Tag Archives: spam bots

Spambots & Prevention

As you may know from reading other blog posts or pages on this site I’m a web developer. This is my job and I also do some at home.

Whitley WarriorsYou may also know that I used to play ice hockey for the Whitley Warriors until I was forced to retire after suffering a DVT.

When playing for the Warriors and studying HND computing at college I created a website dedicated to the Whitley Warriors ice hockey team. Eventually this site became the Official Whitley Warriors website.

The site is powered by a custom CMS (Content Management System) written by myself using PHP and MySQL and makes use of the ZEND Framework.

SpambotsRecently we’ve been getting a lot of spambots registering on the site forums (powered by SMF), making a mess and forcing me to spend hours removing post and spam users (I’ve removed about 2500 users up to date).

We are running CAPTCHA images but the spambots have managed to bypass this allowing them to sign up.

So I’ve recently added a few fields to the sign up form and database to help track new users and try to prevent the registration of spambots. Without the correct answers the registration will fail.

So what have I tried?

I’ve added a couple of dropdowns: Are you human? Are you a spambot?

Pick the wrong answer here and the registration attempt will be rejected.

I’ve attempted to catch spambots out here – if they change both answers they’ll fail, if they leave both answers on the default value they’ll also fail. They must choose the right question to change the answer in order to be successful.

Spambots also like to try to answer every question in the form – so I’ve added a box which must be left blank in order for the registration process to be successful.

The final measure in this attempt to prevent the registration of spambots is to ensure that the form has been posted from the correct page on my site. A lot of spambots submit their own form from a remote site, so, by checking the referrer we can see if the user has registered from the correct site and reject any remote registrations.

These measure seems to be working so far, but, if any of you can think of any other measures, whether it be actual code or just theories, which could be introduced or have any comments on the steps I’ve taken so far then please leave a comment.