Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How can I restrict the spammers on my website?

Posted on 2015-01-19
Medium Priority
Last Modified: 2015-01-22
Though, I have implemented the "captcha" feature in prayer request form on the website, Still, I get 5-10 spams entries everyday to my inbox. Check the attachments.  Do I need to implement Google reCaptcha or anything else you suggest to block completely?
Question by:Loganathan Natarajan
LVL 111

Accepted Solution

Ray Paseur earned 1000 total points
ID: 40557255
This article describes the latest on Captcha.  Google reCaptcha is virtually worthless now because it has been so widely used that it has become a target of attack and is readily defeated.

If you want to post the captcha code you're using now, I may be able to offer some suggestions.
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 40557277
I suspect you're not going to be able to 'block' that because I believe it was probably typed in like any other message / request.  I've seen a few of those on a couple of the sites I maintain going back a few years.
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40557282
@ Ray Paseur   Thanks for your reference and suggestion.  What is your thought on @Dave Baldwin?  Because I validated the captcha same logic and I am sure it is done but still they fill unwanted data on right way to escape the validation?  So I am concerned how to block that?

Do you want me to replace the current code with your link article? I can do that. Please give your final thoughts.

@Dave Baldwin  , Thanks for your suggestion too.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 37

Assisted Solution

Kimputer earned 200 total points
ID: 40557349
If so many are slipping through the cracks, I'm pretty sure your CAPTCHA code has a leak somewhere, and you need to indeed upload your code here for review.
I wrote my own code, the simplest EVERY, depending on ONLY 5 pictures (simple math), of which the outcome has to match the outcome of the math in the picture (which is quite predictable, since the solution to 1.gif is 2, 2.gif is 4, etc, php just pics a random image, and the results page will just check the input of the random number x 2), and it put the spamming to a DEAD stop. Not only is it simple PHP code, it's ALSO very simple for the user (instead of typing a difficult random string of numbers and letters), and somehow no spambot has deciphered it yet. But then again, I know spambots aren't actually doing much deciphering, it's just trying for dumb luck, as I dump the log of IP, shown picture, and what was filled in as security (usually nothing remotely close, mostly random stuff).
It's for this reason I think your PHP code is flawed, and the bots are just posting their input directly, and your code only verifies website input.
Even though my solution might be too simple, if you let the log file run for a few days, it might provide you with some extra info (on how smart the bots really are, and where they're from).
LVL 111

Expert Comment

by:Ray Paseur
ID: 40557356
The point of Captcha is to tell computers and humans apart.  Consider the possibility that may be working perfectly -- you're just seeing gibberish that is put in by humans!  If that's the case, then Captcha is not going to prevent the gibberish.  It's just the online version of littering.  

If this information appears in an online forum, a moderation process is useful.  The kinds of rules that moderators implement are like these:

1. Nobody may post unless they have registered
2. The registration requires email confirmation
3. Until they have some number of accepted posts, their posts are held in embargo until the moderator manually releases the posts
4. If the posts look like spam, the moderator simply deletes the post, or notifies the authorities
5. After some number of deleted posts, the account is deleted (but the email address is retained and marked as "already in use")
LVL 46

Expert Comment

ID: 40557898
In addition to what Ray recommended, have you tried prayer/praying?

I'd love to see a good spammer smiting.
LVL 111

Expert Comment

by:Ray Paseur
ID: 40557936
^^^ @aikimark: Great idea!
LVL 53

Assisted Solution

COBOLdinosaur earned 200 total points
ID: 40558260
Along with the steps that Ray outlined, you can add IP blocking for spammers.  in the form capture the ip address into a hidden input. you can then use something like http://www.apews.org/to lookup the ip and it will give you the history of problems with the ip and also give the address needed to block the whole host provider if it is a problematic hosting organization.

Then you just deny from the ip in your .htacces and you will never have to deal with them again.

LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559225
Thanks to all. I am working on Ray's suggestion. Will back.
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 200 total points
ID: 40559361
Google released the new ReCaptcha

LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559397
Thanks Michel Plungjan
LVL 35

Assisted Solution

Slick812 earned 200 total points
ID: 40560385
greetings Loganathan Natarajan, , I hope I can help a small amount, although the effectiveness of any Captcha (even complex distorted images) is Much Less now in 2015, than even 5 years ago, due to highly effective server side OCR services for getting text from images. There's no 100% solution to stop "spam" entries, because the spammers are sometimes organizations (businesses) and have high money budgets and experienced coders.

That aside, you might consider "why" or the purpose of the organizations that spam you, They all hope to make money from the spam, if that, then they MUST have a revenue creation, usually a web addy , as in yours -
you might do a php string search for "http://" and then do not show-enter that request. you may also in include a search for "www.", be sure to make sure there is no <script tag in any request.

The suggestion by "Kimputer" for a NON-TEXT word, but other (as a simple math in that case), might be as effective or maybe more than a text entry Captcha. You could have a display line as -
    Which animal makes this sound - "Bark"
and to pass the test the user types  "dog"
     Which animal makes this sound - "Moo"  (ans "cow")
     Which animal makes this sound - "Chirp"  (ans "bird")
     Which animal makes this sound - "Cock-a-doodle-do"  (ans "rooster" "chicken")

I have seen where a small image of an animal is shown, and the user has to type in "cat" or "dog" or "fish" to get a pass.

If you really need more and better restrictions, you might keep your present Captcha, but add 6 radio buttons under it, labeled- cat, dog, fish, bird, monkey, cow, , and show a small animal image for them to use the radios.

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question