Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » How do I…?
  3. » Spam sign-ups... how to stop them? (Not comment spam)

Pages: 1 2

#1 2012-03-26 22:32:54

WebKat
Member
Registered: 2007-01-16
Posts: 301

Spam sign-ups... how to stop them? (Not comment spam)

I made a site for my mom using Textpattern. She runs an Irish community site for her city with it. She has an events calendar plugin installed and people can subscribe to be notified of new events… well, she gets in her words “50 signups a day” that are spam. They don’t actually appear in the subscriber list, but bots or something are submitting her form, constantly, every day. Is there a way to stop this? WITHOUT CAPTCHA?


WebKat

Offline

#2 2012-03-26 23:58:56

maruchan
Member
From: Ukiah, California
Registered: 2010-06-12
Posts: 596
Website

Re: Spam sign-ups... how to stop them? (Not comment spam)

Is this events calendar plugin sending her emails? I don’t understand where the spam signups are going.

Offline

#3 2012-03-27 00:42:10

WebKat
Member
Registered: 2007-01-16
Posts: 301

Re: Spam sign-ups... how to stop them? (Not comment spam)

Yes, she gets an email notification. I get virtually the same exact emails when people sign up for my “get updated when new articles are posted” thingie through Postmaster.


WebKat

Offline

#4 2012-03-27 06:25:56

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,258
Website GitHub Mastodon Twitter

Re: Spam sign-ups... how to stop them? (Not comment spam)

You can get the IP of the spammers using <txp:zem_contact_serverinfo name="REMOTE_ADDR" label="IP number" /> in the newsletter form and then ban them from the site by adding 

Order Allow,Deny
Allow from all
# spam referrers
Deny from xx.xx.xx.xx
Deny from yy.yy.yy.yy
Deny from zz.zz.zz.zz

in the htaccess file

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#5 2012-03-27 08:26:32

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,948
Website GitHub

Re: Spam sign-ups... how to stop them? (Not comment spam)

WebKat wrote:

bots or something are submitting her form

My standard trick to get round this is to add a fake form field to the signup form. It has to be something that might be real, e.g. phone number. Something that smells like a valid form field to use in this context if you were to read the HTML source. Make sure it has an ID and then hide it with a single display:none CSS rule. Assuming you have control over the form fields, that’s what I’d do.

Humans are blissfully unaware of the text field, and will signup by entering their e-mail address or whatever is needed. Bots on the other hand are greedy. They read the source code and assume if a field seems reasonable and is present in a form it must be filled in, since they can’t take the risk that it’s not a required field or may be triggered visible by some jQuery in response to another field being changed. So they will almost always put data in it.

You can use this to your advantage on the server side:

  • Does fake field contain any data? If so, return ‘thanks for your submission’ (so the bot thinks everything went well and doesn’t try again) and then quietly discard the info.
  • Is the fake field empty? Then return the same thanks message and forward the signup details to your mom.

That should cut down on 98.14159265358% of spam.

If you’re using zem_contact_reborn then the companion plugin pap_contact_cleaner makes a passable job at this kind of thing, but it doesn’t catch it all because it’s getting old. You can’t beat doing it manually with a technique like the above. Hope that helps.

Last edited by Bloke (2012-03-27 08:30:08)

The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#6 2012-03-27 13:23:18

WebKat
Member
Registered: 2007-01-16
Posts: 301

Re: Spam sign-ups... how to stop them? (Not comment spam)

I may ask for clarifications when I go to implement your suggestions, but I think I’ll try it. I may have some downtime at work today otherwise it will be this evening. Thanks for your help!


WebKat

Offline

#7 2012-03-30 02:09:50

WebKat
Member
Registered: 2007-01-16
Posts: 301

Re: Spam sign-ups... how to stop them? (Not comment spam)

Ok I sat down with some time on my hands to analyze what you explained. I have added a hidden text field named “date-of-birth” in my forms. So what do I do on the server side to filter the entries that have data in that field vs sending them to the thank you page? I assume I need to pass them through a script of some sort? I’m using zem_contact_reborn 4.0.3.20 to process the form right now (newsletter subscription).


WebKat

Offline

#8 2012-03-30 07:59:54

merz1
Member
From: Hamburg
Registered: 2006-05-04
Posts: 994
Website

Re: Spam sign-ups... how to stop them? (Not comment spam)

I’m using zem_contact_reborn 4.0.3.20 to process the form right now (newsletter subscription).

Then you should install/activate plug-in pap_contact_cleaner because it adds fields and uses zem_contact-features to do the rest.

This is the whole pap_contact_cleaner code (for inspiration):

register_callback('pap_zemcontact_form','zemcontact.form');
register_callback('pap_zemcontact_submit','zemcontact.submit');

function pap_zemcontact_form() {

	$field = '<div style="visibility: hidden">'.finput('text','phone',ps('phone'),'','','','','','phone').'<br />'.finput('text','mail',ps('mail'),'','','','','','mail').'</div>';
	return $field;

}

function pap_zemcontact_submit() {

	$checking_mail_field = trim(ps('mail'));
	$checking_phone_field = trim(ps('phone'));

	$evaluation =& get_zemcontact_evaluator();

	// If the hidden fields are filled out, the contact form won't be submitted!
	if ($checking_mail_field != '' || $checking_phone_field != ''){
		$evaluation -> add_zemcontact_status(1);
	}
	return;

}

Get all online mentions of Textpattern via OPML subscription: TXP Info Sources: Textpattern RSS feeds as dynamic OPML

Offline

#9 2012-03-30 18:39:45

WebKat
Member
Registered: 2007-01-16
Posts: 301

Re: Spam sign-ups... how to stop them? (Not comment spam)

The download link in the support thread for pap_contact_cleaner is dead… do you have the txt file to install it?


WebKat

Offline

#10 2012-03-30 19:13:31

MattD
Plugin Author
From: Monterey, California
Registered: 2008-03-21
Posts: 1,254
Website

Re: Spam sign-ups... how to stop them? (Not comment spam)

The link on Textpattern Resources seems to work. Sends you to Rud’s site.

My Plugins

Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker

Offline

#11 2012-03-30 19:43:14

Gocom
Developer Emeritus
From: Helsinki, Finland
Registered: 2006-07-14
Posts: 4,533
Website

Re: Spam sign-ups... how to stop them? (Not comment spam)

WebKat wrote:

The download link in the support thread for pap_contact_cleaner is dead… do you have the txt file to install it?

Pap_contact_cleaner doesn’t have it’s own support forum thread. There an old, previous ZRC thread, which collects ZRC plugins and mentions it if that is what you referring to.

Rah | GitHub

Offline

#12 2012-03-30 20:54:34

WebKat
Member
Registered: 2007-01-16
Posts: 301

Re: Spam sign-ups... how to stop them? (Not comment spam)

Oh cool, thanks. So it doesn’t need any configuration? It just does its thing automatically?


WebKat

Offline

Pages: 1 2

  1. Index
  2. » How do I…?
  3. » Spam sign-ups... how to stop them? (Not comment spam)

Board footer

Powered by FluxBB