Re: [PHP] Spam Post Defense / ID spam form posts

On Thu, August 23, 2007 2:49 pm, Instruct ICC wrote:
> Can server1 receive a web page form post from remoteAttacker,
> identify it as spam (or a DoS or DDoS attack),
> hand off the socket to multiple threads on multiple servers owned by
> server1's owner,
> return multiple responses to remoteAttacker which normally would have
> been a
> single response returned by server1,
> so that server1 is not busy responding to remoteAttacker and is able
> to
> handle legitimate requests?
>
> Technically?

You could always just 301 them, but you're just tying up more of your
servers...

Unless you 301 them back to their own box...

But that might not even really be their box, as it could be a zombie,
so you just are making life (more) miserable for some other victim.

> Legally?

No comment.

> The boss doesn't want to use a CAPTCHA on the form but wants us to
> identify
> it without additional user input.

Might I suggest a CAPTCHA and an optional "accessible" link/form which
gets human-reviewed before posting?

> Also, can a form post be run through an email spam filter to identify
> it as
> spam?

I'm 100% sure you could manage that somehow.

> Do you have any ideas to detect spam form posts?

Most spam posts are a) very long and b) have a very high HTML to data
content ratio.

<?php
$spam_factor = 1.1;
if (strlen($post) / strlen(strip_tags($post)) > $spam_factor)
die('spammer.');
?>

> I'm tracking the spam posts in an attempt to find a pattern I can use
> to
> detect them.

It would probably be smarter to run them through spam assasin and not
re-invent that particular wheel.

It would make a VERY nice PECL project, actually, I should think...

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?