Blumentals Software Community

I think the spammers must have made a technical breakthrough as there seems to be a lot of it at the moment. Seriously, one of my sites is being bombarded, and my usually secure mailbox on one email account isn't filtering as it has been. I'm having to manually mark mail as spam My new site launches later this year, and potentially could be a target for spammers. Any strategies anyone can suggest apart from (or in additon to ) this one?

http://www.blockacountry.com/

Depends what you mean by your site being bombarded.

Sure that Block a country would stop some(most/all) of it, but what are they spamming?
I won't stop email spam at all, just block access to your entire site.
Are they spamming your forums? There are things you can do to stop forum spam, I was getting lots on my phpBB forum and stopped it all over-night with one little tweak to the registration form.

Actually, Karlis, did you get the PM I sent you about stopping the phpBB spam, or did I even send it in the end?

Just deleted another 30 'registered' users, which have been flagged by my site spam filter. Its good that it catches them, its boring I have to continually delete them, and annoying that currently I don't have a faster way to 'select all/delete all' those caught. Currently spam member deletion is a twice daily chore. Banning a Country sounds drastic, but preferable to the current situ. Essentially it wouldn't make much difference to my site as its a niche one anyway.

One of my current and insistent registrants is Stelmkeet who tells me his interest is playing cards. Well my site has nothing to do with card playing, so why doesn't he get lost?

I believe they use specially designed spamming software which can often overcome captchas. Perhaps someone can buy it and find its faults. Detect its signature and block at source?

Captchas are easy to get round, what I did on my phpBB was put a required custom field on the registration form which is a simple maths question, something like this:
What is 7 + 2?

If they don't put the correct answer they cannot register, stopped all the spam registrations over night, was getting 15-20 every day before then.

Details of how to add custom fields can be found here: http://sn.im/qi3q7

Not using phpbb, but its useful that something can be done. Its obvious though that spam filters at hostings are unable to stop it, when perhaps they should.

The 'best' captcha I've seen (actually, one of two...) is recaptcha, and is well supported, coming with php libraries, plug-ins, etc.
http://www.recaptcha.net/

The other one is where 9 images are displayed, and you have to pick out the 4 cats, 4 rabbits, etc. Can't remember what thats called though.

chrisjlocke wrote:The other one is where 9 images are displayed, and you have to pick out the 4 cats, 4 rabbits, etc. Can't remember what thats called though.

Yes, I remember seeing that too, but cannot find it after a few Googles

We've been using the honey pot method with really good success.

Basically a regular form input - hidden with css, not type=hidden - that should submit empty. Verbose label text to support screen readers.

the input should be set to display: none while the label should be set to visibility: hidden. Again, accessibility.

Some interesting figures on spam detected on my site:

Jan - 9 spam
Mar 82 spam
Jun - 209 spam
Aug - 560 spam

Installed a captcha now and it seems to be working

Further to the spam debate, have recently noticed two sites which have been hacked, with one now down.

On the hosting of two of my sites, it was also recently hacked. Cpanel creators were informed of this. Apparently they kept deleting it and it kept coming back. Symptoms included browser freezing, multiple pop ups etc. At first I used task manager to close my browser, and it developed to the point that as I was closing it down, new tabs were opening. Watch out.

OMG that's real bad news

What was actually hacked, your forum control panel, or your actual web hosting cPanel?

It was on a shared hosting, and somehow one of the passwords got compromised to a site. Described as a 'beast' the malware was being remotely controlled. Think they had to move everything to a new server. Logging into my site was when the browser problems occurred which was a pain. Everything OK again now.