| |
 |
| Autosubmitters, Jancuk Tenan... | | Dikirim oleh admin |
| Minggu, 16-Juli-2006, 20:14:39 |
(3569 klik) |
 |
 |
|
|
 Beberapa bulan terakhir, pada beberapa modul "guestbook" situs yang aku bikin, terlihat banyak isian spam berjualan "obat lelaki". Merepotkan, karena sehari bisa masuk sekitar sepuluh isian. Selain berakibat tampilan situs menjadi tidak menarik, database pun membengkak tak terkendali. Untung aku seorang coder :)
|
|
|
Di bawah ini obrolan ringan tentang autosubmitters yang menghantam bukutamu seorang netter:
~~~~~~
Posted: April 27 2006
Post subject: Autosubmitters are spamming our guestbook
Hi,
Our guestbook (AdvancedGuestBook 2.3.3) has suddenly started getting loads of messages submitted but all are complete rubbish and all have links to other sites (fake rolex sites generally). I have removed the bit of code that allows you to add a link to your site, we are not a webmaster related business and most visitors will not need this function, but still the messages keep coming! What I want to know is, is there some way to block autosubmit software? Alternatively, would writting my own guestbook script (ie. it not being one that is being used web wide with the source code readily available to anyone) help prevent this from happening?
Any advice greatly appreciated,
~~~~~
Your first step would be to see if the provider of your guestbook had provided any upgrades that may have already resolved this problem.
Another possible solution, if your software provides the option, is to ban specific IP's from accessing your guestbook. The most prodominant bad IP's are from russia and some european and baltic states with IP addresses ranging from 80 to 85 (eg 85.21.86.199). With the right setup, you could ban 80.*.*.* to 85.*.*.* and another ip is 213.*.*.*
This might seem drastic, to ban an entire country or region, but their governments don't appear to care what they do, so until this changes, ban them. I am also looking for e-mail providers to offer this option as well since almost 90% of my e-mail is spam and almost all of it comes from outside the US.
As a final thought, if you have no luck with an update being provided, you can stop the autosubmitters by adding a new hidden field in your guestbook registration. Add a field that passes a specific series of numbers and letters that your program must identify to allow the registration process to complete. When they attempt to autosubmit, they will be missing this field and you can simply have them directed to a blank page or a disapproved notice. Your web skills will determine how well you could perform this task.
Best of Luck
~~~~~
I am not sure about the particular guestbook you are using and whether you can manipulate the code, like for instance adding validation to it.
As for banning a whole range of IP's does not look like a good solution to me unless no other method works. The autosubmitters idea is good but not all that easy to implement if you are not a coder.
~~~~~
Banning IP blocks? That's sure throwing out the child with the bath-water. The whole 213? Well, did you ever look which subnets are involved ... ?
And if *I* had to get rid of *my* spam by banning IP blocks, I'd have to block half of the US ...
Anyway, the easiest method is to use a captcha or something along that line. Has worked wonders for us. ZERO guestbook spam.
~~~~~
Tak berbeda jauh dengan kasus di atas, modul bukutamu-ku pun dihantam badai spam autosubmit. Aje gile, isinya menjijikkan sekaligus menghilangkan estetika seni tampilan indah situs2 yang aku buat. Di bawah ini beberapa diantaranya:
Merujuk kepada obrolan di atas, tentunya akan tambah repot jika aku harus melakukan banned terhadap nomor2 IP tertentu, karena orang yang tak bersalah pun bisa kena dampaknya.
Cara paling elegan dan aman secara teknis adalah dengan menambahkan rutin untuk menampilkan "security number" yang harus diisikan manual oleh pengisi buku tamu, sehingga program autosubmit tidak akan berfungsi. Sayangnya cara ini butuh waktu dan efforts yang tidak sedikit.
Sebagai alternatif paling cepat, aku menambahkan sedikit rutin di proses submit isian bukutamu. Hal ini tentunya setelah menganalisa pola isian spam, diantaranya adalah isian tersebut selalu berisi link ke situs lain. Dengan demikian aku bisa menyimpulkan jika isian berisi link ke situs lain, maka isian tersebut ditolak.
Di bawah ini rutin yang aku tambahkan pada fungsi submit isian bukutamu:
if (strstr($comment, "<") || strstr($comment, "href") ||
strstr($comment, "http") || strstr($comment, "LINK")) {
} else {
$result = mysql_query("INSERT INTO mod_guestbook
VALUES (NULL, '$name', '$location', '$email',
'$url', '$comment', '$localdate', '1')") or
die("Error in Query");
}
Dalam beberapa hari ke depan, aku akan terus memantau efektifitas penambahan rutin tersebut, sambil terus menganalisa pola2 yang diperlihatkan oleh aplikasi autosubmitters. Bagaimanapun, semoga tidak ada lagi pembengkakan database oleh isian2 kurang ajar spammers.
Autosubmitters, jancuk tenan...
|
|
|
|
|
Total Klik: 218144
Total Online: 3
|
|
|
|
