I would like to use website cloaking as a security measure to protect my dating service and other site. Here is my idea... has any body done this.. Use IP based cloaking instead of my .htaccess file when a user comes from a particular bad area (Nigeria.) point them to a exact copy of the site that is pointed at an alternative database.... Then have my code write all valid submissions to both dbs... but the spam ones only to the spam db.. When a spammer comes to the site the see all the people using it... they register (goes into the spam db) and they think they are spamming my users... the only person that would ever see it would be another spammer. The reason like this is that it cost them money and time to submit and try and contact / scam my suers.. I just haven't determined if it would be worth the effort ... Has anybody else already done this... (don't need to give me a URL or anything)
It's an interesting idea but I suspect that it will end up costing you more than it costs them. I like that you neatly avoid the problem of false positives by allowing anyone from a suspected spamming neighbourhood to see the whole site WITH all the spam and only remove the spam for the good neighbourhoods. Downsides: 1. You may lose legitimate customers who happen to come from spammy neighbourhoods and don't like the spam they see. 2. It will take time to write and administer and will take resources to keep running. 3. Spammers won't ever give up on your site because they think they are being effective. Upsides: 1. You get a warm fuzzy sensation that you are costing the spammers some amount of money. 2. I just can't think of any more positive aspects to this idea. Have you got any ?
"3. Spammers won't ever give up on your site because they think they are being effective." Thats the problem now.. I've spent months cleaning up after them and its no good they keep coming ...I block their IP's but they see that and use proxies..... At least this way they would think they are not blocked... they would think that they are really trying to scam my users... (spinning their wheels)... The truth of the matter is that I'm really busy and will probably never spend the time and effort to spec out this code for our programmer to write... The idea just sounds interesting to me.
IP addresses are not a good way to identify spammers. Try Bayesian filtering and blacklisting. On my personal site I use the presence of JavaScript to identify spammers. They use bots that don't parse JavaScript and so far it has been 100% effective. No false positives, no false negatives. I'm writing an article on spam filtering for blogs on my personal website. I'll have it finished any day now...