community site spam

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
phpdevuk
Forum Contributor
Posts: 220
Joined: Mon Jul 04, 2005 5:31 am
Location: UK
Contact:

community site spam

Post by phpdevuk »

We run a community site here, and have recently been having someone mass spamming members. We delete the posts and also the account but the spams continue almost like its is a script sending the messages. Can anyone think of any good way to prevent a script from accessing a website email system? The messaging system is behind a login which would normally be enough to prevent a script from accessing. We are thinking currently of adding some kind of image verifaction system to stop it from submitting, but obviously this is going to be an irritation to members.

Any other ideas?
tbrown1
Forum Newbie
Posts: 17
Joined: Wed Oct 25, 2006 10:58 am

Post by tbrown1 »

Did you check to see if it is coming form one IP address or many different ones?
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Track how often each user is sending mail. Create a flood control to track and limit email usage.
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

add capacha and a robots.txt to stop certain robots from entering
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

I've used the presence of Javascript to filter out the robots on some contact forms.

Code: Select all

<form name="contact" method="post" action="form2mail.php" onsubmit="document.contact.jstatus.value='true'; return true;">
<input type="hidden" name="jstatus" value="false">

.....

</form>
Works well on sites with a non-techie demographic.
User avatar
phpdevuk
Forum Contributor
Posts: 220
Joined: Mon Jul 04, 2005 5:31 am
Location: UK
Contact:

Post by phpdevuk »

all good ideas, thanks!
Post Reply