Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

needs insights into spammers using the comments box

Status
Not open for further replies.
pushyr

pushyr

Programmer
Jul 2, 2007
159
0
0
GB
i have a comments box and someone was abusing it by adding spammy content.

i'd blocked their IP, then they returned using various IPs. So i'd used regex to recognize patterns of what they type to throw them out. so far they seem blocked and no new content has been added. although, i've checked the logs and can see they are repeatedly trying to access the site each day.

you'd think they'd give up but they are not. so i'm guessing they are using an automated script to submit their spam content.

i'm not upset about it because i'm learning how to make areas of the site secure.

i've posted an example of what they'd spammed below... does this type of content look recognizable to anyone... and can anyone shed light on what it's all about? or, recommend ways for me to learn more about the spammer, or perhaps suggest something that i could do in defense to really irritate them?


Code: 
mango papaya jam, 
[url="[URL unfurl="true"]http://www.emailwave.nl/img/mailings/2007970/2/pages.php?id=903#"[/URL]]mango papaya jam[/url], 
[URL unfurl="true"]http://www.emailwave.nl/img/mailings/2007970/2/pages.php?id=903#[/URL] mango papaya jam, 
malagu meaning, [url="[URL unfurl="true"]http://www.uptempo.tv/werkenbijmij/content/bedrijven/logo/4/pages.php?id=6521#"[/URL]] malagu meaning[/url], 
[URL unfurl="true"]http://www.uptempo.tv/werkenbijmij/content/bedrijven/logo/4/pages.php?id=6521#[/URL] malagu meaning, male female employment statistics in ecuador, 
[url="[URL unfurl="true"]http://www.ceskysvazcyklistiky.cz/news/418/10/pages.php?id=14622#"[/URL]] male female employment statistics in ecuador[/url], 
[URL unfurl="true"]http://www.ceskysvazcyklistiky.cz/news/418/10/pages.php?id=14622#[/URL] male female employment statistics in ecuador, 
maricopa county home builders, [url="[URL unfurl="true"]http://www.jasbone.com/blog/graphics/movies/mancan/8/pages.php?id=18587#"[/URL]] maricopa county home builders[/url], 
[URL unfurl="true"]http://www.jasbone.com/blog/graphics/movies/mancan/8/pages.php?id=18587#[/URL] maricopa county home builders, 
map of atlanta georgia usa, [
url="[URL unfurl="true"]http://www.connecat.de/preposition/images/back/3/pages.php?id=21120#"[/URL]] map of atlanta georgia usa[/url], 
[URL unfurl="true"]http://www.connecat.de/preposition/images/back/3/pages.php?id=21120#[/URL] map of atlanta georgia usa, 
marmot helium eq, 
[url="[URL unfurl="true"]http://barrywardrealty.com//test/rental_images/9-f/2/pages.php?id=597#"[/URL]]marmot helium eq[/url], 
[URL unfurl="true"]http://barrywardrealty.com//test/rental_images/9-f/2/pages.php?id=597#[/URL] marmot helium eq, 
marquee hire wareham, 
[url="[URL unfurl="true"]http://www.joeaverageart.com/cards/oct4/10/pages.php?id=4647#"[/URL]]marquee hire wareham[/url], 
[URL unfurl="true"]http://www.joeaverageart.com/cards/oct4/10/pages.php?id=4647#[/URL] marquee hire wareham,
 
Sort by date Sort by votes
btw, this is their ip address... 94.102.49.85 (the one they use frequently.. plus same as hostname)

and this is their browser.... Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

i'm also tracking remote_port and they vary, for example;
49873
35415
42369
35522
etc....
(not sure of the meaning of remote port though)
 
Upvote 0 Downvote
it's absolutely standard comment spam. random rubbish intended to increase search engine ranking.

i've posted a routine that should stop this in its tracks. you can find it here.

if you need help implementing this with your own site, let us know by posting back here. if you find fault with my code, please post back on my site.

Ironically, I do not use my method on my site. i use the Akismet plugin for wordpress instead. comment spam is not stopped but it is hidden. I've currently got 800 messages in the last few days. i'm thinking of implementing my method as an alternative to improve handling and reduce reliance on remote services.

the remote port is simply the port that the client machine uses to open a connection to port 80 on your machine. nothing to be concerned about: it's dynamically chosen.
 
Upvote 0 Downvote
thanks jpadie... i'll implement your code and let you know how i get on
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
120
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
61
PeDa
PeDa
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
121
vishvajit
vishvajit
PeDa
  • Locked
  • Question
POST Content-lLength of ... bytes exceeds the limit of 8388608 bytes in Unknown on line 0
Replies
4
Views
110
feherke
feherke
Wand850
  • Locked
  • Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
95
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top