[clue-admin] contact form spam
Jed S. Baer
thag at frii.com
Wed Sep 14 20:01:24 MDT 2005
On Wed, 14 Sep 2005 17:32:40 -0600
Jeff Cann wrote:
> It seems like someone is trying to spoof the contact form (see below -
> embedded message). I'm not sure if the spammer is trying to submit the
> form or what. Should we hook up a captcha? It's not foolproof, but on
> my blog (isuma.org) it took care of comment spam.
Captcha would be good. I happen to own the code for a simple captcha
system that doesn't rely on either cookies or JavaScript. I can probably
implement it this weekend, if I don't forget -- been sort of absent-minded
about things lately.
Also, we can include the IP address of the sender in the body of the
e-mail. Easy enough to use an .htaccess file to do a "Deny From ..." for
any spamming addresses. Or put the Deny From into the httpd.conf file, but
that requires a restart, whereas .htaccess doesn't.
A little more creative coding could automatically blacklist the IP address
for any address which is hitting the comment form at a frequency greater
than some number per minute, or whatever. Blacklisting could be done by
automatically adding spammy addies to the .htaccess file, or have the
website code itself keep track using a MySQL table. Or, give the apache
user a sudo line to run a script that tells IPTABLES to just drop anything
from that address.
Any other options come to mind?
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
_______________________________________________
CLUE-admin mailing list
CLUE-admin at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-admin
More information about the clue-admin
mailing list