php-general Digest 13 Oct 2012 18:45:23 -0000 Issue 8005

[php-general-digest-help]

php-general Digest 13 Oct 2012 18:45:23 -0000 Issue 8005

Topics (messages 319441 through 319443):

Re: Beneficial site spamming framework
        319441 by: Maciek Sokolewicz
        319442 by: Ashley Sheridan
        319443 by: Maciek Sokolewicz

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

On 13-10-2012 01:55, Ashley Sheridan wrote:

On Fri, 2012-10-12 at 01:59 +0200, Maciek Sokolewicz wrote:

On 11-10-2012 22:18, Ashley Sheridan wrote:

I've been getting spam comments on my personal blog (runs on
self-written PHP blog software). I'd like to test some methods I've
devised to prevent or block it. Does anyone know of a very

lightweight

framework for simulating an automated "form fill-out" on a site?
Something where you could just add some code to designate the site

for

the "attack" and then what fields you wanted to send?

This should be a relatively simple task for PHP and curl, but I'm not
really familiar with the headers and that part of the HTTP

conversation.

Yes, I know this is a risky question for a public list. Feel free to
contact me privately if you think the answer shouldn't be in the
archives of a public list. Likewise, if you can point me to a source

of

quickly absorbable research on the subject. I frankly don't know how

I'd

google such a thing.

Paul

--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

To avoid having to create your own anti-spam system, I recommend Akismet, which 
weights posts allowing you to set a rejection threshold. The great thing is 
that it is constantly improving over time.

I've recently looked into the more modern captcha systems. I personally
can't stand the "standard" captcha of having to decipher what characters
are present on a distorted image. The last few years I've noticed that
more and more often I can't decipher what an image is supposed to say.
And after a few tries of unsuccesful replying what the image says, I
just give up. This seems to be a reverse-Turing-test by now. Computers
being able to guess better than humans.

Anyway, I wrote my own captcha system. I've noticed that simple things
like "what is the capital of the USA?" and then being able to choose
"Hong-Kong, Washington or Rome" or a question like "Is water wet or
dry?" work very very well. Just make up a bunch of these, and then
randomly pick one to have people answer on your blog. It completely
stopped registration spam on my forum. Simply because bots don't
understand such questions.

- Tul

There's a slight irony that this message got posted to the list 5 times,
given the topic :p

Haha, good point. I forgot to remove half of the reply-to addresses from the message (thus sending it to both the newsgroup and the mailinglist); still that should send it only twice, not 5 times(??). Oh well... :)

- Tul

--- End Message ---

--- Begin Message ---

On Sat, 2012-10-13 at 08:57 +0200, Maciek Sokolewicz wrote:

> On 13-10-2012 01:55, Ashley Sheridan wrote:
> > On Fri, 2012-10-12 at 01:59 +0200, Maciek Sokolewicz wrote:
> >
> >> On 11-10-2012 22:18, Ashley Sheridan wrote:
> >>>>> I've been getting spam comments on my personal blog (runs on
> >>>>> self-written PHP blog software). I'd like to test some methods I've
> >>>>> devised to prevent or block it. Does anyone know of a very
> >>>> lightweight
> >>>>> framework for simulating an automated "form fill-out" on a site?
> >>>>> Something where you could just add some code to designate the site
> >>>> for
> >>>>> the "attack" and then what fields you wanted to send?
> >>>>>
> >>>>> This should be a relatively simple task for PHP and curl, but I'm not
> >>>>> really familiar with the headers and that part of the HTTP
> >>>> conversation.
> >>>>> Yes, I know this is a risky question for a public list. Feel free to
> >>>>> contact me privately if you think the answer shouldn't be in the
> >>>>> archives of a public list. Likewise, if you can point me to a source
> >>>> of
> >>>>> quickly absorbable research on the subject. I frankly don't know how
> >>>> I'd
> >>>>> google such a thing.
> >>>>>
> >>>>> Paul
> >>>>>
> >>>>> --
> >>>>> Paul M. Foster
> >>>>> http://noferblatz.com
> >>>>> http://quillandmouse.com
> >>>>>
> >>>>> --
> >>>>> PHP General Mailing List (http://www.php.net/)
> >>>>> To unsubscribe, visit: http://www.php.net/unsub.php
> >>>>>
> >>>
> >>> To avoid having to create your own anti-spam system, I recommend Akismet, 
> >>> which weights posts allowing you to set a rejection threshold. The great 
> >>> thing is that it is constantly improving over time.
> >>>
> >> I've recently looked into the more modern captcha systems. I personally
> >> can't stand the "standard" captcha of having to decipher what characters
> >> are present on a distorted image. The last few years I've noticed that
> >> more and more often I can't decipher what an image is supposed to say.
> >> And after a few tries of unsuccesful replying what the image says, I
> >> just give up. This seems to be a reverse-Turing-test by now. Computers
> >> being able to guess better than humans.
> >>
> >> Anyway, I wrote my own captcha system. I've noticed that simple things
> >> like "what is the capital of the USA?" and then being able to choose
> >> "Hong-Kong, Washington or Rome" or a question like "Is water wet or
> >> dry?" work very very well. Just make up a bunch of these, and then
> >> randomly pick one to have people answer on your blog. It completely
> >> stopped registration spam on my forum. Simply because bots don't
> >> understand such questions.
> >>
> >> - Tul
> >
> >
> > There's a slight irony that this message got posted to the list 5 times,
> > given the topic :p
> >
> Haha, good point. I forgot to remove half of the reply-to addresses from 
> the message (thus sending it to both the newsgroup and the mailinglist); 
> still that should send it only twice, not 5 times(??). Oh well... :)
> 
> - Tul


I think it might be an issue with your email client/server, as this one
just came through 3 times too! 

-- 
Thanks,
Ash
http://www.ashleysheridan.co.uk

--- End Message ---

--- Begin Message ---

On 13-10-2012 09:24, Ashley Sheridan wrote:

I think it might be an issue with your email client/server, as this one
just came through 3 times too!

That is very odd, because it only shows up once in the newsgroup, only once in my own mailclient (Thunderbird) and only once in the archives of marc.info.

Are you sure the problem isn't on your end? Perhaps someone else could confirm/deny the recieving of my previous message to the list 3x? I'm willing to try and fix whatever might be causing it, but I can't really find any proof of anything going wrong?

- Tul

--- End Message ---