Blocking traffic

[jacksoncarrey]

Hi all,

I have quite a few spam listings on my directory. The weird thing is that these visits are not even identified by cpanel awstats. This is because the real number of visits is lower than the listings. I believe there is someone who just submits to my form without visiting the site. I really can’t figure out whatever is happening. I want to block such traffic. How do I block it? Do you guys have any ideas or suggestions? I need to resolve this at the earliest. Can someone help me out?

Thanks a lot in advance.

[artizhay]

If you can get the IP of the spammer, you can block it with cPanel's "IP Deny Manager." However, since this isn't showing in your AwStats, I'm assuming this isn't an option.

So this leaves me to believe the spammer is using cURL, a PHP script that allows remote posting to sites - i.e. filling out forms on your site from a remote server.

You can contact your host to disable cURL access (if that's even possible, I'm not sure). I only primarily know about sending out cURL requests, not the settings needed to receive them.

Or you can just install a CAPTCHA...

[Alexis Wilke]

CAPTCHA is a good solution.... except that it annoys users. I created a hidden_captcha for Drupal. There are versions available for other systems though. But if you don't have access to the server, blocking the spammers is quite difficult.

One thing I use is modsecurity2 with Apache2. That blocks tons of that traffic.

I had the same problem with all of my systems and the hidden CAPTCHA works (so far). And yes, most such posts are done by directly posting your form. Although with Drupal you have a layer of protection were the users have to first load the page because the forms have a unique identifier. The POST must include that identifier. If not there (or it's wrong--an old ID) then the POST fails.

What do you use for your form?

Alexis

[artizhay]

Also, depending on your system, since Alexis Wilke pointed out that CAPTCHAs annoy users, there may be a plug-in for a one-time CAPTCHA.

User enters CAPTCHA once and then stores username, IP, or uses a cookie to keep track of who has filled out a CAPTCHA before. Upon return, CAPTCHA is not presented because the user filled it out before.

Of course, if a spammer is really dedicated, then they can fill out your CAPTCHA once then take advantage of the lack of the CAPTCHA afterwards. If you're on Wordpress, you could use Akismet (or an equivalent for a different blog system) to block spam further.

[Alexis Wilke]

Ah! Yes. Drupal CAPTCHA also has that option: CAPTCHA once and be gone. Using cookies is a good technique because most spammers don't have spamming systems that can correctly store cookies. Although, they are getting better.

[AureliaRisley]

Hi Alexis. How do you use a "hidden captcha"?

[Alexis Wilke]

Aurelia,

You just set it up and it remains hidden. So the user cannot see it and does nothing with it. Hackers fill in all the fields. That means if you have something in that field when it comes back, it's from a stupid hacker and you can discard the contents of the form.

If you have Drupal, you can get my implementation... 8-) Otherwise, there are others out there I'm sure, but I dunno where.

[samrose321]

Also, calculating on your system, because Alexis Wilke pointed out that CAPTCHAs annoy users, there might be a plug-in for a one-time CAPTCHA.