I pride myself in allowing free submission to be directory, but recently I am getting tonnes of submissions for online pharm sites that are just junk. They are all from a differnt IP, but often have similar domains, alot being home.aol.com and some even .edu sites. What's the best way to tackle this? Up to 90% of the submissions per day are spam
I think as this thread develops, someone will offer ways to help prevent these type of submissions on one of our sites we have problems too, but not at the level you have mentioned We have a paid site also and that stops it.
The type of spammer you describe is using auto-submit software most likely. Employ some form of image validation to the submission process, and then this spammer and his penis pill submissions will stop. Without it, the auto-submitters will have a field day with your directory.
Yes. I don't understand how free directories get by without image verification. Also, if you are using phpld, I saw a post somewhere about renaming your submit.php to something else to help stop spam.
I'd suggest that you start banning the various IP's that are spamming your directory. This can be easily done if you're using cpanel for your hosting administration panel.
If you haven't aleady, mod you admin approval panel so you can do bulk deletes. Takes me about 3 seconds to delete whole pages of spam sites.
Increase the minimum description text requirement to 200 characters. That stops a lot of spam, and crappy sites from listing because it actually makes them take time to do the submission even if your directory site is free. They would be foolish to waste so much time on a submission only to be deleted or banned.
I started doing this on a site that was being hacked. I kept adding IP's and eventually added every IP in the country of Turkey. He kept moving around (spoofing IP's). Eventually I moved admin.php to a non-standard directory that he won't find. He has hacked 13,000+ sites so it's a bot that looks for admin in the root and goes from there. Bottom line, blocking IP's doesn't stop the average spammer or hacker.
he/they use proxies almost never using same ip twice add captcha and maybe make users signup first if its needed 500th post !
I recommend a captcha, but not image validation. The reason is that these validation scripts are so common, they appear on nearly every directory, and they can be beaten by a computer. This is rarely done, which is why everyone recommends putting one in, but it has been possible to break this kind of captcha for some time. If every directory has image verification, then soon every spammer will be using a script to break this captcha. If you can get a non-standard trivia-based captcha installed, do so. Another approach is to install some good word-list filters, if you have the kind of directory that doesn't accept certain types of site.
I am surprised that someone can code their way around a captcha as I sometimes have trouble reading them especially when they have goofy fonts that make s look like 8 and l look like 1 and on and on. Trivia would be good if your market is one country or societal group.
Captcha (image verification) does work. There are some sophisticated scripts that have some sort of OCR capabilities and can read the characters on the image so you need to experiment with the "masking" of the letter. Make the characters too hard to read and your users will not submit.
I heard an ingenious trick - you set up porn site with captcha on it - only you use the image from the site you are trying to spam. Then when the Mr Slobber wants a porn fix you spam the directory, show Mr Slobber the image, he tells you what it is and you submit the form. Voila, human validated captcha. But I would recommend implementing it also.
Thanks for your input folks! I definitely need some kind of validation, I like the trivia suggestion. I have tried banning IPs, but I just end up with an every increasin list of banned Ips. I don't want to start charging, as I pride mysewlf in being free.
Seriously, it is worth doing the IP banning. I was getting spammed to death on my photoblog so I made a few changes to the code - one of them was to automatically add a spammers IP to a block list. It only took about 5-6 weeks and the spammers kindly built a list of around 400 IP blocks that they spam from and I now rarely get any comment spam. Yes, it is a pain in the butt while the spammers are about - and something that will be impossible to totally stop, but a combination of captcha image and IP blocking and your spam will drop to a very small % within a few weeks.
You could have your submitters fill out the form, then when they hit enter, give them a time limit of 30-60 seconds to type and enter the captcha. This would prevent the above suggestion of using pervs to decipher the captcha.