View Full Version : Automated Spam Poster

08-19-2005, 05:04 PM
I've been having a problem recently with a spammer posting replies all over my website. I have the feeling it's all automated because the posts are usually the same and repeated throughout. I'm wondering if y'all have any ideas on how to prevent such problems. I've seen the verification images, so that's an idea but I'm wondering if anyone else has dealt with this issue? I thought about mandatory registration to post but I really want to make it easy for people to reply.

08-19-2005, 07:49 PM
Image verification is probably the best method to deter spammers.

I'd guess they use a program or something to automate it. If the message is posted in the url it would also be very easy to spam (ie. post.php?name=spammer&email=spammer@spam.com) because they could just keep refreshing that page. Hard to know the best method without knowing how they do it but I'd say go for image verification.

08-19-2005, 09:29 PM
You should also consider making your website log the IP address of people replying, that way you could see if this spam keeps coming from the same IP, you could make your script not accept responses from that IP address and send them to some sort of error page saying their IP address has been blacklisted.

08-20-2005, 03:30 AM
Image verification is probably the best method to deter spammers.
Image verification is counter-accessibility - what if you can't see the image? Or you can see it but can't make out what the letters are?

I reckon you'd be better off with IP blocking and such tactics. I admit it's not perfect, and honestly I'd like to be able to recommend something as high-strength as image verification (though it can still be broken with letter-recognition software), but I just don't know of anything that can be done which doesn't also impact on a proportion of legitimate users.

Remember that validation is in every sense "your problem", rather than "your users' problem", so anything that undermines or significantly obfusctates the process for legitimate users, in the name of security, is a kind of buck-passing of the problem from you to your users.

08-21-2005, 12:59 AM
Try having members check their e-mail and verify who they are before they can log in or post. Also make sure guests can't post and ban the IP adress. Thats all I have in mind. Never heard of Image Verification.

08-21-2005, 01:21 AM
I'm struggling between image verification and some other unused method only my site would use. I highly doubt spammers would go through the extra trouble of figuring out a code that is used for only one site. IP blocking is definitely something I'm going to implement.
Thanks for the help,

08-21-2005, 02:00 AM
What about a "forced preview," sort of how Textpattern does by default? It forces the user to preview the comment before submitting... seems like it would work and still be accessible.

08-22-2005, 10:56 PM
There is a fantastic spam blocking code that I use called Bad Behavior. It blocks spammers by looking at all the headers they send. They'll often have typos in the user-agent that can differentiate spam bots from real browsers. The great thing is, with over 200 users with Bad Behavior, there has yet to be a single false-positive.

Check it out at http://www.ioerror.us/software/bad-behavior/

It comes in plugin form for various software tools, but it also runs 'generic' mode that can be included in any site. Good luck!

Tristan Gray
08-23-2005, 02:02 PM
Interesting... if this problem got out of hand on my site though I'd probably do up a custom image verification set.

07-10-2006, 11:31 PM
Hi all, I'm a totally blind user and I use a text-to-speech screenreader to browse the Internet. I understand the whole concept of image varification, and I do agree it's a good way of preventing automated spam. But at the same time, I totally agree 100% with the user who pointed out "what if the person can't see the image or can't make it out?" In the case of blind and visually impaired users, text-to-speech screenreaders are unable to read the image verification codes, which puts users at a disadvantage. Sites such as hi5, myspace, savefile.com and dot.tk to name a few, all have these features, and a lot of site developers don't seem to be too aware of this disadvantage and/or are not willing to include features that would accommodate the blind/visually impaired user. However i do like Hotmail's image verification system, they have an audio feature which, when you click on it, allows you to hear the characters in the image and type the characters that you hear. My question is: How can i independently get through the image varification codes without having to bug people all the time to tell me what the codes are? I mean, it's ok to ask for help every once in a while and all, it's just that I feel that as a visually impaired user who is quite confident with technology, I should be able to do things more independently with the necessary accommodations. So, to get back to my point, I've always used IP blocking, and that seems to work out perfectly for me. Hey, I should check out that Bad Behaviour spam-blocking software.

07-11-2006, 10:10 AM
Sofar, I have had very positive results from the Akismet (http://akismet.com/) spam filter. Although it is primarily offered as a plug-in for WordPress installations (which I have), the API is open for other uses, which they seem to encourage. You could take a look under "Development (http://akismet.com/development/)" to see if this could be adapted for your use; a number of libraries are already made available.