homepage Welcome to WebmasterWorld Guest from 54.211.95.201
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

This 35 message thread spans 2 pages: < < 35 ( 1 [2]     
How Can I Sort Forum Spam Email
Forum Spam Email
Truegho




msg:3994552
 12:40 am on Sep 24, 2009 (gmt 0)

How can I sift through spam emails to enable me to approve the GENUINE registrations? I have a long list of registered emails waiting for me to activate them. However, a lot of these emails are from gmail, which I believe is a popular address which spammers use.

It is an absolute pain not knowing how to sift out the spam emails from the genuine ones, so I would be really grateful for any advice on how I can do this.

 

phranque




msg:3997219
 7:27 pm on Sep 28, 2009 (gmt 0)

weed any act not posted to for about 60 days

assuming you mean new user accounts here.

civgroup




msg:3997698
 2:00 pm on Sep 29, 2009 (gmt 0)

We integrated an IP geolocation service's api into our forum registration system (20k+ member forum) and can deny all registration attempts from certain countries or proxies. I highly recommend it.

jd01




msg:3999082
 6:34 am on Oct 1, 2009 (gmt 0)

I came up with a novel solution that completely got rid of all forum spam registrations and as a happy benefit also seemed to drive the bots away. The problem is that it only works on boards that aren't especially busy or popular.

What I did was simply turn off forum registration altogether. I then redirected the link to register for the forum to lead to a static HTML page I created. On that page it lists instructions to register for the forum (the user simply has to send me an email with a few pieces of information). The email link itself is embedded in javascript and can be changed quickly and easily should the email address get spammed out (so far that address has remained spam free). I then manually register the users.

Why not expand on this idea a bit, which requires JS to run and move the whole form to AJAX?
(If some *major* websites can require JS to register, why can't you?)

####### # ####### # #######

On the Registration Page:

####### # ####### # #######

<head>
<script type="text/javascript" src="http://www.example.com/register.js"></script>
</head>

<noscript>You MUST have JavaScript enabled to Register. Please adjust your browser settings and refresh this page. If you are unable to use JavaScript, please 'do something the tiny percentage of people who actually want to sign up and cannot run JS can do, but a bot can't, like make a phone call?' (Dunno, up to you.)</noscript>

<div id="ClickToRegister" onClick="showForm('LinkClicked');">Click Here to Register</div>

####### # ####### # #######

http://www.example.com/register.js is outlined below:

####### # ####### # #######

function showForm(realClick) {

/* Here's the key I see to making this *way* too much work for most people to bother with writing a bot for: Split the names of the input fields and JUMBLE the response between the php file and the .js file for the names of the input area. The 'real' field names I'm going to use are: VisitorName (= username), FromMailAddress (= email), KeyToLogin (= password) */

var inputField1="Address";
var inputField2="Name";
var inputField3="Key";

/* Make a POST request with "VarName=" + realClick; to 'getfieldnames.php' (or some other server-side script lang) here. */

/* http://www.example.com/getfieldnames.php checks to see if the POST variable matches VarName=LinkClicked, checks to ensure the POST actually came from your website, etc and if everything checks out, echo's "FormMail^ToLogin^Visitor"; */

var phpResult = http_request.responseText;
var fields=phpResult.split("^");

/* Remember:
inputField1="Address"; inputField2="Name"; inputField3="Key";
fields[0]="FormMail"; fields[1]="ToLogin"; fields[2]="Visitor"; */

var realInputField1 = fields[0]+inputField1;
var realInputField2 = fields[2]+inputField2;
var realInputField3 = inputField3+fields[1];

document.getElementById('ClickToRegister').innerHTML = "<form name=\"SignUp\" action=\"\" onSubmit=\"yourProcessingFunctionHere()\">" +
"<input type=\"text\" name=\"" + realInputField1 + "\" />" +
"<input type=\"text\" name=\"" + realInputField2 + "\" />" +
"<input type=\"password\" name=\"" + realInputField3 + "\" />" +
"<input type=\"submit\" name=\"submit\" />" +
"</form>";
}

####### # ####### # #######

Put a 2nd POST to PHP Function to Process the Form Below

####### # ####### # #######

function yourProcessingFunctionHere() {

/* Gather the values of the input fields and make a POST request to formvalidation.php, which passes the names and values of the fields in the form... */

/* If the names do not match, you will know someone either: */

/* A.) Tried to assemble your JavaScript and get the names for the form fields from there. */

/* B.) Found the php page, somehow made a post and tried to get the names of the form fields from there. */

/* C.) Just made something up, because the names I used are non-standard. */

/* The only way I can see to get the right names for the fields is to actually both parse the JS, and POST to the PHP, because to get the right names for the fields they have to put both together. (It means unless you've got a really advanced bot you probably can't automate signing up.) */
}

####### # ####### # #######

I wrote for basic readability and understandability, and of course this is a non-working, and definitely not a copy / paste example. I hope it gives you some ideas, because it's really tough to get past the methods of this one since you have to be able to both parse the JS, and POST to the PHP just to get the fields you need to submit the registration... You can also change any of it to 'unique to you' easily.

####### # ####### # #######

2clean




msg:4002904
 12:50 pm on Oct 7, 2009 (gmt 0)

Yup that nuked one of my aliases from 2002!

SwitchFX




msg:4016612
 1:28 am on Oct 31, 2009 (gmt 0)

Why are you even doing manual authentication? There are so many ways to combat spam registrations and emails.

This 35 message thread spans 2 pages: < < 35 ( 1 [2]
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved