homepage Welcome to WebmasterWorld Guest from 54.167.174.90
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Dealing With Spam
jojy

5+ Year Member



 
Msg#: 4147439 posted 6:31 pm on Jun 5, 2010 (gmt 0)

In past few days I have been getting massive spam on my few sites. Initially I banned the ips but later I found these ips are anonymous proxy ips distributed on proxy sites. I am looking for a way to determine such ips that are available on proxy sites and block them.

Any help on this would be greatly appreciated.

Thanks

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4147439 posted 9:18 pm on Jun 5, 2010 (gmt 0)

massive spam on my few sites.


Through form input, correct?

Banning IP's is an endless chase. Additionally those IP's may be IP's of legitimate users who's computers have been compromised.

The problem is in how your form processors (mailer scripts, etc.) are being abused and how you handle the input. There are a number of ways to slow it down, or at least make your sites too much trouble, and make them go away, which is sometimes the best you can hope for. CAPTCHA is one of the ways a lot of people use, but IMO should rarely be necessary and presents a barrier to your users.

Here's an old thread [webmasterworld.com] with lots of ideas ranging from simple (blank hidden field) to thorough (halting on certain common regex patterns) with varying degrees of permanence.

MotorCitySarge



 
Msg#: 4147439 posted 12:20 am on Jun 7, 2010 (gmt 0)

Hmmm... I was doing really good on the amount of spam that was being caught by Microsoft Outlook 2010, UNTIL, I just recently switched my ISP to AT&T Uverse High Speed DSL. Great speed, great prices, but the amount of spam I get into the user@att.net never ends. I ban the sender each time. I've never used any @att.net email addresses, but continue to receive a large daily dose of spam now. And it's always the same format/layout, pictures are blocked, so each message has same look, just different info and a new email address that it came from. They come as fast as I can add them to the spam block sender list. I can't find anywhere in the Uverse+Yahoo (big yawn) email settings to shut off my email options. Anyone have any ideas? They're worse then www.facebook.com when it comes to hiding stuff in their privacy settings... LOL

-Sarge

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4147439 posted 12:38 am on Jun 7, 2010 (gmt 0)

Are we talking about email spam or form submission spam here?

If it's automated spam on your site, no humans involved, you can typically foil them by merely requiring javascript to make your forms work.

Detecting an open proxy site can be as simple as attempting to open several common ports typically starting with port 80 for that IP and if it succeeds, you have a proxy site.

If we're talking email SPAM, you can usually get rid of most of it by defining DNS zones for DNSBL service in your email system and using a couple of rather aggressive anti-spam DNSBL services.

tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4147439 posted 2:36 am on Jun 7, 2010 (gmt 0)

One method is to kill that user@att.net address and create a new one, then never send an email! If you recently changed ISPs then your original email addy is already different so changing it one more time won't hurt.

Stefan

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4147439 posted 4:02 am on Jun 7, 2010 (gmt 0)

I can't find anywhere in the Uverse+Yahoo (big yawn) email settings to shut off my email options.

Welcome to WW, Sarge. Apologies if I'm not understanding this right.

Do you need to check the ISP email acct user@att.net with your email client? Can't you just ignore it and use your own email address on your own server?

Like Bill said, you can run some DNSBL's (DNS blocking lists) on your own server and stop most of them that way. I'm using a couple that aren't that aggressive (zen.spamhaus.org, bl.spamcop.net), and not much makes it through (mostly the 419 guys). SpamAssassin takes care of them, and they go to the trash folder in Tbird.

MotorCitySarge



 
Msg#: 4147439 posted 5:23 am on Jun 7, 2010 (gmt 0)

I'll get it taken care of. The point of it is, I NEVER used the email address for anything. I've never sent email form it, or entered it into any forms. These spam emails came as soon as I activated my AT&T Uverse (user@att.net) account. I guess I'll just have to dig deeper as I'm sure they're like Zuckerboy and Facebook where you have to peel back your privacy levels like an onion. One step at a time until you finally find all his hidden checked boxes, which allows Facebook to share all your private information with all the companies that you "liked" etc.

And thanks for the welcome.

-Sarge

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4147439 posted 8:13 am on Jun 7, 2010 (gmt 0)

welcome to WebmasterWorld [webmasterworld.com], MotorCitySarge!

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4147439 posted 9:00 am on Jun 7, 2010 (gmt 0)

The point of it is, I NEVER used the email address for anything.


Doesn't matter.

Many servers open their address list to the world, like a bunch of idiots, just because it's the polite and correct way to implement the protocol.

How did my Gmail address and Yahoo address get spam when it was just created before it was used?

Now you know.

Stupidity rules.

jojy

5+ Year Member



 
Msg#: 4147439 posted 12:25 pm on Jun 7, 2010 (gmt 0)

Though this is form submission spam on community website but I am using captcha on signup and email address validation and also flood control for excessive messages.

I believe spammers manually send spam because I have so many checks and random captcha validation on messages.

It is impossible to get them out.

MotorCitySarge



 
Msg#: 4147439 posted 12:40 pm on Jun 7, 2010 (gmt 0)

I would have to agree on the amount of spam from Yahoo. Yahoo and AT&T are branded together for their email and such. I get tons of spam on my yahoo and never use it's email service either. Now, as far as Gmail goes.... they're one of the best for handling spam email. I rarely get spam in my inbox and only once in a while find a good piece of email in the spam folder that got caught up somehow.

-Sarge

PCInk

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4147439 posted 12:42 pm on Jun 7, 2010 (gmt 0)

If you use Outlook (or a competitor) then you should be able to set up rules. For example, you could automatically move anything with "@att.net" in the receivers address to a junk folder (for MotorCitySarge).

MotorCitySarge



 
Msg#: 4147439 posted 1:40 pm on Jun 7, 2010 (gmt 0)

Well, I'm using Outlook 2010 from the Office 2010 Pro Package. And none of the return addresses are from @att.net as the sender will continuously change but the messages are pretty much the same things over and over and over. My junk mail rules folder is so full right now.

But hey, life goes on and I thank everyone for their input.

-Sarge

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4147439 posted 5:04 pm on Jun 7, 2010 (gmt 0)

I believe spammers manually send spam because I have so many checks and random captcha validation on messages.


Can you get directly to the script, bypassing the captcha? Don't laugh . . . I've seen it. That is, once the processor location is discovered, can I go to example.com/yourscript.php without a captcha prompt?

If not, captchas can be broken, I don't know how or why (and don't care), but I've seen it. If you're getting a significant amount, it's not likely manual.

Take a step back, look through some of the posts in that link I posted on page one, there are lots of good ideas. One that everyone seems to like is the empty hidden field, and if anything is populated in this field, stop the script. Another is a simple "what is 1 + 5?" where the questions and answers are random.

If nothing else either of these should afford temporary relief, but there's other things you can do. Captcha is obviously not working for you.

wyweb



 
Msg#: 4147439 posted 5:24 pm on Jun 7, 2010 (gmt 0)

and if anything is populated in this field, stop the script.

Or set up a filter and send it to the BS folder.

Stopping it period is the best way though.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4147439 posted 5:35 pm on Jun 7, 2010 (gmt 0)

I use javascript and actually record the actual keystroke events which only happen if someone is at the keyboard typing and pass that information along with the form submit.

Not human, no keystrokes, no submission :)

So far, 99.999% spam free with the exception of the very occasional hand spam which is maybe 1-2 per week, a volume easily dealt with.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved