0008877: SPAM Bot Protection

(0022347)
michiel (administrator)
09-01-07 12:16

I'd first like to see how effective the current method is. If Captcha can be avoided that would be my preference, as (a) captcha increases the complexity for users and (b) captcha is not failsafe

(0045281)
kyleknapp (reporter)
19-04-08 05:04

I'm not sure how valuable my comments are, but here's my experience:

I was using version 2.10.2 A few days ago I started getting bombarded with "subscriber spam" (10, then 20, then 50, then 100+ per day). I upgraded to 2.10.5 to see if it would help.

At first there seemed to be no effect on the number of spam signups I was getting, though the spam-blocker was catching a few (1 or 2 per hundred). A day later, however, the spam seems to have completely stopped (except for a few intercepted by the spam-blocker, 5 of them in the past 24 hours). Don't know what this means. I'll post an update if I see any significant changes.

(0045291)
michiel (administrator)
20-04-08 02:20

that's very interesting, thanks for letting us know.

(0045474)
kyleknapp (reporter)
22-04-08 06:44

they're back. No spam for 2 days. Now I've received about 80 in the past 4 hours. Almost all have "gmail" addresses (some say "egmail") All fields are filled with garbage, except for a textarea field named "Notes", which in apparently every instance contains HTML "<a href" tags and "[url=" tags with weblinks, mostly to viagra and other drug sellers

Ironically, I have a "Website" attribute, but this is just filled with garbage.

(0045534)
michiel (administrator)
22-04-08 14:44

interesting. So, they're clever bots. They adapt. Aargh, sounds very Matrixy

(0047447)
jsherk (reporter)
19-05-08 20:09

Would like to have more info in the notify_spam email, like ip address and bot name, so I can try to eliminate certain spam attacks.

Spam_block works succesfully, but it doesn't tell me anything about the attack except the email address (usually fake) that it is using.

(0047451)
kyleknapp (reporter)
19-05-08 21:05

Not very successfully, I'm afraid. I get 30-50 spam entries in my list for every one that gets successfully blocked.

(0047998)
jsherk (reporter)
26-05-08 14:56

To: kyleknapp

kyleknapp, can you please contact me at jeff at forerunnertv dot com.

I am porting over a spam killing script called bad behaviour and I need somebody to test it (you look like the perfect candidate) before I post the mods in the forum.

I have it succesfully working on my site, but spam_block was also working for me... so you seem to need something in addition to spam_block, and perhaps this will work.

Bad Behaviour is a contact form and comment spam killer that is used very succesfully with blogs like wordpress and many others. You can read more about it here:
http://www.bad-behavior.ioerror.us/ [^]

(0048142)
kyleknapp (reporter)
28-05-08 14:17

I have installed jsherk's "Bad Behaviour Spam Killer" and it works great. In the past 24 hours it has intercepted over 150 spam entries - so far none are getting through. Seems to have no effect on valid entries. See http://forums.phplist.com/viewtopic.php?t=18290 [^] for installation instructions.

(0048143)
michiel (administrator)
28-05-08 14:24

sounds great. I'll put a "news item" on the site, so more people know about it.

(0048147)
jsherk (reporter)
28-05-08 14:46

I have opened up a new Feature Request to have this added to phpList. If insterested, please leave your comments there as well:
http://mantis.phplist.com/view.php?id=14717 [^]

Notes
(0022347) michiel (administrator) 09-01-07 12:16	I'd first like to see how effective the current method is. If Captcha can be avoided that would be my preference, as (a) captcha increases the complexity for users and (b) captcha is not failsafe

(0045281) kyleknapp (reporter) 19-04-08 05:04	I'm not sure how valuable my comments are, but here's my experience: I was using version 2.10.2 A few days ago I started getting bombarded with "subscriber spam" (10, then 20, then 50, then 100+ per day). I upgraded to 2.10.5 to see if it would help. At first there seemed to be no effect on the number of spam signups I was getting, though the spam-blocker was catching a few (1 or 2 per hundred). A day later, however, the spam seems to have completely stopped (except for a few intercepted by the spam-blocker, 5 of them in the past 24 hours). Don't know what this means. I'll post an update if I see any significant changes.

(0045291) michiel (administrator) 20-04-08 02:20	that's very interesting, thanks for letting us know.

(0045474) kyleknapp (reporter) 22-04-08 06:44	they're back. No spam for 2 days. Now I've received about 80 in the past 4 hours. Almost all have "gmail" addresses (some say "egmail") All fields are filled with garbage, except for a textarea field named "Notes", which in apparently every instance contains HTML "<a href" tags and "[url=" tags with weblinks, mostly to viagra and other drug sellers Ironically, I have a "Website" attribute, but this is just filled with garbage.

(0045534) michiel (administrator) 22-04-08 14:44	interesting. So, they're clever bots. They adapt. Aargh, sounds very Matrixy

(0047447) jsherk (reporter) 19-05-08 20:09	Would like to have more info in the notify_spam email, like ip address and bot name, so I can try to eliminate certain spam attacks. Spam_block works succesfully, but it doesn't tell me anything about the attack except the email address (usually fake) that it is using.

(0047451) kyleknapp (reporter) 19-05-08 21:05	Not very successfully, I'm afraid. I get 30-50 spam entries in my list for every one that gets successfully blocked.

(0047998) jsherk (reporter) 26-05-08 14:56	To: kyleknapp kyleknapp, can you please contact me at jeff at forerunnertv dot com. I am porting over a spam killing script called bad behaviour and I need somebody to test it (you look like the perfect candidate) before I post the mods in the forum. I have it succesfully working on my site, but spam_block was also working for me... so you seem to need something in addition to spam_block, and perhaps this will work. Bad Behaviour is a contact form and comment spam killer that is used very succesfully with blogs like wordpress and many others. You can read more about it here: http://www.bad-behavior.ioerror.us/ [^]

(0048142) kyleknapp (reporter) 28-05-08 14:17	I have installed jsherk's "Bad Behaviour Spam Killer" and it works great. In the past 24 hours it has intercepted over 150 spam entries - so far none are getting through. Seems to have no effect on valid entries. See http://forums.phplist.com/viewtopic.php?t=18290 [^] for installation instructions.

(0048143) michiel (administrator) 28-05-08 14:24	sounds great. I'll put a "news item" on the site, so more people know about it.

(0048147) jsherk (reporter) 28-05-08 14:46	I have opened up a new Feature Request to have this added to phpList. If insterested, please leave your comments there as well: http://mantis.phplist.com/view.php?id=14717 [^]