Page 1 of 2

robots hacking and posting form data resulting in spam

Posted: Tue Apr 11, 2006 5:18 am
by deeppak
hi alll i came across a very unusual problem which is really disturbing me day and night some michiever is using some robots or i dont know what is posting spam on my forms i tried to detect it through some server environment vaiables but i could not able to detect his ip trough code so that i can block his id at server.

Can any body help me in coming out of this odd situation i need the solution urgently as my database is storing all the junks posted by him on a regular basis

Thanx,
in advence

Posted: Tue Apr 11, 2006 5:45 am
by timvw
Have a look at $_SERVER['REMOTE_ADDR'].

this is not a piece of cake

Posted: Tue Apr 11, 2006 6:12 am
by deeppak
Is this a piece of cake i have already mentioned that all the options of PHP code i have used but could not detect any i am using all the below stated attribute available for $SERVER


['HTTP_REFERER']['SERVER_NAME']['SERVER_PROTOCOL']['HTTP_HOST']['REMOTE_ADDR']['REMOTE_HOST']['REMOTE_ADDR1']['REMOTE_PORT']['HTTP_USER_AGENT']

Posted: Tue Apr 11, 2006 10:08 am
by pickle
What is $_SERVER['REMOTE_ADDR'] giving you? In your list, you list ['REMOTE_ADDR1'] - which doesn't exist.

Posted: Tue Apr 11, 2006 10:14 am
by Maugrim_The_Reaper
What's the frequency of the posting? e.g. how many per second when the bot strikes? A time delay between allowed posting might work to limit the count of such submissions. The rest may need a filter assuming the usage is the same - similar text and other details.

Posted: Tue Apr 11, 2006 9:06 pm
by wyred
I have a custom blog and I got attacked a few times. I store the IPs of visitors when they access my blog and I also store them again when they make a comment at an entry.

At first I changed my form names, but that didn't work as the attacks came back a few days later. It seems that this person is so dedicated to spam my blog that he came back to find out the new form names. Checking my logs, I notice that the spamming is done directly to my comments form. The time delay the spammer specified was every 60 minutes.

Anyways, since I had his IP, I wrote up a few lines of code to block that IP from accessing any part of my blog.

the probelm is still pertainiing

Posted: Tue Apr 11, 2006 11:29 pm
by deeppak
the problem is still there i cannot detect his ip since the $_SERVER[] is not returning any thing if i check the logs also how will i come to know that from which IP he is spammming i will try for the change of form names since i have not tried this lest see what is the result is there not a single solution to stop him since i could not coucght him since his ip is not detectable is there any appication code in php which can help me in this respect

plz answer it this is really nail biting

one more thing

Posted: Tue Apr 11, 2006 11:32 pm
by deeppak
one more thing i forgot to mention the words which are used in spamming is also not same they are changed on each submission

Posted: Tue Apr 11, 2006 11:58 pm
by wyred
Perhaps post your code that tries to get the IP address? I don't think it's possible that $_SERVER returns nothing.

believe me trust me

Posted: Wed Apr 12, 2006 12:50 am
by deeppak
hi sire believe me i could not detect his ip by$_SERVER[]

the code is as follows

$HTTP_REFERER=$_SERVER['HTTP_REFERER'];
$SERVER_NAME=$_SERVER['SERVER_NAME'];
$SERVER_PROTOCOL=$_SERVER['SERVER_PROTOCOL'];
$HTTP_HOST=$_SERVER['HTTP_HOST'];
$REMOTE_ADDR=gethostbyaddr( $_SERVER['REMOTE_ADDR'] );
$REMOTE_HOST=$_SERVER['REMOTE_HOST'];
$REMOTE_ADDR1=$_SERVER['REMOTE_ADDR'];
$REMOTE_PORT=$_SERVER['REMOTE_PORT'];
$HTTP_USER_AGENT=$_SERVER['HTTP_USER_AGENT'];

if u want u can check it on my site i have generated the report to check who is submitting the information on my site

if u want i will further provide u with the exact url to get u confirmed

Thanx

Posted: Wed Apr 12, 2006 2:38 am
by AKA Panama Jack
If it is a forum your best bet is to turn off ALL Guest posting privs. Bots and spammers look for forums and blogs that allow anonymous or guest posting.

You can hunt for their server or IP all day long but it will not work. Most of the spammers use mutiple DNS names, multiple IPs, spoofing and proxy servers. Once you block one they will try another and another and another.

They will be able to swap how they are spamming faster than you can ever keep up with the blocking.

The only real way to halfway block them is to require logging in with an account. And make sure your forum has a graphic authentication of some sort for new accounts. The forum builds a graphic image with letters and numbers mixed together. Then the person registering has to type in those letters and numbers to confirm. That foils most bots.

Most of the spam bots have built in routines for the major forum and blog software that will automatically create a new account so it can post but the graphic authentication usually stops them.

The days of allowing people to anonymously post on forums and blogs are basically gone because these bots are looking for places to flood with links so the sites they represent get higher search engine hits.

KittenAuth,CAPTCHA are not the solution for me

Posted: Wed Apr 12, 2006 3:10 am
by deeppak
KittenAuth,CAPTCHA are not the solution for me
coz i want to stop him through some php code i dont want to use some third party tool if i could not get suceed in this i will definately look out for this i got the above stated solution of putting the images and input match on the forms but that too is not impressive in my case since my site is not famous and i want more and more people to visit my site that is why i have kept the form short adding one more field cheking input will confuse the user and will leave the form i want him to fill mininal information so that i get more and more queries but this spamming is really confusing me

reply soon this is urgent plz be more explanatory since i am a newbie

Thanx

Posted: Wed Apr 12, 2006 9:48 am
by pickle
Is $_SERVER populated at all?
What's that URL?

The simplest solution if IP detection doesn't work (and it might not because the spammer bot could come from many different IPs) would be to do a challenge/response. Just throw a human readable question in the form as a required form (questions everyone knows like - "What is the first weekday of the week?"). If you make that a random question - that should cut down on the spam. Captcha works too, for now, but I've heard it's effectiveness is starting to lessen.

Posted: Wed Apr 12, 2006 10:18 am
by timvw
I've found that an ip blacklist is sufficient *for me*.


I don't display comments untill they're approved.. And when i tag one as spam, the author's ip end up in the blacklist (Yes, there's a good chance innocent people are a 'victim' of this blacklist. In that case they should consider a better ISP that doesn't provide services to spammers.)

Posted: Wed Apr 12, 2006 11:26 am
by Maugrim_The_Reaper
Maybe filter the comments through a blacklist engine like Blogg.de?

Generally, from filtering spam on my own blog without resorting to desperate measures like CAPTCHAs (unless post is a certain age) a few filters watching URL counts (how many URLs per comment), author and body terms, etc. works well. So to does having some form of mechanism for forcing a delay between individual comments - spambot generally try posting dozens of comments per second if not more. It can also help to set up form tokens - depending on whether the spambot uses your forms, or uses some inbuilt request this can screen out a fair few weeds...

Relying on IPs is not going to be very reliable - a spammer can switch proxies as often as you ban IPs. Many will never even post from the same IP to the same site if they can help it.