Solved

How can I restrict the spammers on my website?

Posted on 2015-01-19
12
200 Views
Last Modified: 2015-01-22
Though, I have implemented the "captcha" feature in prayer request form on the website, Still, I get 5-10 spams entries everyday to my inbox. Check the attachments.  Do I need to implement Google reCaptcha or anything else you suggest to block completely?
input-form.png
output-spam.png
0
Comment
Question by:Loganathan Natarajan
12 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 40557255
This article describes the latest on Captcha.  Google reCaptcha is virtually worthless now because it has been so widely used that it has become a target of attack and is readily defeated.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_9849-Making-CAPTCHA-Friendlier-with-PHP-Image-Manipulation.html

If you want to post the captcha code you're using now, I may be able to offer some suggestions.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
ID: 40557277
I suspect you're not going to be able to 'block' that because I believe it was probably typed in like any other message / request.  I've seen a few of those on a couple of the sites I maintain going back a few years.
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40557282
@ Ray Paseur   Thanks for your reference and suggestion.  What is your thought on @Dave Baldwin?  Because I validated the captcha same logic and I am sure it is done but still they fill unwanted data on right way to escape the validation?  So I am concerned how to block that?

Do you want me to replace the current code with your link article? I can do that. Please give your final thoughts.

@Dave Baldwin  , Thanks for your suggestion too.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 50 total points
ID: 40557349
If so many are slipping through the cracks, I'm pretty sure your CAPTCHA code has a leak somewhere, and you need to indeed upload your code here for review.
I wrote my own code, the simplest EVERY, depending on ONLY 5 pictures (simple math), of which the outcome has to match the outcome of the math in the picture (which is quite predictable, since the solution to 1.gif is 2, 2.gif is 4, etc, php just pics a random image, and the results page will just check the input of the random number x 2), and it put the spamming to a DEAD stop. Not only is it simple PHP code, it's ALSO very simple for the user (instead of typing a difficult random string of numbers and letters), and somehow no spambot has deciphered it yet. But then again, I know spambots aren't actually doing much deciphering, it's just trying for dumb luck, as I dump the log of IP, shown picture, and what was filled in as security (usually nothing remotely close, mostly random stuff).
It's for this reason I think your PHP code is flawed, and the bots are just posting their input directly, and your code only verifies website input.
Even though my solution might be too simple, if you let the log file run for a few days, it might provide you with some extra info (on how smart the bots really are, and where they're from).
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40557356
The point of Captcha is to tell computers and humans apart.  Consider the possibility that may be working perfectly -- you're just seeing gibberish that is put in by humans!  If that's the case, then Captcha is not going to prevent the gibberish.  It's just the online version of littering.  

If this information appears in an online forum, a moderation process is useful.  The kinds of rules that moderators implement are like these:

1. Nobody may post unless they have registered
2. The registration requires email confirmation
3. Until they have some number of accepted posts, their posts are held in embargo until the moderator manually releases the posts
4. If the posts look like spam, the moderator simply deletes the post, or notifies the authorities
5. After some number of deleted posts, the account is deleted (but the email address is retained and marked as "already in use")
0
 
LVL 45

Expert Comment

by:aikimark
ID: 40557898
In addition to what Ray recommended, have you tried prayer/praying?

I'd love to see a good spammer smiting.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 40557936
^^^ @aikimark: Great idea!
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 50 total points
ID: 40558260
Along with the steps that Ray outlined, you can add IP blocking for spammers.  in the form capture the ip address into a hidden input. you can then use something like http://www.apews.org/to lookup the ip and it will give you the history of problems with the ip and also give the address needed to block the whole host provider if it is a problematic hosting organization.

Then you just deny from the ip in your .htacces and you will never have to deal with them again.

Cd&
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559225
Thanks to all. I am working on Ray's suggestion. Will back.
0
 
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 50 total points
ID: 40559361
Google released the new ReCaptcha

https://www.google.com/recaptcha/intro/index.html
0
 
LVL 36

Author Comment

by:Loganathan Natarajan
ID: 40559397
Thanks Michel Plungjan
0
 
LVL 33

Assisted Solution

by:Slick812
Slick812 earned 50 total points
ID: 40560385
greetings Loganathan Natarajan, , I hope I can help a small amount, although the effectiveness of any Captcha (even complex distorted images) is Much Less now in 2015, than even 5 years ago, due to highly effective server side OCR services for getting text from images. There's no 100% solution to stop "spam" entries, because the spammers are sometimes organizations (businesses) and have high money budgets and experienced coders.

That aside, you might consider "why" or the purpose of the organizations that spam you, They all hope to make money from the spam, if that, then they MUST have a revenue creation, usually a web addy , as in yours -
    http://nufevwzwhyu,com
you might do a php string search for "http://" and then do not show-enter that request. you may also in include a search for "www.", be sure to make sure there is no <script tag in any request.

The suggestion by "Kimputer" for a NON-TEXT word, but other (as a simple math in that case), might be as effective or maybe more than a text entry Captcha. You could have a display line as -
    Which animal makes this sound - "Bark"
and to pass the test the user types  "dog"
     Which animal makes this sound - "Moo"  (ans "cow")
     Which animal makes this sound - "Chirp"  (ans "bird")
     Which animal makes this sound - "Cock-a-doodle-do"  (ans "rooster" "chicken")

I have seen where a small image of an animal is shown, and the user has to type in "cat" or "dog" or "fish" to get a pass.

If you really need more and better restrictions, you might keep your present Captcha, but add 6 radio buttons under it, labeled- cat, dog, fish, bird, monkey, cow, , and show a small animal image for them to use the radios.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question