site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

OS and Software > Webmasters and Developers > Forum and blog spam

Search Topic:
 Uniqs:
16		 Share Topic
 view:
normal
Posting?
Post a:
Post a:
Links: ·How To Get Noticed ·Web Monks FAQ ·Webhosting FAQ ·Posting Code ·How To Post ·Webhosting forum
AuthorAll Replies


DigitalXeron
There is a lack of sanity

join:2003-12-17
Hamilton, ON

Forum and blog spam

All,

I have over the past while been performing research on the issue of spam posted on websites. This research has been quite informative and quite revealing and as such I wish to share that research because it seems there is a lot of research on how to defeat email spam that's going around, but almost none on the web spam that spammers have moved to aside from "Use this widget on your site, it'll cure everything".

The research has revealed that:

1. "type these letters in that box" common CAPTCHAs will continue to be ineffective because spammers have resources to research circumvention. What needs to happen instead is for most sites to deploy their own unique CAPTCHA to make the resource expenditure effectively "cost" more than it benefits to try to adapt to them all.

2. Spam is performed by highly adaptive bots that emulate real web browsers, but like every emulation, it isn't perfect and quirks the browsers have may not exist in the bot software or vice versa where a quirk exists in the bots but not the browsers. Perhaps this can be used for detecting bots.

3. Often times spambots use similar email addresses for multiple accounts. Perhaps heuristics can be used to detect "like" email addresses and block or administratively queue registrations that use a too similar address.

4. Perhaps having forum/blog software able to take advantage of already existing email filtering suites could provide benefits. It wouldn't take much to write a wrapper to convert forum data into email-like headers (e.g. using the registration email as the "From:" header) and then use the TCP interface on the suite to pipe the message(s) through.

5. Forum/blog software needs to start to provide DNSBL interfaces so that site administrators can use external data sources for ban lists without the need to modify their forum software to install modules/modifications for each blacklist service. In the like, there needs to be more blacklists available for web based spam for email addresses and the like. API-based blocklists should be discouraged and more traditional DNSBLs should be encouraged for their universal compatibility and ease of querying.

6. Often times the spambots will perform registration through one IP address, but then post from a very different address. Perhaps detection on this can be performed and a decision process invoked if a user posts from a different ASN than their home ISP on their first several posts, it'll raise a red flag.

Overall, I believe the day and age where forum/blog software developers can simply write a simple CAPTCHA and be done with spam are over, for the needs to filter spam are equal with email since spammers have shifted their focus.
--
--Kradorex Xeron
[an error occurred while processing this signature]
to forum · permalink · 2013-04-07 15:29:50 ·
Forums > OS and Software > Webmasters and Developers

Sunday, 07-Apr 20:36:30 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics