loloyd -
Joined: 03 Mar 2006 Posts: 435 Location: Philippines
|
Posted: Mon May 22, 2006 9:18 am Post subject: Experimental website anti-spam feature |
|
|
This idea struck me just now.
I use Abyss+Drupal but this might also work for other CMS platforms.
Background
Since I began hosting a site on my machine and getting wowed by getting crawled by well-meaning search robots, I discovered that spammers posting spamvertisements in the built-in comments feature of my Drupal was a problem of immense proportion. Spammers were (and are still using) botnets (zombie computers) to post their spamvertisements. In solving this, captchas immediately came to mind but I had troubles implementing it in my website due to version conflicts and other technical concerns. I didn't investigate enough but I came to the conclusion that my spam problem was being caused by a botnet because of the seemingly automated way they behave and the distribution of its source IPs. I do not consider IP filtering to be a good option.
Voila
One of the workable solutions was sitting under my nose all along. I haven't been able to actually see this through, but I hope this will work. In the Anti_Leeching feature of Abyss, I added "/index.php?q=comment/reply/" as a scope to monitor and then set the option to refuse accepting requests with no "referer" header. So, unless the spambot being used was sophisticated enough to mimic a browser that sends a referer header to each comment it POSTs in my website, this could very well work. Adding your hostname or domain as an "allow link from" entry is optional but it sure limits the spammer's breadth.
Crossing my fingers.
If you have other CMS platforms, the idea is to identify and add your comment pattern URL in Abyss' Anti-Leeching scope monitor.
Issues
This would probably fail if the spambot was sophisticated enough to add a referer header (that's pointed also in the same direction as my hosts domain) in its spamming operations.
More crossed fingers. *sigh*
External references
http://en.wikipedia.org/wiki/Captcha
http://drupal.org/ _________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|