How can I restrict the spammers on my website?

Posted on 2015-01-19
Last Modified: 2015-01-22
Though, I have implemented the "captcha" feature in prayer request form on the website, Still, I get 5-10 spams entries everyday to my inbox. Check the attachments.  Do I need to implement Google reCaptcha or anything else you suggest to block completely?
Question by:Loganathan Natarajan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 110

Accepted Solution

Ray Paseur earned 250 total points
ID: 40557255
This article describes the latest on Captcha.  Google reCaptcha is virtually worthless now because it has been so widely used that it has become a target of attack and is readily defeated.

If you want to post the captcha code you're using now, I may be able to offer some suggestions.
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
ID: 40557277
I suspect you're not going to be able to 'block' that because I believe it was probably typed in like any other message / request.  I've seen a few of those on a couple of the sites I maintain going back a few years.
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40557282
@ Ray Paseur   Thanks for your reference and suggestion.  What is your thought on @Dave Baldwin?  Because I validated the captcha same logic and I am sure it is done but still they fill unwanted data on right way to escape the validation?  So I am concerned how to block that?

Do you want me to replace the current code with your link article? I can do that. Please give your final thoughts.

@Dave Baldwin  , Thanks for your suggestion too.
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

LVL 35

Assisted Solution

Kimputer earned 50 total points
ID: 40557349
If so many are slipping through the cracks, I'm pretty sure your CAPTCHA code has a leak somewhere, and you need to indeed upload your code here for review.
I wrote my own code, the simplest EVERY, depending on ONLY 5 pictures (simple math), of which the outcome has to match the outcome of the math in the picture (which is quite predictable, since the solution to 1.gif is 2, 2.gif is 4, etc, php just pics a random image, and the results page will just check the input of the random number x 2), and it put the spamming to a DEAD stop. Not only is it simple PHP code, it's ALSO very simple for the user (instead of typing a difficult random string of numbers and letters), and somehow no spambot has deciphered it yet. But then again, I know spambots aren't actually doing much deciphering, it's just trying for dumb luck, as I dump the log of IP, shown picture, and what was filled in as security (usually nothing remotely close, mostly random stuff).
It's for this reason I think your PHP code is flawed, and the bots are just posting their input directly, and your code only verifies website input.
Even though my solution might be too simple, if you let the log file run for a few days, it might provide you with some extra info (on how smart the bots really are, and where they're from).
LVL 110

Expert Comment

by:Ray Paseur
ID: 40557356
The point of Captcha is to tell computers and humans apart.  Consider the possibility that may be working perfectly -- you're just seeing gibberish that is put in by humans!  If that's the case, then Captcha is not going to prevent the gibberish.  It's just the online version of littering.  

If this information appears in an online forum, a moderation process is useful.  The kinds of rules that moderators implement are like these:

1. Nobody may post unless they have registered
2. The registration requires email confirmation
3. Until they have some number of accepted posts, their posts are held in embargo until the moderator manually releases the posts
4. If the posts look like spam, the moderator simply deletes the post, or notifies the authorities
5. After some number of deleted posts, the account is deleted (but the email address is retained and marked as "already in use")
LVL 45

Expert Comment

ID: 40557898
In addition to what Ray recommended, have you tried prayer/praying?

I'd love to see a good spammer smiting.
LVL 110

Expert Comment

by:Ray Paseur
ID: 40557936
^^^ @aikimark: Great idea!
LVL 53

Assisted Solution

COBOLdinosaur earned 50 total points
ID: 40558260
Along with the steps that Ray outlined, you can add IP blocking for spammers.  in the form capture the ip address into a hidden input. you can then use something like lookup the ip and it will give you the history of problems with the ip and also give the address needed to block the whole host provider if it is a problematic hosting organization.

Then you just deny from the ip in your .htacces and you will never have to deal with them again.

LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559225
Thanks to all. I am working on Ray's suggestion. Will back.
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 50 total points
ID: 40559361
Google released the new ReCaptcha
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559397
Thanks Michel Plungjan
LVL 34

Assisted Solution

Slick812 earned 50 total points
ID: 40560385
greetings Loganathan Natarajan, , I hope I can help a small amount, although the effectiveness of any Captcha (even complex distorted images) is Much Less now in 2015, than even 5 years ago, due to highly effective server side OCR services for getting text from images. There's no 100% solution to stop "spam" entries, because the spammers are sometimes organizations (businesses) and have high money budgets and experienced coders.

That aside, you might consider "why" or the purpose of the organizations that spam you, They all hope to make money from the spam, if that, then they MUST have a revenue creation, usually a web addy , as in yours -
you might do a php string search for "http://" and then do not show-enter that request. you may also in include a search for "www.", be sure to make sure there is no <script tag in any request.

The suggestion by "Kimputer" for a NON-TEXT word, but other (as a simple math in that case), might be as effective or maybe more than a text entry Captcha. You could have a display line as -
    Which animal makes this sound - "Bark"
and to pass the test the user types  "dog"
     Which animal makes this sound - "Moo"  (ans "cow")
     Which animal makes this sound - "Chirp"  (ans "bird")
     Which animal makes this sound - "Cock-a-doodle-do"  (ans "rooster" "chicken")

I have seen where a small image of an animal is shown, and the user has to type in "cat" or "dog" or "fish" to get a pass.

If you really need more and better restrictions, you might keep your present Captcha, but add 6 radio buttons under it, labeled- cat, dog, fish, bird, monkey, cow, , and show a small animal image for them to use the radios.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

An enjoyable and seamless user experience can go a long way on an eCommerce site. While a cohesive layout and engaging copy play roles in creating a positive user experience, some sites neglect aspects that seem marginal but in actuality prove very …
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question