...

View Full Version : Genius anti-webspam idea



RabidMango
07-20-2009, 12:15 PM
I was inspired by a quirk of facebook to think up the best possible way to get people who spam your cgi/php/asp forms on your site to go to hell and never come back...

Oh this is so good, I hope LOTS of us use it asap - it works much more cleverly than previous anti-spam models.

You know how you get asked to copy out the letters or answer a question or something to prove you are human?

Well the trouble is you are asked every time. So what happens is that if a spammer finds your site they can be sure that they will be asked to fill out a prove-you-are-human question (which a lot of spammers just fill out anyway, since they are into slave labour a lot of the time).

Well my idea (based on what facebook either on purpose or by accident did) can solve that in a brilliant way:

what you do is you put a prove-you-are-human question into say 3 or 4 places on your site where input is required, i.e. anywhere in the process, not just in one place, and what's more, you vary it randomly - so a user cannot actually know in advance where that question will come - by creating a bit of unpredictability and making the spammer have to stay much much more alert when using your site, you will annoy the living hell out of him/her and the majority of such spammers will voluntarily choose to not spam you again.

The bottom line is to use unpredictability to annoy the muthas.

tomws
07-20-2009, 02:53 PM
Web sites need to strike a balance between usability and impeding the spam flow. Unpredictability isn't the answer for most multiple-user sites. That creates unexpected hassles for legitimate users - and hassled users can just go somewhere else where they won't be as troubled.

The existing CAPTCHA technology works well as long as it's implemented correctly and not bot-readable. It forces a spammer to be an actual human, which severely limits the spam flow. And limiting the flow is the best that can be done - it will never be eliminated.

Fumigator
07-20-2009, 07:35 PM
Multiple captchas on a single form will not only chase the spammers away, it will chase your users away as well.

RabidMango
07-21-2009, 01:26 AM
Ah yes, the irritation factor. The reason I didn't notice it on facebook is that facebook is 100% irritating anyway, so there's no way to tell the difference. Sorry. Back to the drawing board.

Fumigator
07-21-2009, 05:46 PM
Ah yes, the irritation factor. The reason I didn't notice it on facebook is that facebook is 100% irritating anyway, so there's no way to tell the difference. Sorry. Back to the drawing board.

Now that is funny... and true!

extokas
07-22-2009, 12:08 PM
Now that is funny... and true!

Oh yes for sure. It make me nervous sometimes, when I hurry somewhere...

noneforit
07-25-2009, 11:20 AM
Depends on what you are looking for, a propper web designer needs to know how to edit code. Although website builder software may give you what you want if you simply want a website where you are happy to chose the layout from a list of templates. If you want a website to look exactly like you want it or even want to modify the design of a template then you need coding skills.

Emmett
07-26-2009, 01:48 PM
Multiple captchas on a single form will not only chase the spammers away, it will chase your users away as well.

agree with you. Them to bypass this protection is much easier than you make it.

MarcyS
07-26-2009, 03:54 PM
Multiple captchas on a single form will not only chase the spammers away, it will chase your users away as well.

I don't think so because if the the user really wants to join the community to share something then he/she will be most willing to answer the capcha.

RabidMango
07-26-2009, 04:11 PM
A new concept has occurred to me, perhaps inspired by some of the responses (not all, naturally) to some of my posts - there are often buzzwords which draw spammers in. What my new idea consists of, brewing in my head as it is, like a strong cup of tea, is some kind of "spammer trap" - instead of warding the spammers off, think about drawing them in - then all you have to do is permanently block their IP.

So there we have it - the future in anti-spam is spamtraps. You heard it first on Electronic Sesame Street, brought to you by the letter alpha and the number pi.

MattF
07-26-2009, 04:52 PM
What my new idea consists of, brewing in my head as it is, like a strong cup of tea, is some kind of "spammer trap" - instead of warding the spammers off, think about drawing them in - then all you have to do is permanently block their IP.

About as much use as a chocolate fireguard. Never heard of dynamic I.P pools?

the moose
07-26-2009, 07:17 PM
I have to say, I think ReCaptcha (sp?! lol) works really well. Anyone know of spammers who can get around that?!?

Cheers

The Moose

RabidMango
07-27-2009, 01:17 AM
About as much use as a chocolate fireguard. Never heard of dynamic I.P pools?

The trapping idea is still fine, maybe I was foolish to suggest following unorthodox ingenuity with orthodox mainstream behaviour.

It wouldn't fail on my own system and I'll explain why with a concrete example: I have a property board for crash-price property which people from various places, mostly not the UK, try to fill up with totally stupid spam like some of the worst sort you see on forums - i.e. just streams of junk and links.

If I build a spam-trap then that will identify the spammers to me (on ALL their IPs, since it will always identify them) {although we haven't yet come up with a good solid idea for what this spam trap should consist of and that's the positive direction to try and think in next, here} and then where my internal system has active set to a pending status on all new entries, if it is an entry delivered via someone caught in a spam-trap it can just be expunged. Thus there will be no cause for the spammer to ever 'know' they were derailed by their identity, and whether or not they chop and change identities, they'll always be carrying out a futile act. The more I think about this idea, the more I like it. In the words of that fat private detective bloke who eats a lot and solves crimes with a german chef and a guy that looks like doogie howser but older, phooey.


---

more, more more...

a first-up idea for just one (of many) spam traps -

something that invites the user to get free advertising for a website immediately - or something along those lines

MattF
07-27-2009, 01:30 AM
What happens to the legitimate users who are later assigned that dynamic I.P that a spammer may have triggered your honey-pot with? Poorly thought out idea. Period. It's a hit and miss affair on systems that have a valid excuse for rejecting dynamic I.P's and using I.P blocklists, (MTA's, for example), and it would be safe to surmise that you could multiply that false positive factor by a minimum of tenfold on something such as a bulletin board or similar.

I.P blocking is rarely a solution to any situation unless you wish to severely limit your audience.

MattF
07-27-2009, 01:33 AM
I have to say, I think ReCaptcha (sp?! lol) works really well. Anyone know of spammers who can get around that?!?

I seem to recall hearing recently that it was losing its potency.

gnomeontherun
07-27-2009, 10:37 AM
Any spam filter that reduces the ability of people to use a site causes as much or more grief as the spam itself. Human moderation is really still the best way.

Rowsdower!
07-27-2009, 03:43 PM
I don't think so because if the the user really wants to join the community to share something then he/she will be most willing to answer the capcha.

I like to participate, but if I had to answer a captcha question every time I posted here (or even at random times when posting) I would have left long ago. It's tedious to even have to answer a captcha for simple downloads, as I have seen for some sites. Making it requisite for a forum would be very, very bad.

I understand the motive behind captcha's, but it's not something I would put up with having as a regular, frequent part of my day. I think most users would feel the same, sooner or later, and traffic would dwindle.

gnomeontherun
07-27-2009, 05:03 PM
If you really want to keep spammers away then, don't promote your tactics on searchable forums. :) Also please watch your language, it is not needed and violates the rules.

Unpredictability still causes headaches for users. I'm sure you know some online services that occassionaly log you in, but take you to a promo page instead of the usual dashboard or whatever. I think my old web host did that, trying to sell me more products. I hated it. If you have real members on your site, then invest in real moderators. If you have only spammers, invest in automated control. Heck twitter even moderates with people, sure they have tools to catch em, but there are people there. I would even argue that CF is one of the best web development forums because its moderated by people actively.

Automation is important, but focus on tools that do not disrupt the user experience, and on tools that help the moderators to track down offenders.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum