Lots of spam through guestbook
Permalink
Hi Guys
The past few months have seem a marked increase in spam though the guestbook block on some of my clients sites, even with the captcha.
Is their a way to make the captcha harder for these bots?
Client is not happy with this and hope someone has a solution baring taking the guestbook offline.
The past few months have seem a marked increase in spam though the guestbook block on some of my clients sites, even with the captcha.
Is their a way to make the captcha harder for these bots?
Client is not happy with this and hope someone has a solution baring taking the guestbook offline.
recaptcha?
http://www.concrete5.org/community/forums/block_requests/recaptcha-... the captcha system is updated in the next version btw.
http://www.concrete5.org/community/forums/block_requests/recaptcha-... the captcha system is updated in the next version btw.
Ill take a look at this. Not sure how easy it is to integrate into the guestbook. Thanks!
> But it being entirely Javascript based, doesn't help much with security.
Can you explain what you mean by that?
-Steve
Can you explain what you mean by that?
-Steve
Sure, all the user would have to do is turn off Javascript and it would render it useless. However I was reading further down the comments, and it looks like it also does server side verification. If it does, then you should be good to go.
- Josh
- Josh
Same problem: lots of spam in the guestbook.
I would like to block these spammers on the IP-level, but is there a way to find the IP-addresses of the spammers ? Is it logged in the database tables somewhere ? I do not see it in the logs, nor in the e-mail notification.
Looking at logs from the server and trying to match these with activity on the website is a tough job...
I would like to block these spammers on the IP-level, but is there a way to find the IP-addresses of the spammers ? Is it logged in the database tables somewhere ? I do not see it in the logs, nor in the e-mail notification.
Looking at logs from the server and trying to match these with activity on the website is a tough job...
What worked for me was adding this to the ip banned list
http://spam-ip.com/spam-blacklist.php...
Spam-IP.com provides a free Spam Blacklist that is updated hourly and powered by people from all over the world. Download the spam ip blacklist .CSV (also updated hourly) and use it to power your own filtering application or hardware.
It may seem a bit much, but I have Anonymous posting enabled on a forum, thats not moderated, and a decent amount of traffic, and I have yet to see one piece of spam, after the first 50 that made me seek out the list.
On a side note, I know from experience that some spam can hide itself from traffic, and stats monitoring, and trying to match spam with activity could result in you banning good users.
http://spam-ip.com/spam-blacklist.php...
Spam-IP.com provides a free Spam Blacklist that is updated hourly and powered by people from all over the world. Download the spam ip blacklist .CSV (also updated hourly) and use it to power your own filtering application or hardware.
It may seem a bit much, but I have Anonymous posting enabled on a forum, thats not moderated, and a decent amount of traffic, and I have yet to see one piece of spam, after the first 50 that made me seek out the list.
On a side note, I know from experience that some spam can hide itself from traffic, and stats monitoring, and trying to match spam with activity could result in you banning good users.
all the links to download the .csv don't work for me.
i found another site to get the ip ban list:
http://www.stopforumspam.com/downloads/...
you can add it into the c5 ban list in the dash board only problem is i had to do some find and replace editing to get the ip's to be on a new line and not comma separated.
i will post back if this is fixing my problem now! :)
my only concern is that the IP list is very very long. BT my internet provider keeps giving me a new IP every week or so. knowing this... i would expect the ip list to be out of date very quick.. but i would still be banning old IPs surely this could potentially ban actual clients from emailing through the website contact form?
http://www.stopforumspam.com/downloads/...
you can add it into the c5 ban list in the dash board only problem is i had to do some find and replace editing to get the ip's to be on a new line and not comma separated.
i will post back if this is fixing my problem now! :)
my only concern is that the IP list is very very long. BT my internet provider keeps giving me a new IP every week or so. knowing this... i would expect the ip list to be out of date very quick.. but i would still be banning old IPs surely this could potentially ban actual clients from emailing through the website contact form?
There has recently been some stronger captcha addons through the prb, and more are in the approval pipeline.
Personally, I would go for those rather than massive ban lists, for exactly the reasons you give.
Personally, I would go for those rather than massive ban lists, for exactly the reasons you give.
using this now without ban list.http://www.concrete5.org/marketplace/addons/recaptcha-captcha/...
i will also put a message up saying all comments are checked for spam before going live.
hopefully this will put SEO spammers of there game! lol
i will also put a message up saying all comments are checked for spam before going live.
hopefully this will put SEO spammers of there game! lol
http://www.webdesignbeach.com/beachbar/ajax-fancy-captcha-jquery-pl...
- Josh