getting absolutely pounded with spam
hi - my site is getting pounded with spam - it's always received tons of spam, but now its reaching my limits of lunacy. The feedback form is getting hit with 1500-4000 a day now. Comment spam is up to about 6500 a day or more.
I've tried the spam module, akismet and now mollom and nothing really works well. I've chatted a lot with Dries and the Mollom team and while I think maybe in 6mos - 1 yr they will have something robust, today it just doesn't block enough.
Any ideas for other combatting techniques? I've tried to block by ip in drupal and in htaccess but they provide a different ip every time so that is useless.
I am very much against putting a captcha everywhere as in my tests it reduced comment levels by over 50%.
Any ideas are very much appreciated.
Thanks,
Allen
one more note - i wanted to
one more note - i wanted to add the subscriptions module to let people know when their comment has a reply - but with the spam, it doesn't work - since spam comes after the comment is left - the emails go out before the comment is set to spam, so users get massive amounts of emails with no new comments. i had to remove the module for now.
very disappointing.
Note on Subscriptions
If you don't give post comments without approval, then the spam comments won't appear on your site and Subscriptions won't send notifications about them until the comments are published.
If you want all content to appear on the site immediately, you can still use Subscriptions and enable the included user-contributed module moderate_content_notifications. This will hold notifications until a moderator releases them. The moderator can designate specific users as trusted not to spam, so (s)he doesn't need to review their posts.
wow thanks i will check
wow thanks i will check that!
actually it's comment_notify
actually it's comment_notify module that i was using - since everyone is anon, this module added a reply when someone comments - but the spam module comes first so that kills it - mollom is doing pretty well this past week so i might re-add it again
i hate captchas too
i really do hate them, but it captcha's do work (Most of the time). the only other option may be to make comments require registration - which is a worse option.
~silverwing
_____________________________________________
Land of Midnight | MisguidedThoughts | showcaseCMS
yea thanks silver - i found
yea thanks silver - i found that the captcha just turned off my site users - i was ok dealing with the spam but now it's just out of control.
What about selectively using
What about selectively using the captcha? You could make it only appear every so many times, or maybe just when someone logs in, this may keep away the spammers. Seeing as how the IP addresses change frequently they are likely using proxy servers to access your site. Find every free proxy list that you can and constantly update your site to ban those proxy IP's, at the very least make it so they can only access your site but not log in (people in some countries, or at work places may have to use these to legitimately access your site if they are behind a restrictive firewall but its unlikely).
Spambot Toasties
Hi, I've only been toying around with Drupal for a short time so I won't be able to help you with the specifics, but there's a fairly easy way to filter out spam bots.
It has to do with hidden items in your input forms. I'll see if I can explain it but if I goof up you have to promise not to laugh.
1. Ok, first it entails initializing a form element to some fixed value.
2. DO NOT display that field in the form display. This way, your visitors don't see it and therefor won't be able to alter the initialized value.
Spambots don't work off the display screen though, and they will attempt to put something else in the field, altering its value to something other than the initialized value.
3. Vet the contents of that element, and if the field value has been altered you know that a bot is at work, so you just dump the post.
--------
That's the basic premise, fooling the bots into revealing themselves, then ignoring them, adding them to a blacklist, etc.
You all can figure out what scripts need to be modified, and the finer details of 'kicking the bots out the door.
thanks - yea, i can create
thanks - yea, i can create my own form in php but I wanted to stick with the feedback module - i guess i will have to create a custom form - i don't get why the feedback module creator didn't add this :)
> Spambots don't work off
> Spambots don't work off the display screen though, and they will attempt to put something else in the field
Sounds great, but surely most modern bots will recognise that the field is hidden and not fill it in?
If it *isn't* possible for them to tell whether a field is hidden, then why doesn't every single form script
use this method?
In other words, it sounds to good to be true?
RE: Spambots don't work off
A field can be hidden through CSS styles. An user would not see it, while the SPAM bot would see it; the first will not fill it, while the second will fill every fields, including the one that is not visible to a human.
-- Kiam@AVPnet
I've had considerable
I've had considerable success with the Word list CAPTCHA module in the CAPTCHA pack (http://drupal.org/project/captcha_pack).
Recaptcha
I find that recaptcha is much less annoying to fill out, but it's a little more difficult to set up.
If you have a lot of honest members, you can have them help you with a system like the "abuse" module, which lets members flag content.
add js to see if mouse is over the submit button
On my GeoCities Free site I was getting a lot of form spam
I added some js to verify the mouse is over the submit button - in other words, a live person is clicking
It cut my spam to 0
Don't have the code handy but if you really want I can dig it up, it was not anything complicated
it's the concept that counts here
(it will not prevent live people spamming your site, but neither will Captcha)
~are you netsperienced? http://netsperience.org