CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
Stopping a spam bot from spamming my guestbook?

 



daveyp225
Novice

Sep 29, 2008, 10:00 PM

Post #1 of 9 (3565 views)
Stopping a spam bot from spamming my guestbook? Can't Post

Hey everyone. I made a very simple guestbook script and it seems a spam-bot has found me on my lil' site.

At first I thought I fixed it by requiring the poster to add two numbers together before submitting -- but its still getting through!

I used perl to generate two random integers between 0 and 9 and its check two ways to make sure it was done by the user:

1) Javascript. First a function checks to see if the sum is right then does a form.submit() if it is.

2) Perl. The two random integers are passed along with the value in my textbox "sum" to my "guestbook.pl" page, which checks to make sure it is correct before writing to a guestbook entries file.

But the bot is still able to get through :(. Mind you, it used to be hundreds of messages a day. Now its just two every few days. Any ideas?

Thanks.


KevinR
Veteran


Sep 29, 2008, 11:31 PM

Post #2 of 9 (3562 views)
Re: [daveyp225] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

I think your anti-spam efforts are working. If you are getting a couple of spams every few days that is probably a human. You can stop the bots but not the idiot humans.
-------------------------------------------------


sycoogtit
User

Sep 30, 2008, 4:36 AM

Post #3 of 9 (3558 views)
Re: [KevinR] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

I agree. Just as an interesting FYI, a very cool anti-spam tool you could use is http://recaptcha.net/.

--
http://bunsooter.com


daveyp225
Novice

Oct 2, 2008, 6:52 AM

Post #4 of 9 (3536 views)
Re: [daveyp225] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

Hmmm. Weird how as soon as I post this question I get heavily spammed. Unless he/she has some kind of mental handicap and spamming fetish, I refuse to believe a human can do THIS:

http://daveyp.net/guest_book.pl?&post=no

How is the bot posting? Anyone? :\


KevinR
Veteran


Oct 2, 2008, 12:23 PM

Post #5 of 9 (3525 views)
Re: [daveyp225] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

Does the perl script also check the value of the question on the server side? If not its easy to submit the form with a bot that bypasses the javascript checks.
-------------------------------------------------


sycoogtit
User

Oct 3, 2008, 7:26 AM

Post #6 of 9 (3517 views)
Re: [KevinR] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

You should try recaptcha.

--
http://bunsooter.com


daveyp225
Novice

Oct 3, 2008, 5:11 PM

Post #7 of 9 (3505 views)
Re: [KevinR] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post


In Reply To
Does the perl script also check the value of the question on the server side? If not its easy to submit the form with a bot that bypasses the javascript checks.


Yes, thats why I'm confused here. I can see how a bot could just read the source, find the destination of the form and send all the fields I list on the site. However, I use perl to verify that the passed sum (from the text box) is equal to the sum of the two passed random numbers before I open and write to the file.

I will choose recaptcha if all else fails. But first I was thinking about creating a catalog of like 20 easy questions (like "what color is the sky") instead and ask one at random. I just want to figure out why this is happening (I'm intrigued even)... could it be the bot knows what my method of security is?


(This post was edited by daveyp225 on Oct 3, 2008, 5:12 PM)


KevinR
Veteran


Oct 3, 2008, 5:43 PM

Post #8 of 9 (3502 views)
Re: [daveyp225] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

personally, I think you have a human spamming your forum, you'd be surprised how little life some people have. I had a bulletin board years ago that some jerk used to practice his spam posts on. There was no way to stop him from posting, even banned his IP address but he just switched IP addresses somehow. I finally just shut it down out of frustration.
-------------------------------------------------


sycoogtit
User

Oct 9, 2008, 12:17 PM

Post #9 of 9 (3286 views)
Re: [KevinR] Stopping a spam bot from spamming my guestbook? [In reply to] Can't Post

Okay guys, this got me thinking. I agree that humans are spamming your guestbook. Looking at it the last few days has shown a small increase (relatively speaking) in spam each day. I also have a forum site, and I'm happy that spammers haven't found it... yet.

I was thinking an AI-type filter would be great because it could learn new spam tricks and not be limited to things like keywords, IP addresses, etc. It would base it's logic on the human language. I found a very cool free tool called CRM114 (http://crm114.sourceforge.net/).

I wrapped a perl script around CRM114 and played with the messages you've been getting on your guestbook. After only a few training examples, it's doing really well on correctly labeling spam! Cool!

I've put this script online, and it's freely available (after all, CRM114 does all the work). You have to apply for an ID, but that's just to fight spammers from using it. Check it out. I'm really interested to see if it stops your spam!

The API and other stuff is located at http://crm-perl.maladorsoftware.com/.

Of course there will be some messages that are incorrectly labeled, so let me know of those messages using the form on the above page.

Everyone else is free to use it too! The more people that use it, the stronger the filter!

--
http://bunsooter.com

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives