View Issue Details

IDProjectCategoryView StatusLast Update
0008877phpList 3 applicationInterface - Frontendpublic31-10-12 13:27
Reporterhola 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Product Version2.10.4 
Target VersionFuture developmentsFixed in Version 
Summary0008877: SPAM Bot Protection
DescriptionHello - I note with the new 2.10.4 release that some sort of spam bot blocker function has been added. It seems that all it does is add a hidden field to the subsscription form and when some value is added to that hidden text box an email is sent to the admin. It seems that this solution relies on the field having a value added. What really needs to be done is two things:

1) add a captcha image
2) rename all text fields named "email"

Cheers

Marc
TagsNo tags attached.

Relationships

related to 0008826 new Add the possibility to use a CAPTCHA in the suscription form 
related to 0008219 new spam prevention, by using a traplist 
related to 0014717 new Add Bad Behaviour Spam Block Prevention script 
related to 0014599 resolvedmichiel Give more info when spam is blocked 

Activities

michiel

09-01-07 12:16

manager   ~0022347

I'd first like to see how effective the current method is. If Captcha can be avoided that would be my preference, as (a) captcha increases the complexity for users and (b) captcha is not failsafe

kyleknapp

19-04-08 05:04

reporter   ~0045281

I'm not sure how valuable my comments are, but here's my experience:

I was using version 2.10.2 A few days ago I started getting bombarded with "subscriber spam" (10, then 20, then 50, then 100+ per day). I upgraded to 2.10.5 to see if it would help.

At first there seemed to be no effect on the number of spam signups I was getting, though the spam-blocker was catching a few (1 or 2 per hundred). A day later, however, the spam seems to have completely stopped (except for a few intercepted by the spam-blocker, 5 of them in the past 24 hours). Don't know what this means. I'll post an update if I see any significant changes.

michiel

20-04-08 02:20

manager   ~0045291

that's very interesting, thanks for letting us know.

kyleknapp

22-04-08 06:44

reporter   ~0045474

they're back. No spam for 2 days. Now I've received about 80 in the past 4 hours. Almost all have "gmail" addresses (some say "egmail") All fields are filled with garbage, except for a textarea field named "Notes", which in apparently every instance contains HTML "<a href" tags and "[url=" tags with weblinks, mostly to viagra and other drug sellers

Ironically, I have a "Website" attribute, but this is just filled with garbage.

michiel

22-04-08 14:44

manager   ~0045534

interesting. So, they're clever bots. They adapt. Aargh, sounds very Matrixy

jsherk

19-05-08 20:09

reporter   ~0047447

Would like to have more info in the notify_spam email, like ip address and bot name, so I can try to eliminate certain spam attacks.

Spam_block works succesfully, but it doesn't tell me anything about the attack except the email address (usually fake) that it is using.

kyleknapp

19-05-08 21:05

reporter   ~0047451

Not very successfully, I'm afraid. I get 30-50 spam entries in my list for every one that gets successfully blocked.

jsherk

26-05-08 14:56

reporter   ~0047998

To: kyleknapp

kyleknapp, can you please contact me at jeff at forerunnertv dot com.

I am porting over a spam killing script called bad behaviour and I need somebody to test it (you look like the perfect candidate) before I post the mods in the forum.

I have it succesfully working on my site, but spam_block was also working for me... so you seem to need something in addition to spam_block, and perhaps this will work.

Bad Behaviour is a contact form and comment spam killer that is used very succesfully with blogs like wordpress and many others. You can read more about it here:
http://www.bad-behavior.ioerror.us/

kyleknapp

28-05-08 14:17

reporter   ~0048142

I have installed jsherk's "Bad Behaviour Spam Killer" and it works great. In the past 24 hours it has intercepted over 150 spam entries - so far none are getting through. Seems to have no effect on valid entries. See http://forums.phplist.com/viewtopic.php?t=18290 for installation instructions.

michiel

28-05-08 14:24

manager   ~0048143

sounds great. I'll put a "news item" on the site, so more people know about it.

jsherk

28-05-08 14:46

reporter   ~0048147

I have opened up a new Feature Request to have this added to phpList. If insterested, please leave your comments there as well:
http://mantis.phplist.com/view.php?id=14717

michiel

23-05-12 04:15

manager   ~0051598

and then there's http://www.phplist.com/formspamclass