?
Some clients complain that they get form spammers sending in junk via their
web forms.
Some clients have captchas on their forms some don't, but I would like to
be able to filter out the junk at declude level.
Any ideas?
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com
E : [EMAIL PROTECTED]
LEGAL DISCLAIMER - This message may contain confidential, proprietary or
legally privileged information and is intended only for the use of the
addressee named above. If you are not the intended recipient of this message
you are hereby informed that you must not use, disseminate, copy it in any form
or take any action in reliance on it. If you have received this message in
error please delete it and any copies of it and notify it to the sender.
AVISO LEGAL - Este mensaje puede contener informacion confidencial, en
propiedad o legalmente protegida y esta dirigida unicamente para el uso de la
persona destinataria. Si usted no es la persona destinataria de este mensaje,
por la presente se le comunica que no debe usar, difundir, copiar de ninguna
forma, ni emprender ninguna accion en relacion con ella.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
