Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo

Help: Spammers Flooding My Autoresponder.


  • Please log in to reply
6 replies to this topic

#1 benseclawney

benseclawney

    HR 1

  • Members
  • Pip
  • 2 posts

Posted 30 June 2011 - 11:55 AM

Hello,

I've come here looking for a bit of help or advice regarding a dilemma that I am currently having for my website.

I host an auto-responder that doesn't require a double opt-in. Anybody can come and create an account and they will start receiving our series of emails.

The problem is that I am being attacked by a persistent group of hackers/spammers that are installing bogus accounts and using proxies to do their work.

Although I've filtered all their IP addresses and eliminated the bogus email accounts, they still come at me every day! I've thought about using a CAPTCHA, but that will only slow them down, it won't stop them, so my question is;

Is there some way that I can stop this attack, other than using a double opt-in???

I thank you for your help and look forward to your input.

#2 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,145 posts
  • Location:Georgia

Posted 30 June 2011 - 12:50 PM

Even the double opt-in won't stop them all as there are low-budget account creation businesses running out of Asia that just sit around creating accounts all day long.

You have to block the IP addresses of the proxy services. Fortunately, some of them use multiple IP addresses within the same C-class blocks so you can block at that level.

You can also block by geographic region if you're not trying to service the entire world.

Another option would be to whitelist only known domains -- this cuts out a lot of little players but you can set up an option for people to request that their email domains be whitelisted. Unfortunately if you include Gmail, Hotmail, and Yahoo! you'll be spammed heavily -- but if you exclude them you'll block many legitimate users.

There is no simple solution to the problem.

#3 Jill

Jill

    Recovering SEO

  • Admin
  • 32,987 posts

Posted 30 June 2011 - 01:12 PM

Require a hidden field that the bots can't see.

Here's how:
http://robmalon.com/...event-bot-spam/

#4 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,145 posts
  • Location:Georgia

Posted 30 June 2011 - 02:32 PM

Actually, only the bots would see that field. I have seen variations on this technique in the past. They won't stop the human spammers and some robots may now be aware of the trick (simply because the botwriters often see these tips being passed around in forums and newsletters -- it's hard to stay ahead of the curve).

#5 cfreek

cfreek

    AAAHHHH!!1one1!

  • Active Members
  • PipPipPipPip
  • 166 posts
  • Location:Richmond, Virginia, Earth

Posted 30 June 2011 - 03:30 PM

I saw Stop Forum Spam site (stopforumspam.com) mentioned on this forum at one point, and integrated their API in my contact form scripts. It does not catch all spammers, but it has greatly reduced the amount of spam that makes it to my Inbox.

Anyone who trips the filter has the full message logged to a text file on the server, is given a fake thank you, thinks the form submitted, and moves on.

As I recall, the API has some great example scripts you can use - if not, I can provide the one I set up, if you're interested and need it.
There are also plug-ins for Wordpress and various other systems.

In addition, I also use a hidden field trick similar to what Jill mentioned, and a regular expression match against common phrases used in spam messages.

#6 benseclawney

benseclawney

    HR 1

  • Members
  • Pip
  • 2 posts

Posted 30 June 2011 - 04:23 PM

Thanks for the replys everybody, much appreciated.

We are releatively sure that these spammers are actually people and not bots, so I'm not sure the "hidden field" trick will work,
but I must say it's a very clever method to catch them red-handed smile.gif

We've come to realize that it would be impossible to completely get rid of them, so our plan is to minimize the amount of unwanted spam, and make their work that much harder.

Thanks very much for the suggestions smile.gif

#7 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,145 posts
  • Location:Georgia

Posted 30 June 2011 - 04:26 PM

There is also a Wordpress plugin that connects to the StopForumSpam, Project Honeypot, and BotScout anti-spam service that I have been testing. It seems to help cut down on spam or at least flag it.

It's imaginitively called the "Stop Spammer Registrations Plugin" by Keith Graham. There may be other plugins worth trying as well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

SPAM FREE FORUM!
 
If you are just registering to spam,
don't bother. You will be wasting your
time as your spam will never see the
light of day!