Page 1 of 1

Spamming problem

Posted: Fri Aug 22, 2008 7:58 pm
by leon_nerd
I have a problem that I feel has a solution to but somehow I can't find it.

I have a site with a messageboard in it. There is a page to start a new thread. The user can fill in the information and click submit. I then check that each field is present and then after validating each field I send the data to the database. Recently I have been getting lots of spams. I thought that maybe some bot is filling in the information and submitting the pages. I entered an Image verification method too to prevent this. But of no use. I changed the password of my database but no use. Also, the amount of spams is so huge that it is not humanly possible to do so. Moreover it's useless for any human to do so. I get like 300-500 spams per day.

Then I noticed one thing. There are 4 fields those are validated. As per my code if any of these 4 field is empty then it will not submit and will prompt the user to enter the missing info. But, this spammer thingy is able to submit the info into my database with one of the fields missing. How is this possible? I checked the database and one of the fields is empty for all the messages that the spammer has entered.

So, this means that the spammer is not submitting the info to my page. Rather it has got the hold of my config file and table name and just putting in the info using this information. I mean this is what I feel.

Has anyone encountered such an issue before. Kindly help me as I have scratched my head for hours but couldn't find how the spammer is able to enter the data into the database :(. And how to prevent it :(? I have used sprintf to run the insert query into the database. What else can I try/

Re: Spamming problem

Posted: Sat Aug 23, 2008 2:22 am
by jaoudestudios
How are you checking all form fields have been filled? Client side or Server side? Because if you are doing it client side with Javascript then the spam bots have javascript off and will therefore bypass this check. You will need to do a server side check too.

How do you create your spam code image? If it does not change enough each time the spam bots will be able to figure it out.

Re: Spamming problem

Posted: Sat Aug 23, 2008 2:26 am
by jaoudestudios
I have a spam code class that you are welcome to use. I can upload it on monday.

More details are here...
http://www.forum.jaoudestudios.com/view ... f=13&t=105

Re: Spamming problem

Posted: Sat Aug 23, 2008 3:09 am
by jaoudestudios
I managed to dig it out, the spam class is now available.

Re: Spamming problem

Posted: Sat Aug 23, 2008 2:02 pm
by leon_nerd
jaoudestudios wrote:How are you checking all form fields have been filled? Client side or Server side? Because if you are doing it client side with Javascript then the spam bots have javascript off and will therefore bypass this check. You will need to do a server side check too.

How do you create your spam code image? If it does not change enough each time the spam bots will be able to figure it out.
I am checking the fields on the server side. I am not using any javascript for it. Regarding the spam code image, I am generating a jpg with a random 7 alpah-numeric code.

Is there any other way that the information can be submitted to the database other than using the form? Maybe the bot has read the form fields and then using my config file it is able to directly inject the data into the database. Is it possible?


Edit: Today I observed that the spammer bot submitted threads with no message body text. If the information was being submitted through the page then this would have not happened since I am checking the message body is present or not. I m pretty sure that the spammer bot is able to submit the data without going through the web page.

Re: Spamming problem

Posted: Sat Aug 23, 2008 2:56 pm
by jaoudestudios
I think the bot would have to submit it through the form, change the spam code type. i.e. change the font, colour, text position. Use the class I gave you, it does all that including random: font, position, rotation, color, background lines etc... take a look, there are some examples up there too.