There seems to be a bot attempting to spam through my contact form - attempting to send hundreds of emails with PURE gibberish:
1vvQZe mnfxobzahiga, [url=http://dxicyigwtdyn.com/]dxicyigwtdyn[/url], [link=http://hhulyjnulbvz.com/]hhulyjnulbvz[/link], http://nfggzmenyqcl.com/
I'm really trying to keep from using captchas on my site, but this is getting ridiculous.
- can anybody explain exactly what these spammers are trying to do?
- what non-captcha lengths can i go through to detect them? keep in开发者_Go百科 mind that they are switching IP's every email
Most modern spam filters work by some form of Bayesian Analysis http://en.wikipedia.org/wiki/Bayesian_analysis
If these messages don't trigger the spam filter as "bad" they will end up in the "good" filter, weighting a future real spam message (Viagra ad or Nigerian scam or whatever) which also contains the same gibberish. So they are seeding your spam filter so they can get past it later.
My thoughts were quickly supported by analysis on many sites through a simple Google search. See, for instance, http://ezinearticles.com/?Gibberish-Spam-Email---Why-Do-Spammers-Send-It?&id=573584
Re: non-captchas:
1) Many times these robots try to provide a value for every input. So add an input to your form which has css styling of display: none. Then, if the field has a value, you know the submittor was a robot.
2) Ask an easy question on your form: "What is 1 plus four: "
Added: For method 2, be prepared for answers of "5", "Five", "five", etc.
A solution that often helps when fighting against spam, that is used by several blogging-engines (I use it on my blog, and it's not bad), is akismet : they provide a free service for personnal use -- and there is some service for commercial use too.
I've never used their API directly, but, basically, I suppose you send it the comment, and you get in return an information saying "spam" or not.
They may be sending test messages to mailboxes they monitor to try to determine if your site can be used as a spam gateway. That's my suggestion.
Another possibility (as mentioned already) is that they're trying to improve the IP address reputation by sending apparently-good mails from the server.
As far as trying to block them is concerned - their bots are normally very stupid. They don't parse the HTML properly and they certainly don't read the form or support CSS. Add a field called something like 'email' inside a display='none' element. Ensure that this field is left blank by legitimate respondents, and bots are almost certainly going to fill it in anyway. Rename your real email field to something else.
Then any form submit with a value in the unfillable field is definitely spam and can be ignored.
Other options include using Javascript (which bots generally don't execute) to fill a hidden field, but these place more requirements on legitimate user agents (still better than a captcha though).
Provided the technique you use isn't too common or similar to those used by lots of other sites, the bots will not have a work-around for it.
what non-captcha lengths can i go through to detect them? keep in mind that they are switching IP's every email
For anyone who lands here in 2019 and beyond, I actually fixed exactly these kinds of messages on one of my own contact forms (among other things) through a simple test:
It's going to send me a plaintext e-mail, so there shouldn't be hyperlink markup in it, regardless of whether it's a bot or a human sending it.
As such, my form-handling code just checks for </a>
, [/url]
, or [/link]
and sends the user back around with a polite message to please replace their link markup with bare URLs.
That one rule is enough to stop all but maybe 6 botspam per year, which all seem to be the same bot, which got lucky in already using bare URLs only.
精彩评论