The spammers seem to have, at least partially, discovered my new field names. The volume has been increasing steadily in recent weeks. It seems to take them a while to parse them out, though; it doesn't happen immediately. So I've implemented yet another anti-spam tactic. I'm changing the comment form field names every day.
I'm not doing this manually, mind you. I wrote a small perl script to create the names from words chosen at random (or as random as you get in perl) from the /usr/share/dict/words dictionary file that comes with most copies of UNIX®. I use that script to create a small PHP file defining variables containing the new file names. It's pretty simple:
#!/usr/bin/perl -w $outpath = "/usr/home/foo/"; $outfile = $outpath . "fieldnames.php"; @fields = qw(name email userurl); $dict = "/usr/share/dict/words"; $bytes= -s $dict; open IN, $dict; open(PFIELDS, "> $outfile"); print PFIELDS "<?php\n"; for ($i=0; $i < 3; $i++) { seek(IN,rand($bytes-11),0); $_=<IN>; $_=<IN>; chomp $_; print PFIELDS "\$", $fields[$i]; print PFIELDS "=\""; print PFIELDS $_; print PFIELDS "\";\n"; } print PFIELDS "?>";
First I define the directory where the file defining these variables is going to live. I place this outside of the web directory for security reasons. The @fields array defines the three fields I'm creating names for. I open the dictionary file, then the output file, then print the beginning of a PHP wrapper. Then I loop three times grabbing a random word and associating it with one of the fields defined in the @fields array. Output the closing PHP wrapper and it's soup.
The result is a small PHP script like this:
<?php $name="cafiz"; $email="formlessness"; $userurl="floweret"; ?>
This is then included into the various files that run commenting.
At a particular time every day, the perl script above runs, creating a new set of random words associated with the fields, which are then automatically incorporated into my pages.
This won't stop drive-by spammers, but I don't honestly see many of those these days. The spam all seems to come from zombie PCs; similar spams coming from a bunch of different IP addresses. They don't seem to actually access the pages in question, just submit POST requests containing a set of variables that equal whatever the field names for the comment form were whenever whoever configures the zombie controller configures it to spam There Is No Cat. I'm hoping that changing the field names every day will stop the spammers, as their configurations will pretty much always be out of date.
That's the idea, anyway. We'll see if it works. If you have any problems commenting on the site, let me know via my contact form. If this doesn't work, I may just shut off comments completely. I've been pretty lucky up to this point; writing my own content management system has given me a certain level of immunity to automated spam (I know this because my spam levels here are still well below those on another site I run using WordPress, although I moderate all comments there, so none of them show up on the site). That's less and less the case now. Feh.
Tags: spam countermeasures perl php
Posted at 6:16 AM
Note: I’m tired of clearing the spam from my comments, so comments are no longer accepted.
Sounds like "Star Wars" to me...
Posted by BarbraAnn at 2:38 PM, July 28, 2006 [Link]
Nasty spamersssss
Mash them, bash them, boil them in a stew, bake them in a pie for me and you
Never mind me...I just like watching the backgrounds change.
You know, Shelley, there is a set of links over the in left where you can change the backgrounds as much as you want.... :-)
Posted by ralph at 3:54 PM, July 28, 2006 [Link]
But it's more fun to clutter up your comment space.
Wheeee!
Posted by Shelley at 4:16 PM, July 28, 2006 [Link]
This site is copyright © 2002-2024, Ralph Brandi.
What a quirky idea...I'll be keeping my fingers crossed!
Posted by Elaine at 1:37 PM, July 28, 2006 [Link]