[nycphp-talk] form spoofing
Rob Marscher
rmarscher at beaffinitive.com
Tue May 1 11:57:54 EDT 2007
> But this hasn't helped much; I still get a few of them, though I
> can't figure out how they can be generated. Any advice?
Yeah... you could add a spam/bayesian filter to your form processing
or use a web service like Akismet to see if it may be spam.
Another option would be to log the user-agent and ip address that was
used so you can track down what the spider was using. You may get
lucky and find that it's coming from a specific user-agent/ip and be
able to easily throw away the form submissions from it (you don't
want to block it outright because it might detect that it's being
blocked and change its user-agent or something).
Of course, if I was a spammer, I'd use a normal user-agent and spoof
a different ip each time... in which case a spam filter is your only
defense (I think).
-Rob
More information about the talk
mailing list