1. 技术文章
  2. Is a Captcha and a math question enough for SPAM prevention?

Is a Captcha and a math question enough for SPAM prevention?

会有一股神秘感。 提交于 2020-01-23 17:49:08

问题


One of my websites gets a ton of registration spam. I have a Captcha and a math question on the registration form but it doesn't seem to help much. Am I likely experiencing manual spammers or are my prevention mechanisms not good enough?

The registration form is here:

http://peaksoverpoverty.org/wp-signup.php

Update

I've been tracking behavior a bit closer over the past week and this is what a typical request looks like in the access logs:

174.132.130.194 - - [18/Jan/2011:07:24:55 -0600] "GET / HTTP/1.1" 302 20 "http://peaksoverpoverty.org/wp-signup.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 3.0.04506; Media Center PC 5.0; SLCC1; Tablet PC 2.0)"

After poking around a bit, the user agent string doesn't necessarily look malicious - this tool was able to explain the entire string. Then again, I haven't ever really stared at user agent strings for a long time. I know they can easily be spoofed, but this is what the spammers are sending.

Also this is a list of offending IP addresses I have gathered over the past week and blocked:

174.120.203.66
174.120.245.194
174.122.107.138
174.122.175.162
174.123.101.98
174.132.130.194
174.142.241.137
175.41.168.169
184.154.74.21
187.63.208.241
195.56.42.131
199.16.130.53
200.17.56.7
201.22.130.66
201.59.175.2
201.59.175.29
205.186.184.10
208.100.27.143
208.100.27.154
208.100.27.159
208.100.27.186
208.101.30.165
208.43.73.29
209.151.224.235
209.151.224.240
212.227.119.47
213.251.189.204
213.251.189.205
216.108.225.220
216.108.225.242
220.181.94.212
222.237.79.242
24.252.62.57
62.215.5.66
64.22.89.70
66.172.42.11
66.232.112.144
66.232.112.168
66.249.71.217
66.96.219.38
67.109.124.170
67.18.19.194
67.18.5.2
67.18.72.2
67.225.184.5
69.117.20.174
69.117.22.237
69.117.24.21
69.117.26.195
69.147.240.90
69.147.249.161
69.147.249.22
69.147.249.99
69.167.175.27
69.28.58.35
69.56.228.130
69.89.31.240
71.208.210.208
72.18.157.147
74.220.215.68
74.53.28.2
74.54.131.82
74.54.95.210
77.235.37.41
79.125.33.136
79.172.242.144
80.252.171.68
82.80.235.146
84.16.243.243
85.17.199.46
85.214.92.15
85.92.83.164
86.196.41.15
86.208.68.211
88.191.126.212
88.208.33.130
90.18.14.167
90.47.218.215
90.59.74.139
91.121.203.226
91.184.49.210
91.207.254.234
93.174.95.153
94.125.27.20
95.133.38.238

It seems like the attackers are providing fairly dynamic IP addresses. Any further thoughts would be great. I'm really starting to think these are manual attacks but still not 100% sure because I've never dealt with a spam issue this bad.

来源:https://stackoverflow.com/questions/4676368/is-a-captcha-and-a-math-question-enough-for-spam-prevention

标签
spam-prevention
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!