Are spambots smarter these days?

Forum Moderators: coopster

Message Too Old, No Replies

Are spambots smarter these days?

I am still getting spam after verfiaction

someone

10:23 pm on Dec 6, 2006 (gmt 0)

So basically i set up a simple math question for verification. I don't verify the email address though. But still, they would have to get the math question correct in order for the form submission to go through. But after all, I am still getting spams. Are those spams manually entered or are spambots just getting smarter these days?

eelixduppy

10:29 pm on Dec 6, 2006 (gmt 0)

>>>Are those spams manually entered or are spambots just getting smarter these days?

Probably a little bit of both, I would say. There are a lot of threads going around WebmasterWorld right now about the issue of spamming forms.

Here's a thread [webmasterworld.com] from our library. You may want to look into a CAPTCHA solution in addition to what you have now.

Also, it doesn't have to be a sum of numbers. It can be any question that someone will be able to answer.

barns101

11:19 pm on Dec 6, 2006 (gmt 0)

I have had a lot of success without the need to use captcha, but simply using eregi() [php.net] to check input for the following:

The "from" address is not an address at my domain (because I'm not going to be emailing myself, am I!)
No hyperlinks in the submitted data (i.e. check for "<a href" in the data) because it's unlikely that a genuine visitor will send me an HTML formatted message!
No "MIME-Version:" or "Content-Type" in the submitted data because that's probably an injection attempt

That pretty much makes sure that all emails that I receive through my contact forms are genuine. I get the odd bit of spam using a new technique but then that method is blocked within a couple of minutes, too! :)

barns101

12:45 pm on Dec 7, 2006 (gmt 0)

A new one that I received today:

Check for "<script" in the input (similar to the "<a href" spam attempt)