May 4 2005
@ 14:36:52
Starving spam bots with AJaX
(5)
0
Killing them softly
Having comment spam problems? Tired of deleting their comments? Well, with some smart coding, you can at least make life a little more harder for them.
Ratpoisoning
Let's keep in mind what our victim enjoys eating. Spam bots crawl sites and pages looking for documents that have comment forms on them. So how do we starve the bots? We simply don't feed them the comment forms. "But how will people comment?", I hear you say. Well, users will still be able to view and use our comment form. Bots on the other hand WILL NOT. "What?! How?!", I hear you say. Simple: We load the comment form on our page dynamically using AJaX.
Long live AJaX
AJaX is simply the usage of XMLHTTPRequest in javascript with DOM. It stands for Asynchronous Javascript and XML. It is a relatively easy way to POST data to your site and also to GET it. I use it to GET/POST XHTML and form data on this site.
Now, getting back to my "Starvation Plan for the Auto-Manic Obsessive" (or SPAMO), on the server side, when our AJaX correctly requests a comment form, a $_SESSION variable is set that allows a comment to be posted by the client that made the request. Once a comment has successfully been posted, the variable is set back to "lock". This is a simple way to ensure that:
Of course being able to post is only possible if you're on a javascript-enabled browser...not that I care if you're not.
Having comment spam problems? Tired of deleting their comments? Well, with some smart coding, you can at least make life a little more harder for them.
Ratpoisoning
Let's keep in mind what our victim enjoys eating. Spam bots crawl sites and pages looking for documents that have comment forms on them. So how do we starve the bots? We simply don't feed them the comment forms. "But how will people comment?", I hear you say. Well, users will still be able to view and use our comment form. Bots on the other hand WILL NOT. "What?! How?!", I hear you say. Simple: We load the comment form on our page dynamically using AJaX.
Long live AJaX
AJaX is simply the usage of XMLHTTPRequest in javascript with DOM. It stands for Asynchronous Javascript and XML. It is a relatively easy way to POST data to your site and also to GET it. I use it to GET/POST XHTML and form data on this site.
Now, getting back to my "Starvation Plan for the Auto-Manic Obsessive" (or SPAMO), on the server side, when our AJaX correctly requests a comment form, a $_SESSION variable is set that allows a comment to be posted by the client that made the request. Once a comment has successfully been posted, the variable is set back to "lock". This is a simple way to ensure that:
- User crafted comment forms will not work (unless a valid form request is done manually, but what would be the point?).
- Automated commenting from post bots will not work.
Of course being able to post is only possible if you're on a javascript-enabled browser...not that I care if you're not.
kjhdsf ads fdsal fash flhjsa f
May 5 2005
@ 04:23:08
Wendy wrote:
...
Ooooh ahhhh. Off the topic of spam bots...
I like the new artwork. =)
I like the new artwork. =)
Comment on this
0xTC.com is powered by MagnaBlog (C) Written by Tanin,
provided in valid XHTML1.0 Strict,
shown in CSS v2. It is viewed best in a real browser with javascript enabled
and is also availible in RSS format. 0xTC (C) 2004 - 2007 Tanin Ehrami.
