PDA

View Full Version : Defeat automated spam with randomized fields


dnebeker
08-28-2012, 12:07 AM
I've got all the anti-spam features turned on in my forum and I'm still getting swamped.

My forum states we use rel=nofollow in hopes of discouraging some human spammers. But the automated spam is still coming strong, and getting past the protection techniques. So I've been pondering... :)

What I'd love to see is the form engine randomize all the form field IDs before sending the page to the browser. A session variable in the server would map the random field ID to the real field ID, so when the form is posted back, the fields can be re-aligned. That would defeat automated tools that do simple form posts with fixed/well known fields.

Some automated tools would get a little smarter and start parsing the page to grab the randomized IDs. These could be defeated by randomly changing the order of the fields on the page. A small javascript file would get loaded (created on the fly by the server given the form's random ID) which would re-arrange the form's fields, and add the field's titles, on the fly. This way an automated tool couldn't just parse titles or look at field position to guess what the form really is.

If vBulletin was written in ASP.NET, I'd take a stab at it. But I'm a complete noob at PHP so it's not something I could pull off easily. But surely someone else could...? :)

Max Taxable
08-28-2012, 12:14 AM
This ends autospam permanently, making most all other anti-autospam features superfluous:

https://vborg.vbsupport.ru/showthread.php?t=135094

Eosian
08-28-2012, 12:19 AM
Have you considered using a combination of NoSpam

https://vborg.vbsupport.ru/showthread.php?t=183329

While shunting the random question it uses into an image file so it can't be read by bots?

I've found it pretty effective.

kh99
08-28-2012, 12:25 AM
I've got all the anti-spam features turned on in my forum and I'm still getting swamped.


Your form field idea is a good one. But are you using recaptcha or image verification? It seems that those don't stop bots any more. You should be using question and answer with a few simple questions (or one of the suggestions above).