Advertising
print pageFight the spam part X
A long while ago I've implemented a Spam protection JavaScript for ve_guestbook developed by Christoph Neumüller. This protection was cracked by the spammers by teaching their bots JavaScript or whatever.
Anyway, he developed a new version which works a bit different and I am of the same opinion, that this protection will be very hard to crack. He describes the method on his homepage [1]. For all of you who doesn't understand German I give you a small abstract:
The point is that the most spam bots want to place an URL in a field called "homepage", "hp", "url" or whatever. In most other cases placing links doesn't make sense for them. Now here comes the trick.
We create a kind of honeypot consisting of a field with the name "homepage" which is hidden for the user via CSS. A new field with a random name will replace it in the form. You can call it "spammers-suck" for example.
All we have to do now is, to add a small piece of PHP in the pi1 class of ve_guestbook to check if the hidden field contains anything. If that is the case, a spammer tries to infiltrate our guestbook. That is the point where we simply exit the guestbook code and print out a nice message for the spammer.
As you can see, the method has a small hitch. We have to change the sourcecode of ve_guestbook. I hope the author of that extension will implement that or at least add a usable hook at that point. We will see! :-) In any case: Thank you Christoph!!!
I have implemented this now on the comment form and I will look at the amount of spam that comes in the next days / weeks.
Greets,
Thomas
- Related News:
Oh man... Massive spamming ... again - 22-10-07 09:55
- Links:
[1] Original article (german)
7 Responses to “Fight the spam part X”
#2: Martin Adler commented on Tuesday, 19-06-07 15:39
@Ingo: why use an easy way, if there is a difficult one? ;-)
#3: Ingo commented on Wednesday, 20-06-07 07:25
what's difficult about just installing an extension?
#4: Thomas commented on Wednesday, 20-06-07 08:14
@Ingo: I guess he meant that I do it with JavaScript instead of just installing an extension.
Well, I use both things now because I want to test how akismet protects me from trackback spam.
Greets,
Thomas
#5: Michael Fritz commented on Wednesday, 20-06-07 15:45
I wonder what is so brilliant about mf_akismet? imo it just gives you the option to mark comments as spam which is no big deal compared to deleting entries in old school style? for me neither mf_akismet nor timtab_badbehavior works..
but hopefully the javascript thing is a solution..
#6: Thomas commented on Wednesday, 20-06-07 15:48
@Michael: You have to have an account at wordpress.org. There is an webservice running that checks your incoming guestbook posts for spam. You don't have to mark them manually.
Greets,
Thomas
#7: Micha commented on Friday, 22-06-07 19:27
I think I need to write a manual with a good "What does it do" *g*
Leave a Reply
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « May | Jul » | |||||
| 1 | 2 | 03 | ||||
| 4 | 05 | 06 | 7 | 08 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Latest comments
- Ron
Thanks, Thomas. This is a big help. Some folks might need to know that when they are setting up the ...
- Thomas Hempel
Hi, @Andreas: I'm sure there is a solution to start Firefox directly with a profile. Even on OS ...
- Fran?ois
On Mac there's an even simpler solution: http://codecontortionist.com/software/mac-osx-software/...
- Andreas
Thanks a lot for your article. I'am working with linux and till now I run firefox under a different...
- Thomas
Hi Jonas, you have to be logged in. Open the issue you want to tag. At the end of the description, ...
Blogroll
Advertising
Meta
#1: Ingo commented on Tuesday, 19-06-07 12:18
you could also simply use mf_akismet, does an awesome job, even on buzz.typo3.org ... no more spam, install and be happy