Experimental website anti-spam feature

 
Post new topic   Reply to topic    Aprelium Forum Index -> Tutorials
View previous topic :: View next topic  
Author Message
loloyd
-


Joined: 03 Mar 2006
Posts: 435
Location: Philippines

PostPosted: Mon May 22, 2006 9:18 am    Post subject: Experimental website anti-spam feature Reply with quote

This idea struck me just now.

I use Abyss+Drupal but this might also work for other CMS platforms.

Background

Since I began hosting a site on my machine and getting wowed by getting crawled by well-meaning search robots, I discovered that spammers posting spamvertisements in the built-in comments feature of my Drupal was a problem of immense proportion. Spammers were (and are still using) botnets (zombie computers) to post their spamvertisements. In solving this, captchas immediately came to mind but I had troubles implementing it in my website due to version conflicts and other technical concerns. I didn't investigate enough but I came to the conclusion that my spam problem was being caused by a botnet because of the seemingly automated way they behave and the distribution of its source IPs. I do not consider IP filtering to be a good option.

Voila
One of the workable solutions was sitting under my nose all along. I haven't been able to actually see this through, but I hope this will work. In the Anti_Leeching feature of Abyss, I added "/index.php?q=comment/reply/" as a scope to monitor and then set the option to refuse accepting requests with no "referer" header. So, unless the spambot being used was sophisticated enough to mimic a browser that sends a referer header to each comment it POSTs in my website, this could very well work. Adding your hostname or domain as an "allow link from" entry is optional but it sure limits the spammer's breadth.

Crossing my fingers.

If you have other CMS platforms, the idea is to identify and add your comment pattern URL in Abyss' Anti-Leeching scope monitor.

Issues

This would probably fail if the spambot was sophisticated enough to add a referer header (that's pointed also in the same direction as my hosts domain) in its spamming operations.

More crossed fingers. *sigh*

External references
http://en.wikipedia.org/wiki/Captcha
http://drupal.org/
_________________

http://home.loloyd.com/ is online if the logo graphic at left is showing.
Back to top View user's profile Send private message Visit poster's website
aprelium
-


Joined: 22 Mar 2002
Posts: 6800

PostPosted: Mon May 22, 2006 12:16 pm    Post subject: Re: Experimental website anti-spam feature Reply with quote

loloyd,

It's an interesting use of the anti-leeching feature. Thank you for taking the time to write a tutorial about it.
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Send e-mail
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Tutorials All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group