Web Forms / Perl / SPAM detection

Discussion in 'Perl Misc' started by - Bob -, May 3, 2007.

  1. - Bob -

    - Bob - Guest

    I have some web forms that are getting hit by spammers sending spam
    into the system. They are simple forms, add your name, address, etc.
    Perl code handles the form, of course!

    I'd like to cut down on the spammers. I was thinking that perhaps I
    could check the person's IP against blacklists... but most of the
    blacklists I know of are mail servers, so I am not sure that is
    practical. I am hoping to avoid the "enter this displayed secret code"
    mechanism as an annoyance for legit users. But, I am open to
    suggestions on existing Perl based solutions (trails blazed before
    me!) or just pointers to good resources on programmable solutions to
    this issue.

    Thanks,
     
    - Bob -, May 3, 2007
    #1
    1. Advertising

  2. - Bob -

    Guest

    On May 3, 8:40 am, - Bob - <> wrote:
    > I have some web forms that are getting hit by spammers sending spam
    > into the system. They are simple forms, add your name, address, etc.
    > Perl code handles the form, of course!
    >
    > I'd like to cut down on the spammers. I was thinking that perhaps I
    > could check the person's IP against blacklists... but most of the
    > blacklists I know of are mail servers, so I am not sure that is
    > practical. I am hoping to avoid the "enter this displayed secret code"
    > mechanism as an annoyance for legit users. But, I am open to
    > suggestions on existing Perl based solutions (trails blazed before
    > me!) or just pointers to good resources on programmable solutions to
    > this issue.
    >
    > Thanks,


    Utilize a 'Captcha' system. Have your Perl script generate an image
    with a 5 character text code. Then force the user to type the text in
    the image before submitting. This will stop bots.
     
    , May 3, 2007
    #2
    1. Advertising

  3. - Bob -

    Brian Wakem Guest

    - Bob - wrote:

    > I have some web forms that are getting hit by spammers sending spam
    > into the system. They are simple forms, add your name, address, etc.
    > Perl code handles the form, of course!
    >
    > I'd like to cut down on the spammers. I was thinking that perhaps I
    > could check the person's IP against blacklists... but most of the
    > blacklists I know of are mail servers, so I am not sure that is
    > practical. I am hoping to avoid the "enter this displayed secret code"
    > mechanism as an annoyance for legit users. But, I am open to
    > suggestions on existing Perl based solutions (trails blazed before
    > me!) or just pointers to good resources on programmable solutions to
    > this issue.
    >
    > Thanks,



    When a load of link spamming bots were hitting our contact forms I found
    that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
    crap.


    --
    Brian Wakem
    Email: http://homepage.ntlworld.com/b.wakem/myemail.png
     
    Brian Wakem, May 3, 2007
    #3
  4. On May 3, 2:40 pm, - Bob - <> wrote:
    > I have some web forms that are getting hit by spammers sending spam
    > into the system. They are simple forms, add your name, address, etc.
    > Perl code handles the form, of course!
    >
    > I'd like to cut down on the spammers. I was thinking that perhaps I
    > could check the person's IP against blacklists... but most of the
    > blacklists I know of are mail servers, so I am not sure that is
    > practical.


    No, not really. These lists will often block all dynamic IP pools
    which would block far too many ligit users.

    > I am hoping to avoid the "enter this displayed secret code"
    > mechanism as an annoyance for legit users.


    Not to mention, in some jurisdictions, quite possibly grounds for a
    law suit from visually impaired users.
     
    Brian McCauley, May 3, 2007
    #4
  5. Brian Wakem wrote:
    > - Bob - wrote:
    >>I am hoping to avoid the "enter this displayed secret code"
    >>mechanism as an annoyance for legit users. But, I am open to
    >>suggestions on existing Perl based solutions (trails blazed before
    >>me!) or just pointers to good resources on programmable solutions to
    >>this issue.


    I don't like CAPTCHA either.

    The CPAN module CGI::ContactForm includes a cookie based spam prevention
    feature. It's not waterproof, but it does stop some of the bots.

    > When a load of link spamming bots were hitting our contact forms I found
    > that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
    > crap.


    I suppose that would stop the rest of the bots for me too.

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
     
    Gunnar Hjalmarsson, May 3, 2007
    #5
  6. In article <>,
    - Bob - <> wrote:

    > I have some web forms that are getting hit by spammers sending spam
    > into the system. They are simple forms, add your name, address, etc.
    > Perl code handles the form, of course!
    >
    > I'd like to cut down on the spammers. I was thinking that perhaps I
    > could check the person's IP against blacklists... but most of the
    > blacklists I know of are mail servers, so I am not sure that is
    > practical. I am hoping to avoid the "enter this displayed secret code"
    > mechanism as an annoyance for legit users. But, I am open to
    > suggestions on existing Perl based solutions (trails blazed before
    > me!) or just pointers to good resources on programmable solutions to
    > this issue.
    >
    > Thanks,
    >


    My contact page was getting hit by spammers and I tried for a while to
    us a block list. It became to burdensome to constantly update it. I
    was ready to implement a CAPTCHA but found a really quick solution.

