Spam Protection?

[AlexC]

Does anyone have any tips for spam protection, perhaps something I could implant until the next update (which will hopefully have some spam protection too, haha).

I'm getting a bunch of sign ups from spam bots, and I have a feeling it'll only get worse once I start advertising. I'm removing the register page for now, but it's still an issue I hope to address soon.

 

[IntoRain]

The question you put up in the register page would be for that, but for example if it's a math question it will be easier for them to find out. Maybe a captcha installation would be better

 

[Abronsyth]

Spambots can get through many captchas (kind of like fleas adapting to flea collars). There are anti-spam measure that can be taken, but I'll have to do more research.

The security question should be a fairly good feature, as long as it's not mathematical or common sense. Something such as "what genus are rats in?" would be good, I'd assume.

 

[AlexC]

Thanks for the responses. My quest was what was the first letter of the word rodent, but your suggestion is good.

I suppose I'll just make it harder.

 

[Tequila]

You can try to implement this code:

if (isset($_POST['submit']) && $_SERVER['REQUEST_METHOD'] == "POST") { 
    $exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i"; 
    $profanity = "/(beastial|bestial|blowjob|clit|cock|cum|cunilingus|cunillingus|cunnilingus|****|ejaculate|fag|felatio|fellatio|****|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|*****|spunk|xxx)/i"; 
    $spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i"; 
    $bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i"; 

    if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) { 
        exit("<p>Known spam bots are not allowed.</p>"); 
    } 
    foreach ($_POST as $key => $value) { 
        $value = CleanUp($value); 

        if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['url']) || empty($_POST['collecting']) ) { 
            exit("<p>Name, e-mail, URL and collecting are required fields. Please go back and fill in the form properly.</p>"); 
        } elseif (preg_match($exploits, $value)) { 
            exit("<p>Exploits/malicious scripting attributes aren't allowed.</p>"); 
        } elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) { 
            exit("<p>That kind of language is not allowed through our form.</p>"); 
        } 

    }

I'm not sure how to mix it in myself, but I've seen this used on other register.php files.

 

[AlexC]

Thanks, I'll test it next time I get a free moment. :3

 

[Ruinily]

Hey I'm very interested in this, I have a spree of spammers signing up with a name like carpenter. :/ Is there any chance it can work on previous Mysidia version too?