spamming in <textarea> inputs

[Don Olson]

Hello,

I'm designing feedback forms for a website, and the owner currently gets a
lot of spammers inputting dozens of URLS into the <textarea> input fields.
The regular <input> boxes have a "maxlength" attribute which can limit the #
of characters, but the <textarea> seems to have no such ability.

Any ideas on how I could prevent mis-use of the textarea fields?

thanks for any suggestions...

Don

 

[Adrienne]

Hello,

I'm designing feedback forms for a website, and the owner currently
gets a lot of spammers inputting dozens of URLS into the <textarea>
input fields. The regular <input> boxes have a "maxlength" attribute
which can limit the # of characters, but the <textarea> seems to have
no such ability.

Any ideas on how I could prevent mis-use of the textarea fields?

thanks for any suggestions...

Don

You cannot limit the size with HTML. You can use client side javascript
(for users who have js enabled) to alert the user that they have gone over
the limit, but the only real way to do it server side. Check the length of
the form variable and return an error if the field is too long.

 

[Greg N.]

... feedback forms ... gets a
lot of spammers inputting dozens of URLS...

1. Put a <meta name="robots" content="noindex,nofollow"> whereever you
offer a form, like feedback pages, eguestbooks, etc. If the robots don't
know about the page, the spammers won't find it.

2. if above fails, change the feedback page's URL once a year or so.

 

[Hywel Jenkins]

1. Put a <meta name="robots" content="noindex,nofollow"> whereever you
offer a form, like feedback pages, eguestbooks, etc. If the robots don't
know about the page, the spammers won't find it.

2. if above fails, change the feedback page's URL once a year or so.

How hard is it to know up a VB application that loads a URL (possibly
from a Google search) and then follows every link, scans the page
(including JavaScript) for anything that resembles a URL, and then
visits it? Not hard at all.

The meta tag you suggest is pointless.

 

[Greg N.]

The meta tag you suggest is pointless.

A 90% solution is never "pointless". I'm very familiar with the OP's
problem, and I've solved it that way.

 

[hyweljenkins]

I'm very familiar with the OP's

problem, and I've solved it that way.

Explain it then. I bet it doesn't work as well as you think; certainly
not anywhere near 90% effective. Robots don't ahve to honour the
robots meta tag that you suggest, so why would they? After all,
spammers are generally somewhat unscrupulous.

 

[Jedi Fans]

Explain it then. I bet it doesn't work as well as you think; certainly
not anywhere near 90% effective. Robots don't ahve to honour the
robots meta tag that you suggest, so why would they? After all,
spammers are generally somewhat unscrupulous.

edit the robots.txt file...

 

[Jedi Fans]

edit the robots.txt file...

to stop robots completely... not spammers lol

 

[Steve Pugh]

edit the robots.txt file...

What good will that do? Spammers ignore robots.txt just like they
ignore robots meta tags.

Steve

 

[mbstevens]

edit the robots.txt file...

Robots don't have to obey that, either. It serves as a command only for
law abiding robots.

 

[Jedi Fans]

Robots don't have to obey that, either. It serves as a command only for
law abiding robots.

hmm kk :/

 

[Greg N.]

Explain it then. I bet it doesn't work as well as you think; certainly
not anywhere near 90% effective. Robots don't ahve to honour the
robots meta tag that you suggest, so why would they? After all,
spammers are generally somewhat unscrupulous.

I believe the guestbook spammers don't run their own crawler, it would
be far too resource consuming. Rather, they work off search engines,
for instance,

http://www.google.de/search?q=guestbook+url+email+comment+name

gives them more than enough spam targets.

Google *does* honor the "robots...noindex" directive. So keeping one's
guestbook URL off google ist indeed *extremely* effective to avoid
guestbook spam.

The second trick is to change the guestbook's URL every once in a while.
Once the spammers get hold of your URL, that's the only way to get off
their hook.

I have a number of sites with guestbooks. They have been on the same
URLs for years. The guestbook spam phenomenon started about two years
ago and becam worse and worse. 5 months ago, I changed the guestbook
URL and put in the noindex directive (only on the guestbook page) and
have not gotten a single guestbook spam ever since.

So, for me, this has worked not 90, but 100%.

 

[Fab]

forgive me if this thread is dead, but I have a similar problem with one of
my sites. i use a cgi (perl) mail script called 'formmail.pl' - one of
those generic ones i found on the internet. i am wondering if there is any
kind of scripting either in the Perl script or in the form-checking
javascript that could either introduce a "delay" in the form processing
(thereby preventing rapid-fire spamming by a robot), or something that could
reject the form input based on a word or phrase (this script kiddie uses the
same psuedonym in all his spamming)

any input or pointer gratefully appreciated...

Roy

 

[Jukka K. Korpela]

forgive me if this thread is dead,

It isn't; you are continuing it. But most of us have difficulties in seeing
what you are commenting on, partly because of your upside-down fullquoting
which makes it impossible to see what part of another person's message you
are commenting on.

i use a cgi (perl) mail script called 'formmail.pl' -
one of those generic ones i found on the internet.

All bets are off. Scripts under such a name are widely available, and they
often originate from an old script that was _full_ of security holes.

i am wondering if
there is any kind of scripting either in the Perl script or in the
form-checking javascript that could either introduce a "delay" in the
form processing (thereby preventing rapid-fire spamming by a robot),

Do you really think that spamming robots would execute your client-side
code?

or
something that could reject the form input based on a word or phrase
(this script kiddie uses the same psuedonym in all his spamming)

Surely it is possible to include filtering in form data processing. You
just need to specify what you want and find someone who implements it for
you, for a price that you can agree on. But don't expect spammers to remain
kind enough to use some permanent identification like the same pseudonym.

any input or pointer gratefully appreciated...

Consider learning how to post to Usenet. See
http://www.cs.tut.fi/~jkorpela/usenet/dont.html for some pointers.