SitePoint Sponsor

User Tag List

Results 1 to 18 of 18
  1. #1
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Spammers or bots signing up to my lists

    Hi all,

    Hope you are doing well.

    So I have several free lists on various sites, & one of my sites keeps getting bots or idiots signing up for the free list & then never confirming their signup. Actually I don't believe it's a bot, b/c there's a drop down menu they have to choose from so they have to be humans.

    I got someone to put a captcha in the signup process thinking that would stop it, but no such luck.

    Any idea why they are doing this & how to stop it?

    Thanks


    Michelle

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    2012,

    They do it to annoy you. Are they succeeding?

    CAPTCHA is supposed to STOP spammers from starting the sign-up and you should have your server not inform you unless the second half (confirmation) is completed. Also, setup your database to require confirmation within a set period of time else delete the garbage.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes it is annoying b/c I don't know who's real & who's not, although I can tell most times now.

    Unfortunately I'm still using a 3rd party hosted shopping cart that also runs my lists. Their code & features are sub par at best, so I doubt there's an option to self delete if they don't opt in. In fact I know there's not, as I've had to do it myself & have to do it soon, as I'm nearing my max.

    I get notified of every signup whether it goes thru or not. Again, I doubt there's a feature that would ONLY let me know if they opted in.

    This has been going on for months. I don't know if it's the same person or what's happening. I guess I could try to keep track of the IP addresses, but I just don't have time for that & they are probably using a proxy anyway.

    Thanks


    Michelle

  4. #4
    Life is not a malfunction gold trophysilver trophybronze trophy
    TechnoBear's Avatar
    Join Date
    Jun 2011
    Location
    Argyll, Scotland
    Posts
    6,436
    Mentioned
    274 Post(s)
    Tagged
    5 Thread(s)
    If it's bots rather than human spammers, you could try adding something like this, and hope they fall into the trap before they reach the signup form. (Maybe add the trap at the start of the form.)
    Don't serve your porridge and then go out for a walk.

  5. #5
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've had the same problem recently. I blocked the IP addresses and it seems to be working - no attacks in more than a week. They were coming through every day. Seems to work, for now anyway - apparently, they don't all use proxy servers. Just a thought.

    You could also try adding a question to your forms, e.g. (4+9-3 = ?) or something similar and validate it on the action page. That will stop most bots, their automated processes aren't smart enough to answer questions.

    P.S. I find CAPTCHA a pain in the neck when it appears on forms - it must put some people off completing the process. Just an opinion.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  6. #6
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Bear, I have to get someone to do this for me of course. I'm just an entrepreneur.

    Mouse, I have to see if I block the IP it will work. Unfortunately I use a hosted list builder & they suck. I can't change for various reasons.

    I remember asking them a few years back if the blocking of the IP address worked on the list & I think they said no. Why they have it at all is beyond me, but I'll ask again.

    What script do you use for the question? I hate some captchas b/c they don't work. The one that was put on my forms was a simple one as the guy said the Google one wouldn't work. Not sure why.

    Is the Simple Site Audit yours?

    Thanks again.


    Michelle

  7. #7
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to ask your technical guy to add a question to your forms (unless you are familiar with form creation and have access to site via FTP), but it must be validated on the action page - there's no script involved.

    Yes, simplesiteaudit is mine, all mine
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  8. #8
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wish I had a "technical guy" to do this. It's even getting worse now over the last few days.

    Thanks


    Michelle

  9. #9
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Would you mind sending me the URL for the form that is being abused? I'll see if there's anything obvious that you can change.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  10. #10
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh thank you.

    I have 2 index pages. I'm giving you the 2nd one only b/c the list box drops down so it's easier for you to find. If you want the 2nd one, just remove everything after the .com. The box to click on to sign up is on the right side of the page

    I will pm the link to you.


    Michelle

  11. #11
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    Would you mind sending me the URL for the form that is being abused? I'll see if there's anything obvious that you can change.
    Hi 2nd mouse.

    I sent you my URL a while ago & never heard back. Did yo not receive it?

    Thanks

  12. #12
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I find it interesting that AFTER I posted the URL on this thread both the first time & just now, the amount of spam increased.

    JUST LOVELY!

  13. #13
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,559
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by 2012 View Post
    I'm still using a 3rd party hosted shopping cart that also runs my lists.
    Do you have access to change
    a) the html code that displays the sign up form
    b) server side script that the form posts the data to

  14. #14
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry 2012

    I haven't had time for a thorough looksee. However, what I did see was a lot of javascript on the page, presumably controlling the form animation. JS being a client-side language is easily open to abuse.

    Further to EastCoast's questions - if you don't have access to the nuts and bolts of the site, i.e. via FTP or a control panel or both, there's not much you can do to amend your form. Who looks after the site for you? How did it get created in the first place? Someone must've set it up for you.

    Contact the people you are paying for the webspace and ask about access. Once you get access, it will be easier to advise you further.

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  15. #15
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    P.S. You might want to ask SP admin to remove the link from your site address in the post above.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  16. #16
    SitePoint Member
    Join Date
    Feb 2013
    Location
    Nepal
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Captcha are annoying if we view from the eye of visitor.. but they are the protector too ,, noadays there are really amazing captcha puzzle which can be easily solved by human but not by bot .. try those...

  17. #17
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by EastCoast View Post
    Do you have access to change
    a) the html code that displays the sign up form
    b) server side script that the form posts the data to
    Sorry, didn't see these responses until now since someone else posted.

    Do you mean can I get something changed on my site?

    I have to wait until I have some funds & then can maybe do it, yes.

    I have access to everything, doing coding other than basic html is outside my skill set.

    Thank you


    Michelle

  18. #18
    Love *********'s Forum ep2012's Avatar
    Join Date
    Aug 2004
    Location
    Toronto, Ontario
    Posts
    848
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by 2ndmouse View Post
    Sorry 2012

    I haven't had time for a thorough looksee. However, what I did see was a lot of javascript on the page, presumably controlling the form animation. JS being a client-side language is easily open to abuse.

    Further to EastCoast's questions - if you don't have access to the nuts and bolts of the site, i.e. via FTP or a control panel or both, there's not much you can do to amend your form. Who looks after the site for you? How did it get created in the first place? Someone must've set it up for you.

    Contact the people you are paying for the webspace and ask about access. Once you get access, it will be easier to advise you further.

    Regards
    My site has been touched by many hands over the many years. Many of whom didn't know what they were doing. I haven't had a website coder in a while. I, like many other entrepreneurs hire a person to do one there here or one thing there b/c it's so stressful dealing with website coders. I did recently hire someone to do something small, but it wasn't really site related. I still don't know how good he is & may never know, as I never know until the next person tells me XYZ was done wrong or something breaks down & I remember who did it. He did help me fix an issue that even the company who provides the software didn't tell me, so that impressed me.

    I don't need to ask anyone for access, I know how to load FTP. I didn't know the form was all JS.

    Today I had someone (spam) signup to the list 4 times LOL Just nuts.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •