Solved

How can I restrict the spammers on my website?

Posted on 2015-01-19
12
195 Views
Last Modified: 2015-01-22
Though, I have implemented the "captcha" feature in prayer request form on the website, Still, I get 5-10 spams entries everyday to my inbox. Check the attachments.  Do I need to implement Google reCaptcha or anything else you suggest to block completely?
input-form.png
output-spam.png
0
Comment
Question by:Loganathan Natarajan
12 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
Comment Utility
This article describes the latest on Captcha.  Google reCaptcha is virtually worthless now because it has been so widely used that it has become a target of attack and is readily defeated.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_9849-Making-CAPTCHA-Friendlier-with-PHP-Image-Manipulation.html

If you want to post the captcha code you're using now, I may be able to offer some suggestions.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
Comment Utility
I suspect you're not going to be able to 'block' that because I believe it was probably typed in like any other message / request.  I've seen a few of those on a couple of the sites I maintain going back a few years.
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
Comment Utility
@ Ray Paseur   Thanks for your reference and suggestion.  What is your thought on @Dave Baldwin?  Because I validated the captcha same logic and I am sure it is done but still they fill unwanted data on right way to escape the validation?  So I am concerned how to block that?

Do you want me to replace the current code with your link article? I can do that. Please give your final thoughts.

@Dave Baldwin  , Thanks for your suggestion too.
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 50 total points
Comment Utility
If so many are slipping through the cracks, I'm pretty sure your CAPTCHA code has a leak somewhere, and you need to indeed upload your code here for review.
I wrote my own code, the simplest EVERY, depending on ONLY 5 pictures (simple math), of which the outcome has to match the outcome of the math in the picture (which is quite predictable, since the solution to 1.gif is 2, 2.gif is 4, etc, php just pics a random image, and the results page will just check the input of the random number x 2), and it put the spamming to a DEAD stop. Not only is it simple PHP code, it's ALSO very simple for the user (instead of typing a difficult random string of numbers and letters), and somehow no spambot has deciphered it yet. But then again, I know spambots aren't actually doing much deciphering, it's just trying for dumb luck, as I dump the log of IP, shown picture, and what was filled in as security (usually nothing remotely close, mostly random stuff).
It's for this reason I think your PHP code is flawed, and the bots are just posting their input directly, and your code only verifies website input.
Even though my solution might be too simple, if you let the log file run for a few days, it might provide you with some extra info (on how smart the bots really are, and where they're from).
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
The point of Captcha is to tell computers and humans apart.  Consider the possibility that may be working perfectly -- you're just seeing gibberish that is put in by humans!  If that's the case, then Captcha is not going to prevent the gibberish.  It's just the online version of littering.  

If this information appears in an online forum, a moderation process is useful.  The kinds of rules that moderators implement are like these:

1. Nobody may post unless they have registered
2. The registration requires email confirmation
3. Until they have some number of accepted posts, their posts are held in embargo until the moderator manually releases the posts
4. If the posts look like spam, the moderator simply deletes the post, or notifies the authorities
5. After some number of deleted posts, the account is deleted (but the email address is retained and marked as "already in use")
0
 
LVL 45

Expert Comment

by:aikimark
Comment Utility
In addition to what Ray recommended, have you tried prayer/praying?

I'd love to see a good spammer smiting.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
^^^ @aikimark: Great idea!
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 50 total points
Comment Utility
Along with the steps that Ray outlined, you can add IP blocking for spammers.  in the form capture the ip address into a hidden input. you can then use something like http://www.apews.org/to lookup the ip and it will give you the history of problems with the ip and also give the address needed to block the whole host provider if it is a problematic hosting organization.

Then you just deny from the ip in your .htacces and you will never have to deal with them again.

Cd&
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
Comment Utility
Thanks to all. I am working on Ray's suggestion. Will back.
0
 
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 50 total points
Comment Utility
Google released the new ReCaptcha

https://www.google.com/recaptcha/intro/index.html
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
Comment Utility
Thanks Michel Plungjan
0
 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 50 total points
Comment Utility
greetings Loganathan Natarajan, , I hope I can help a small amount, although the effectiveness of any Captcha (even complex distorted images) is Much Less now in 2015, than even 5 years ago, due to highly effective server side OCR services for getting text from images. There's no 100% solution to stop "spam" entries, because the spammers are sometimes organizations (businesses) and have high money budgets and experienced coders.

That aside, you might consider "why" or the purpose of the organizations that spam you, They all hope to make money from the spam, if that, then they MUST have a revenue creation, usually a web addy , as in yours -
    http://nufevwzwhyu,com
you might do a php string search for "http://" and then do not show-enter that request. you may also in include a search for "www.", be sure to make sure there is no <script tag in any request.

The suggestion by "Kimputer" for a NON-TEXT word, but other (as a simple math in that case), might be as effective or maybe more than a text entry Captcha. You could have a display line as -
    Which animal makes this sound - "Bark"
and to pass the test the user types  "dog"
     Which animal makes this sound - "Moo"  (ans "cow")
     Which animal makes this sound - "Chirp"  (ans "bird")
     Which animal makes this sound - "Cock-a-doodle-do"  (ans "rooster" "chicken")

I have seen where a small image of an animal is shown, and the user has to type in "cat" or "dog" or "fish" to get a pass.

If you really need more and better restrictions, you might keep your present Captcha, but add 6 radio buttons under it, labeled- cat, dog, fish, bird, monkey, cow, , and show a small animal image for them to use the radios.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Read about why website design really matters in today's demanding market.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now