K * L * U * K
Advertising
print pageFight the spam part X
A long while ago I've implemented a Spam protection JavaScript for ve_guestbook developed by Christoph Neumüller. This protection was cracked by the spammers by teaching their bots JavaScript or whatever.
Anyway, he developed a new version which works a bit different and I am of the same opinion, that this protection will be very hard to crack. He describes the method on his homepage [1]. For all of you who doesn't understand German I give you a small abstract:
The point is that the most spam bots want to place an URL in a field called "homepage", "hp", "url" or whatever. In most other cases placing links doesn't make sense for them. Now here comes the trick.
We create a kind of honeypot consisting of a field with the name "homepage" which is hidden for the user via CSS. A new field with a random name will replace it in the form. You can call it "spammers-suck" for example.
All we have to do now is, to add a small piece of PHP in the pi1 class of ve_guestbook to check if the hidden field contains anything. If that is the case, a spammer tries to infiltrate our guestbook. That is the point where we simply exit the guestbook code and print out a nice message for the spammer.
As you can see, the method has a small hitch. We have to change the sourcecode of ve_guestbook. I hope the author of that extension will implement that or at least add a usable hook at that point. We will see! :-) In any case: Thank you Christoph!!!
I have implemented this now on the comment form and I will look at the amount of spam that comes in the next days / weeks.
Greets,
Thomas
- Related News:
Oh man... Massive spamming ... again - 22-10-07 09:55
- Links:
[1] Original article (german)
trackback to this entry
7 Responses to “Fight the spam part X”
#2: Martin Adler commented on Tuesday, 19-06-07 15:39
@Ingo: why use an easy way, if there is a difficult one? ;-)
#3: Ingo commented on Wednesday, 20-06-07 07:25
what's difficult about just installing an extension?
#4: Thomas commented on Wednesday, 20-06-07 08:14
@Ingo: I guess he meant that I do it with JavaScript instead of just installing an extension.
Well, I use both things now because I want to test how akismet protects me from trackback spam.
Greets,
Thomas
#5: Michael Fritz commented on Wednesday, 20-06-07 15:45
I wonder what is so brilliant about mf_akismet? imo it just gives you the option to mark comments as spam which is no big deal compared to deleting entries in old school style? for me neither mf_akismet nor timtab_badbehavior works..
but hopefully the javascript thing is a solution..
#6: Thomas commented on Wednesday, 20-06-07 15:48
@Michael: You have to have an account at wordpress.org. There is an webservice running that checks your incoming guestbook posts for spam. You don't have to mark them manually.
Greets,
Thomas
#7: Micha commented on Friday, 22-06-07 19:27
I think I need to write a manual with a good "What does it do" *g*
Leave a Reply
Latest comments
- Thomas
Hi Tobias, I linked that page already in the post. But the fact that you posted that link again m...
- Tobias
This is the original post by Stephan Petzl in his Blog: www.synapsick.net/nc/rackattack/articles/...
- Thomas Hempel
Hi Melanie, we just don't care! ;-) I mean most of us are german and for us tt_clap stands for cla...
- dieMelanie
Ihr wisst aber, das "Clap" in der englischen Umgangssprache für Gonorrhoe steht? :-/... :-D
- Loredana Zeca
Very nice. I love it, I hope to see it soon how that really works. :)
Blogroll
Advertising
Meta
#1: Ingo commented on Tuesday, 19-06-07 12:18
you could also simply use mf_akismet, does an awesome job, even on buzz.typo3.org ... no more spam, install and be happy