Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
I am using PHP $REMOTE_ADDR for the IP.
You will never stop human spammers creating new accounts but yous should be able to filter out the bots.
Creating multiple accounts through different IPs is easy enough. I am sitting in a friend's house in London and, in a few minutes, As well as using my friend's broadband connection I could also use my own mobile connection and two unprotected wireless connections within range.
A basic premise: spammers always want something. If you can figure out what those motivations are, and take away the motivations, they will move on to greener pastures, which is the best we can hope for.What I mean by this will become apparent.
IME a Captcha only provides temporary relief, and they **can** be broken by bots, I've seen it happen in a vBulletin install. If it's a message board, by all means, use the captcha, but you should also be able to add a custom field. Second, like it or not, moderate signups.
In a message board environment, they want to get in and start dropping spam links. If you moderate, spammers will figure you're too much trouble and will delete their posts anyway.
If it's **anything else** - a contact form, account registration form **any** input form, especially if it results in an email being sent - it gets easier.
Most of these attacks have a certain "flavor" to them - they want to link drop. They will use standard links, encoded links, BBcode style links, but you can identify it easily. Step 1 is to log all input coming from your forms. Open a test file in a private location, write the raw input to it, review it often. This is required to get the exact pattern of what they are up to.
Step two is to accept only what you want, throw everything else away, then build a list of common patterns to trigger an exit if those patterns are found. On exit, just a simple message: "invalid input found, no email was sent. Action logged."
This simple method will stop most of them; they will give up and realize they are wasting time on you.
I have never had to resort to a Captcha, creating a barrier for your users should be an absolute last resort.
Two cents on IP's: for spammers, they are likely compromised computers/servers, but for many legitimate users, their ISP dynamically changes the IP as needed.
I know it was the same spammer because each time they used the same credit card to pay for the transaction. Yet each account created used a different email address and each account had a different IP.
There is no doubt a tool must exist that these spammers are using to mask their IP. Maybe it is hush-hush, and of course for good reason, but as more and more of them use this method it increases the work-load on us site-admins to authenticate TRUSTED users....
Nothing "hush hush" there :)
..Just basic old school netcraft ( frequently used as a way around download sites that limit how many times one can connect and download from the same IP ) ..
If the "target site" drops a "timed" cookie then they just flush cookies as their IP gets re-assigned ..
If you know the card is stolen ..tell the law enforcement service where you are ..they or you can log the IP's ..and then they can find from the ISP who and where the logins are coming from ..and "visit" :)
The fact that you say you "know" the card is stolen means you may even get into some trouble yourself if you didn't tell the law ..CYA
each time they used the same credit card to pay for the transaction.
BANG. You got 'em. Ban the credit card number on submit, this would be far more reliable than banning by IP, which may cut out a lot of legitimate users.
a tool must exist that these spammers are using to mask their IP.
Or a set of them . . . as said, compromised servers or compromised computers. They'll never do this if there's the slightest chance they could be tracked, when you ban a spammer's IP, you're banning Joe Schmoe who doesn't even know he's been hacked.
Just basic old school netcraft
I have written down 15 different IP addresses from this spammer. I ran them all through DNSSTUFF.com and to my amazement they ALL come back to different hosts/isp's ALL in different parts of the country. No 2 are the same.