Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 comment spammers
Author: W.Schmitten   (4 Aug 12 10:54am)
Moin,
just for understanding: can anybody explain, how the script from project honey pot can detect a comment spammer.
The guestbook of my site is visited by comment spammers (20 per day) with varying IP's out of the pool from relakks.com but he (they) don't walk into the trap.
What can I do additionally?
Wilfried
 
 Re: comment spammers
Author: E.Geier   (5 Aug 12 6:28am)
> The guestbook of my site is visited by comment spammers,,,
> but he (they) don't walk into the trap.

Did you put (invisible) links from your guestbook (and other pages) to your trap? If no, how could the comment spammers get the idea to visit your trap? Whatever, this would not really prevent comment spammers from doing their work. They would just be caught.

> can anybody explain, how the script from project honey pot can detect
> a comment spammer.

"Visitors" of your trap are presented with a kind of webform looking thingy, and the script recognizes if and what they enter. This information is centrally collected and used by Project Honeypot.

> What can I do additionally?

As a user of Project Honeypot, implement an HTTP blacklist (https://www.projecthoneypot.org/httpbl_implementations.php), or use a CAPTCHA service for your guestbook, or run your websites through a CDN service like Cloudflare.com or Incapsula.com. It's your choice...

Post Edited (5 Aug 12 6:35am)
 
 Re: comment spammers
Author: W.Schmitten   (5 Aug 12 7:44am)
Of course, all the pages have an invisible link to the trap... but this link must be executed otherwise it has no worth.

The spammer gets the form, fills in the content and then POST's it. Can i put this POST array to the honey pot script? But in this case I have to know, that this is spam. Is that the problem like hen and egg??
 
 Re: comment spammers
Author: E.Geier   (13 Aug 12 2:18am)
> Can i put this POST array to the honey pot script?

Not sure what you mean. The form *is* part of the honeypot trap. Nothing special is needed from your side.
 
 Re: comment spammers
Author: R.Woolley2   (13 Aug 12 7:06am)
If you are recording HP marked spammers then they have probably already hit a "pot" somewhere else and are known.

However if your book is accepting spam entries that HP does not block then they are probably MANUALLY posted and there is little one can do for those other than use a book program with decent internal filtering also which may help to frustrate the moron (and perhaps teach you a few new filters to add).

Also, "Akismet" as a plugin is an excellent blocker for both bot and manual entries; a good adjunct to RBL.

Under NO circumstances post the honey pot form your self.

That page (the "pot") supplied by HP is a "bait" for non humans (bots) to copy and submit and therefore tell HP to register them as a bot.

DO NOT expect lots of bots to copy and submit that form often, you are expecting too much.

Do place the HP supplied link (AS A HIDDEN LINK) to that honey pot page on as many of your sites pages as you can to enhance chances of attracting a remote bot. If you have other sites place the HIDDEN link on them too (BUT NEVER on other external link sites... the link must remain hidden).

Regards.

PS if HP is all a bit much try www.stopforumspan.com, thanks to the arrogance of one of the forum helpers here I am rewriting my program to use them plus supported with Akismet.

Post Edited (13 Aug 12 7:13am)
 
 Re: comment spammers
Author: W.Schmitten   (14 Aug 12 8:32am)
Sorry for my question was not clear.

I use http:BL and additionally an own blacklist for indentifying a spammer.

The question is: when to redirect the spammer to that honey pot script?
a) Before he fills my form for an guestbook entry or
b) later on, when he/she has filled my form.

In the second case the POST array contains some information that would be helpfull??

Sorry for my English :-(

 
 Re: comment spammers
Author: H.User1325   (14 Aug 12 12:34pm)
"The question is: when to redirect the spammer to that honey pot script?"

You should NOT redirect to a honey pot any visitor to your site. You should, as Geier said earlier, have hidden links to your honey pots giving comment spammers, etc every opportunity to take the bait. You are correct this does not directly keep them from leaving spam comments.

However, when they have been identified as a comment spammer by project Honey Pot, you can then use the http:BL API to check the reputation of their IP address as they access you guestbook, or other pages, and based on THAT information decide what to do.

Does this help? If not try again. We will keep working at it until there is understanding all the way from your question through our answer and back to you. Sometimes a long process.

Post Edited (14 Aug 12 12:37pm)
 
 Re: comment spammers
Author: W.Schmitten   (21 Aug 12 3:04am)
Many thanks, Wilfried
 
 Re: comment spammers
Author: K.Morse   (13 Nov 12 12:25am)
How does one get comment spammers identified by Project Honey Pot?

I have installed http:BL and am successfully blacklisting tons and tons of comment bots however some still get through.

Is there any way I can report them?
 
 Re: comment spammers
Author: H.User1325   (13 Nov 12 7:13am)
<quote>I have installed http:BL and am successfully blacklisting tons and tons of comment bots however some still get through.
</

So my first question is, have you adjusted the criteria for rejection? What is the threat rating of those that "still get though" or are they "NXDOMAIN" not listed?

<quote>Is there any way I can report them?
</

The problem I see as a user, is the continued validity of the HP data base.

From your dashboard or the IP Data page, you can lookup the IP address and leave a comment reporting the offense. However, it is not clear to me that there is a direct link between comments and http:BL threat rating.

On the other hand, the current process used by the Honey Pot Project, using Honey Pots, is directly based on the actions of the offending IP address. Kind of a self reporting system, NOT based on the opinion of others. That is not to question the validity of your reports but in general indirect reports would open HP to questions about the validity of the system. By including links to your HP and QuickLinks you are giving spammers every opportunity to "fall from grace" if that is their intention.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email