25th March 2011
There are two types of spammer these days.
In recent years, since the internet has reached more folks, some master spammers have taken it upon themselves to hire third world citizens to sit in internet cafés and sign up for forums and blogs and such with the purpose of spamming whatever links the master spammer needs spammed. Since these folks are working for pennies an hour, there is no shortage of them.
We will not be discussing the aforementioned human spammers, as there's really no way to keep them from your blog or forum without disabling comments altogether or shutting your forum down.
Dealing with spambots is another kettle of fish.
Spambots are programmed to do two things:
Over a decade ago, a fellow wrote a nice PERL script called
. I am not typing the name out here, because it proved so effective at neutralizing spambots that the next generation were programmed to avoid sites with any mention of it (I like it already).
What it does is generates a page of fake URLs and fake emails. Each time the page loads, it generates a new set of these spurious URLs and email addresses. Every URL on the page is linked to a new instance of the page, thereby providing yet more URLs and email addresses for a hungry spambot. The script is designed to wait 10 seconds before loading, so as to tie the spambot up, and be easy on the system hosting it (spambots can make thousands of requests per second, potentially overloading the machine but for this 10 second pause between requests).
Back when was released, hard drives weren't very big, and it was possible to cause the machine a spambot was running on to crash due to a full hard drive (YAY!). Today, with the availability of terabyte hard drives, all does is keep the little buggers occupied until their master finds them loading their hoppers with fake information and resets them. Just keeping the spambots occupied with one instance of is a "good thing", because as long as they're busy waiting for all those lovely (but fake) email addresses, they're not on your neighbor's website sucking up their info.
On my website, I have lots of different things for folks to do. Conversely, I have lots of ways for spambots to find their way to the that I've installed for their use.
If you run a site with forms, you can create a form field that is hidden to users of regular browsers (be mindful of users of screen readers, and let them know not to fill out that field), and when that field is used, it automatically sends the submitter to the playground.
On my regular web pages, forum pages, and pretty much any other page that doesn't contain forms, I have a link that is hidden via CSS that says "Sign my guestbook" (spambots love guestbooks). This link has a warning for those humans who use screen readers.
Is the warning necessary?
No, most humans can see that they're someplace they weren't planning on visiting, and they can back out or go somewhere else. I just like to keep folks apprised of the spam trap.
If you'd like to use the installed on Novarata, just link to http://www.novarata.net/guestbook/ (you can click it now and see how it works - I think it's pretty neat)
Have fun annoying spammers ☺
Want to discuss this? Have a comment for the author? Mosey on over to the Novarata Forums and let us know what you think.
- Spammers who control vast spambot hordes
- Human spammers
In recent years, since the internet has reached more folks, some master spammers have taken it upon themselves to hire third world citizens to sit in internet cafés and sign up for forums and blogs and such with the purpose of spamming whatever links the master spammer needs spammed. Since these folks are working for pennies an hour, there is no shortage of them.
We will not be discussing the aforementioned human spammers, as there's really no way to keep them from your blog or forum without disabling comments altogether or shutting your forum down.
Dealing with spambots is another kettle of fish.
Spambots are programmed to do two things:
- Scour the web, looking for email addresses. These bots are programmed to look in blog comments, guestbooks (yes, people still have guestbooks), blog posts, and some will look anywhere that is hyperlinked.
- Seek out and attempt to sign up to forums, blogs, etc for the purposes of spamming. When a bot successfully signs up for a forum/blog/etc, it will start spamming its payload. Since bots are programmed to act in a certain way, they are pretty easy to keep out of forums, blogs and whatever.
Over a decade ago, a fellow wrote a nice PERL script called
. I am not typing the name out here, because it proved so effective at neutralizing spambots that the next generation were programmed to avoid sites with any mention of it (I like it already).
What it does is generates a page of fake URLs and fake emails. Each time the page loads, it generates a new set of these spurious URLs and email addresses. Every URL on the page is linked to a new instance of the page, thereby providing yet more URLs and email addresses for a hungry spambot. The script is designed to wait 10 seconds before loading, so as to tie the spambot up, and be easy on the system hosting it (spambots can make thousands of requests per second, potentially overloading the machine but for this 10 second pause between requests).
Back when
was released, hard drives weren't very big, and it was possible to cause the machine a spambot was running on to crash due to a full hard drive (YAY!). Today, with the availability of terabyte hard drives, all does is keep the little buggers occupied until their master finds them loading their hoppers with fake information and resets them. Just keeping the spambots occupied with one instance of is a "good thing", because as long as they're busy waiting for all those lovely (but fake) email addresses, they're not on your neighbor's website sucking up their info.
On my website, I have lots of different things for folks to do. Conversely, I have lots of ways for spambots to find their way to the
that I've installed for their use.
If you run a site with forms, you can create a form field that is hidden to users of regular browsers (be mindful of users of screen readers, and let them know not to fill out that field), and when that field is used, it automatically sends the submitter to the
playground.
On my regular web pages, forum pages, and pretty much any other page that doesn't contain forms, I have a link that is hidden via CSS that says "Sign my guestbook" (spambots love guestbooks). This link has a warning for those humans who use screen readers.
Is the warning necessary?
No, most humans can see that they're someplace they weren't planning on visiting, and they can back out or go somewhere else. I just like to keep folks apprised of the spam trap.
If you'd like to use the
installed on Novarata, just link to http://www.novarata.net/guestbook/ (you can click it now and see how it works - I think it's pretty neat)
Have fun annoying spammers ☺
or a 
or a 
button. When you click it, you'll come to a simple PM screen. Just put "SPAM" in the field and send it on. This feature is tied in to the emails of moderators, who will come and flush the thread from the forum.
