Login/Register
Sending SPAM bots to a blackhole
Asked Answered
Solved phpformsspamspam-prevention
T

5

7

I have a few forms on my site that have been getting hammered by SPAM bots lately. I've finally got it under control (without the use of a captcha).

Basically, I'm checking the form for various flags. If detected, I simply redirect them request to google.

Is there a way to redirect the bot either back to it's IP address, or some kind of infinite loop that will possible slow it down, or at least cause a minor headache for the person behind it?

CLARIFICATION:

I am already blocking the SPAM, I'm looking for a clever way to irritate the spammer once I redirect them.

Torey answered 22/5, 2012 at 18:31 Comment(6)
Person behind it? SPAM bots?? It would be bad form to 'ifinite loop' their request on your server. It would slow YOU(r server) down as well as continually take up your resources.Vitrification
Sorry, that was poorly worded. I'm looking to push them off my server and into some kind of loop, blackhole etc.Torey
And, yes, the person behind it. There is always someone behind the bot. I'm trying to make their life a little more difficult.Torey
Yes, I understand what you mean! Though by general definition, a bot is not a person :)Vitrification
If you can identify the spam bots reliably, I'd suggest adding a bit of code that skips doing any work when one tries to access your site - if they're trying to enter a comment on a feedback form, skip past the code that writes it to the database or emails it. That should cut down on the amount of work your server is doing, and their spam gets silently binned. Bear in mind that the bots are likely to be compromised PCs, and so unconnected with whoever is behind it.Otherworldly
Maybe let the bot wait forever with sleep(99999999999)?Alvinia
L
3

Once one of my teachers told us that they developed a sort of anti-spambot honeypot. It was pretty simple, it redirected bots to a dynamic-generated page which contained an infinite loop of fake addresses. The aims where two: keep them busy and fullfill their DB with unusable email addresses, damaging the spammers. This was just an idea, i don't know if it fits your needs but..it's worth the shot^^ Of course, it's easier to simply drop spambot-related request if you are able to identify them..

Laws answered 22/5, 2012 at 18:41 Comment(4)
This is wpoison; but it's mainly targeted at address scraping bots. monkeys.com/wpoisonLoan
yeah, and do you really want to eat up all your server CPU feeding up URL with bogus information? Odds are, you're just going to get blocked by valid spiders, oops you're not on google anymore.Crompton
Here is another trap for address scraping bots: officeofstrategicinfluence.com/spamAlvinia
@Crompton I know it's been seven years but, for anyone else who wanders in, that's why you put both any forms spammers are targeting and the infinite loop of fake addresses under a robots.txt exclusion rule. Legitimate bots will obey the exclusion and spammers won't be able to tell that one exclusion is what they want while the other is a trap.Additament
C
2

You should be blocking these requests if you can identify them. Block their IP addresses on the server side.

Also, this thread is related to DOS attacks, but might be useful to you.

BOT/Spider Trap Ideas

Crompton answered 22/5, 2012 at 18:36 Comment(2)
The downside of an outright block is that they will realize it and adjust accordingly. The most effective way to block a bot is to keep it busy and make it think it's doing its job.Escharotic
that’s what the spidertrap is forCrompton
V
1

Technically it is still a captcha, but what about using a static 'general' question with your form.

What is the value of two plus two?

Check that field in your PHP script to ensure the answer is in fact correct. If it is not, stop processing!

Failing that and if you have control over your firewall (and proper logging) start dropping request from the most abusive IP address. Be warned though, this approach might make legit users unable to access your site!

Vitrification answered 22/5, 2012 at 18:38 Comment(1)
Right, I understand how to stop them, I'm looking for a way to give them a taste of their own medicine. Once detected, I want to send them off into a deep hole that will be hard to get out ofTorey
A
-1

This is was worked for me from one day to another:

I set this invisible formfield that bots fill out with gibberish and if it was filled, I didn't process the form and just returned a success page.

But the posting to this particular form grew on a daily base. It started with 2 POST requests a day and at the end there were 20+ requests.

So TL;DR I send a 404 Not Found http header on this particular page now. Humans and browser don't see the different, but as far as I observed, the bot checked the availibility of the page first (HEAD request) - so the form was still there but how can the bot know when he get a 404 back?

This turned the POST action of bots completely down so far. I know this solution doesn't work for pages that have to be visible for good bots (google etc) - but for a contact form or Login form it works fine.

Maybe one can whitelist "good" bots and send 404 for everyone?

Adanadana answered 21/5, 2013 at 16:43 Comment(0)
C
-2

No.

Spam bots look for obvious email and comment forms. They won't do anything with a redirect. You could setup some server that is a spider trap full of email forms that don't work.

So, you would want auto URL generation mechanisms to define a site tree, with each new url having another email form. You'd probably want to do this on a dedicated server.

But in the end NO. Think about it: how is your tiny little PHP server ever going to wear-out zombies or a 64-core spam server in Russia?

I don't think you understand what a redirect even does. It sets a response code and says content moved 'here'. A spam bot won't care and probably wont do anything if there's no email form there.

If you really want to avoid spam, read this. You can trap them, but if you're dealing with zombies it's ultimately not going to matter. http://www.neilgunton.com/doc/?doc_id=8580

Crompton answered 24/5, 2012 at 3:57 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.