    I renamed all the fields to generic names (e.g. FIELD1, FIELD2, etc.)
    and added a HIDDEN field which I gave a default value of "" in the form.
    In the form processing script (this was PHP, but it will work in PERL
    also), if the hidden field has a non-blank value, I know a BOT has
    filled out the form and I don't process it further. Only a human
    filling out the form and pressing SUBMIT will process it.

    Simple and it seems to work. No BOTs have sent me email for a while now.

    --
    DeeDee, don't press that button! DeeDee! NO! Dee...
     
    Michael Vilain, May 3, 2007
    #6
  7. Michael Vilain wrote:
    > I renamed all the fields to generic names (e.g. FIELD1, FIELD2, etc.)
    > and added a HIDDEN field which I gave a default value of "" in the form.
    > In the form processing script (this was PHP, but it will work in PERL
    > also), if the hidden field has a non-blank value, I know a BOT has
    > filled out the form and I don't process it further. Only a human
    > filling out the form and pressing SUBMIT will process it.
    >
    > Simple and it seems to work. No BOTs have sent me email for a while now.


    Interesting. Do you know if it's the generic names or the hidden fields
    that is the key of success? Or is it the combination?

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
     
    Gunnar Hjalmarsson, May 4, 2007
    #7
  8. - Bob -

    - Bob - Guest

    On Fri, 04 May 2007 03:02:10 +0200, Gunnar Hjalmarsson
    <> wrote:

    >Michael Vilain wrote:
    >> I renamed all the fields to generic names (e.g. FIELD1, FIELD2, etc.)
    >> and added a HIDDEN field which I gave a default value of "" in the form.
    >> In the form processing script (this was PHP, but it will work in PERL
    >> also), if the hidden field has a non-blank value, I know a BOT has
    >> filled out the form and I don't process it further. Only a human
    >> filling out the form and pressing SUBMIT will process it.
    >>
    >> Simple and it seems to work. No BOTs have sent me email for a while now.

    >
    >Interesting. Do you know if it's the generic names or the hidden fields
    >that is the key of success? Or is it the combination?


    Interesting solution. I am thinking that the hidden field is the only
    one that really counts. Some bots might go away if they don't see any
    fields like "name", "address", "comment", etc, but if you have a
    hidden field named "comment", any that stick around will likely fill
    it in and reveal their bot-ness.
     
    - Bob -, May 4, 2007
    #8
  9. - Bob -

    - Bob - Guest

    On Fri, 04 May 2007 00:31:28 +0200, Gunnar Hjalmarsson
    <> wrote:

    <>
    >The CPAN module CGI::ContactForm includes a cookie based spam prevention
    >feature. It's not waterproof, but it does stop some of the bots.




    >> When a load of link spamming bots were hitting our contact forms I found
    >> that ignoring any message with '</a>' or '[/url]' in got rid of 99% of the
    >> crap.

    >
    >I suppose that would stop the rest of the bots for me too.


    Good point... every bot that has hit me has pasted HTML in... That's
    probably a good detector.
     
    - Bob -, May 4, 2007
    #9
  10. - Bob - wrote:
    > I have some web forms that are getting hit by spammers sending spam
    > into the system. They are simple forms, add your name, address, etc.
    > Perl code handles the form, of course!


    So far this works: use external JS file; call from BODY ONLOAD to build
    non-trivial submit button; test for it. Robots don't do JS, so can't
    submit. Downside: users need JS.

    --
    John W. Kennedy
    "The grand art mastered the thudding hammer of Thor
    And the heart of our lord Taliessin determined the war."
    -- Charles Williams. "Mount Badon"
    * TagZilla 0.066 * http://tagzilla.mozdev.org
     
    John W. Kennedy, May 5, 2007
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rene Pijlman
    Replies:
    22
    Views:
    735
    Fredrik Lundh
    Dec 10, 2003
  2. Sergio Correia
    Replies:
    7
    Views:
    293
    Ben Finney
    Sep 18, 2007
  3. Replies:
    3
    Views:
    521
  4. zax75
    Replies:
    1
    Views:
    1,104
  5. David Binnie
    Replies:
    2
    Views:
    453
    Rich Webb
    May 22, 2009
Loading...

Share This Page