G'day Claude,
This is perhaps not the best list to discuss this on, but
its all I have at the moment - I'm
working at the beach in a tent, connecting on line twice a day only to send and
receive emails.
Anyway my anti-spam is a multi-level process, designed to
reduce the number of spam and hack attempts through our guestbook, contact-us
pages, and other on line forms. It
isn't intended to do anything about spam arriving in the email boxes. There
are a lot of better tools than I've
designed for that.
Here's how it works ...
On a datasource accessible to every site I have
responsibility for, I have a table called guestbookbans. It has about 4500 ip
addresses kept there
now. If anyone submits any form to any
of my sites and their ip address is in that table, their submission is
discarded and they get no indication. (I
think its important they get no indication of failure, otherwise they'll try
another address. They just get the
'thank you' page and nothing else happens).
There's a hidden field on every form called something
like "emailaddress". If any
bot fills out the form it will put a value in there. If a submission is
received with a value in
the "emailaddress" field - their ip address is added to the
guestbookbans table and the submission is discarded.
Each form goes through a validation cfc that looks for a
series of factors - different in each case.
If the submission fails any one of the tests - ip address recorded and
submission discarded. The user can keep
on using the form all they like but since their ip address is on the banned
list, nothing is ever going to happen and they wont know about it either.
For example... in
the guestbook for Hawkesbury Radio, we were getting hundreds of submissions a
week with a bot or a human saying "nice site!" So . .if your message says "nice
site!" - banned.
If your location is 'Moscow' or "Mascow" or
"Moscaw" - banned.
If your location and name and email address fields
contain the same data - banned.
Basically I modify the tests I apply as I see new
patterns emerging. E.g. the radio
station is only broadcasting to the Sydney area. So guestbook submissions
from the middle east
or eastern Europe or the Caribbean are not likely to be from our
listeners. Banned.
In the Youth club site I manage, they had a different set
of patterns. A lot of guestbook
submissions beginning with a web link.
So for them . if the 'comments" field begins <a href = banned.
All the sites share the same ban table, so there are
about 35 of them contributing to the list of banned ips, and each gaining the
benefit of the others experiences.
I understand its not perfect. For example any person that's
currently
banned will get a new ip when next they connect to the internet. But as soon
as they post another of their
spam messages to the guestbooks, they get automatically banned again.
It's reduced my spam from this kind of form from
thousands a week to a trickle, with no apparent reduction in service to
legitimate users. As far as I can tell.
Yes, that's the potential problem I'm anxious about -
that I might be banning legitimate users simply because they say "nice
site!" or they are indeed from Moscow.
But no one's complained yet and I hope I'm not just living in a fool's
paradise here.
It's not usable on all forms because some times the
consequences of a false positive are too severe. For example falsely banning
someone ordering
merchandise costs money so we don't want to do that. We'll accept the spam
instead. Falsely banning someone making a comment on
a guestbook is much less of a problem, so we'll live with potentially banning
someone unnecessarily.
The form on the youth club is one where they wont accept
html in the form. SO put html in the
form and you're banned. Put html the
contact-us on my own site and it'll go through (provided other tests pass)
because there are real cases where I want to accept html through that form.
Does that make sense?
Hope it helps. If you want I can
send you my test cfcs off line but I'd rather not post them in a public forum
like this.
Cheers
Mike Kear
Windsor, NSW, Australia
0422 985 585
Adobe Certified Advanced ColdFusion Developer
AFP Webworks Pty Ltd
http://afpwebworks.com
Full Scale ColdFusion hosting from A$15/month
-----Original Message-----
From: Claude Schneegans
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, 15 January 2008 6:06 AM
To: SQL
Subject: Re: SQL to identify duplicates
>>I have
tightened up the code that identifies spammers
Hi,
I'm also working on a "bad bots detection
scheme".
Just for my curiosity, what rules do you use to identify
spammers?
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive: http://www.houseoffusion.com/groups/SQL/message.cfm/messageid:3023
Subscription: http://www.houseoffusion.com/groups/SQL/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.6
