Page 1 sur 1

How to fight SPAM

Publié : Mar 22 Avr 2008, 10:50
par Pierre G.
Guestbooks are appreciated places for spammers :pleur4: That's why, for years, we've deployed numerous way to discourage them :diable:

What can you do ?

1. Have the latest version of AlexGuestbook

Version 5 brings many new tools against spam.

2. Activate the "captcha" option

In the administration panel, check the appropriate box to show a 4-letters security code, which the visitors will have to copy for their message to be validated. This will not be a problem for most human visitors, with the unfortunate exception of the blind. But following our experience, this system blocks most of the spam robots. Only an advanced optical characters recognition technology allows to go round this protection.

The rest of the spam, even if this might be difficult to believe in the Western countries, is manually posted by less-than-one-dollar-a-day paid workers, a correct salary in some countries. Even if, let's say 50% of this spam is deleted, the operation is still more than profitable for their clients. The captcha is useless against these human spammers. It would be the same with a questions-based system (i.e. "What's the sum of 4 and 6 ?") which would BTW probably block many legitimate messages (visitors who don't speak the language well, etc.)

3. Use the general options of the script :

  • "Number of minutes before a visitor can post again" : Usually, for a guestbook, it's rare to be willing to see the visitors posting more than one message per day. Don't hesitate to set a high value here in order to discourage the spammers.

  • "Do you wish to review posted messages before they are publicly visible in the Guestbook ?" : useful against spam (these will never be publicly viewable since you'll delete instead of validate them) but frustrating for honnest visitors who will not see their message immediately posted and who will feel some kind of distrust against them :triste1: .

  • "Would you like the messages containing words you have censored (see "Censoring words" in the menu) to be refused ?" : We've added this powerful option in version 5. The censored words list already existed : if you had censored "viagra", this word was automatically replaced by "***" (or any text you had chosen) in the messages. It's still the case, but with this new option you can decide to purely refuse messages containing these words (the visitor is warned that his message is refused because of a forbidden word, he has the opportunity to modify his message). By default, only the exact expression is blocked : if "sex" is censored, "sexy" and "sexuality" are not. But you can use the joker * so that all words beginning by "sex", ending by "sex" or containing "sex" are blocked too by entering sex*, *sex or *sex*. ATTENTION ! This option is powerful and, misused, can block legitimate messages ! Extreme exemple : enter * as censored word and activate the "refusal option, no more messages will be accepted on your guestbook :gene4: !

  • "Would you like the messages containing URL to be refused ?" : Yet another new v5 option. While it's kind of rare in usual messages, spams contain one or several URL (hyperlinks) in the message body most of the time. If you check "yes" for this option, messages containing hyperlink(s) will be refused (the visitor is warned that his message is refused because of a URL, he has the opportunity to modify his message). If you choose "no", another option is proposed : "Would you like the URL in the messages to be clickable (active) ?". This option allows, without refusing them, to render the hyperlink(s) inactive and thus much less interesting for the spammers.ATTENTION ! This option can also block legitimate messages ! Not all visitors whose messages have been refused will take the time to correct their message nor will necessarily understand why it's been blocked (not speaking the language well or not knowing what a URL is...) :/

  • "Visitors can enter their (nick)name" : It's better to make this field mandatory in order not to ease the spammers' work ;-).

  • "Maximum number of signs/letters allowed in a message" : in most cases, 500 to 1000 signs are quite enough for a normal guestbook's message. Setting a high value allows spammers to enter more key words and commercial URLs.

4. Censor the spammers' favorite words :

Don't delete the spammers' messages immediately (you can keep them hidden from the public by unchecking the validation box) but read them, compare them. Some specific words are used quite often (viagra, pfizer, levitra ; shemale, fetish, bdsm...) and have very little chances to be used in "normal" guestbook messages (oh well, it depends on which guestbook :siffle: ) : as long as they are as specific, you can probably activate the refusal of messages containing them but keep cautious in the words choice (see the warning and advice above, 3§2).

5. Use the bannishment options :

  • Bannishing IP addresses : This was somewhat efficient in the early 2000 years but it's less and less true. Often now, IP are dynamic, that means they are changed at least one time per Internet session. Bannishing an IP blocks any person who was assigned this address at that time, wether it's a friend, a stranger or a spammer. Following our observations these last months, it's become extremely rare to see a spammer coming twice with the same IP. It's much more efficient to block their E-mail addresses, nicknames and key words (new v5 options).

  • Bannishing (nick)names : Spammers often use the same (or almost) nickname for each visit. You can now bannish them, either the exact expression (i.e. "casino") or by generic expressions (i.e. "casino*", which will also block "casinobonus", "casinobonususa", etc.) Again, be careful not to block nicknames which could be used by legitimate visitors :]

  • Bannishing E-mail addresses : Spammers also like to mention their E-mail address, you cvan bannish it, and again the generic way if needed (i.e. "*", a spammers' classic) : very effective !

Well, that's it for the antispam options of ou version 5 Guestbook. Using them with caution, you should be able to block 99% of the spam while receiving the legitimate messages (since, after all, you do want to receive these :mrgreen: ).

The trick is thus to measure out the antispam measures well, to avoid rendering your guestbook useless...if it's empty :siffle: We had imagined a supplementary measure to avoid losing legitimate messages : the possibility for the webmaster to receive by E-mail a copy of the refused messages. Useful to retrieve the message of a visitor who would have been discouraged by the refusal of his message, but also to evaluate the efficiency of the measures you've taken and eventually adjust the settings. Unfortunately, our poll about this didn't get much answers, so we didn't implement this idea. You can still give us your opinion about this here :pausecaffé: .

PS : be careful with the option "Would you like the visitors to receive a "thank you" E-mail ?" because this one is sent with the real E-mail address of the admin as sender. No problem with honnest visitors, but be aware that the spammers will also receive a "thank-you" message with your E-mail address !