Fighting Spam on Typo with Logic

Erik — Mon, 05 Feb 2007 14:29:00 +0000

I realized that spam bots are stupid, and spammers are generally not the best programmers, so a while back I made a system to fight the intolerable spam plaguing us. I noted today that Robby on Rails was having this same problem, and I figured I might as well share what has worked for me.

First, I added this line to my views/articles/_comment_box.rhtml:


#      for="comment_body">Your message
#      valign="top" colspan="2">
#       <%= text_area "comment", "body" %>
#     
#  
    
      
        
          <% spammer_array = [["two","9","twelve","2"][rand(4)],["1","15","4","eight"][rand(4)]] %>
<% question = "What's #{spammer_array[0]} times #{spammer_array[1]} ? (numerical)" %>
           for="spammers_suck"><%= question %>
        
      
       <%= text_field_tag "spammers_suck" %><%= hidden_field_tag "spammers_question", question %>
    
#   
#      colspan="2" id="frm-btns">

So far, it’s simply a new table row with some junk in it. But, the interesting thing is that every time the page is created and cached, it contains a new random equation for the user to guess. This is then sent along with the request to post a comment (not the preview, mind you) to the comment action.


# Again: Commented parts are unchanged from Typo codebase
#  def comment
#    unless @request.xhr? || this_blog.sp_allow_non_ajax_comments
#      render_error("non-ajax commenting is disabled")
#    return
#   end

    #AntiSpam
    b = params[:spammers_question].split(" ")
    c = [[2, 9, 12, 2], [1, 15, 4, 8]]
    d = [["two","9","twelve","2"], ["1","15","4","eight"]]
    num_one = 0
    num_two = 0
    c[0].each_with_index{|t,i| if(b[1].index(d[0][i])); num_one = t; end}
    c[1].each_with_index{|t,i| if(b[3].index(d[1][i])); num_two = t; end}

    if not params[:spammers_suck].to_i == num_one * num_two
      render_text "You're either a spammer, or you can't do math."

#    elsif request.post?
#      begin
#      @article = this_blog.published_articles.find(params[:id])
# ...

This very simple hack has caused a complete cease of comment spam on my blog. I also globally disabled trackbacks (which took a manual database query in the end), and so far the only spam-like comment I’ve gotten was a hate comment ;). So, the moral of the story is that you don’t have to put up with spam in Typo, and you don’t have to use Askimet or some other external service to fight it. Just some simple math is all it takes to pwn the noob-bots.

PhishTank pwns Phishing Phools

Erik — Sat, 07 Oct 2006 12:31:00 +0000

PhishTank is an awesome website that keeps a database of phishing websites that are
user submitted and verified. It integrates with
OpenDNS, so when a site is verified by the community
as a phishing site, OpenDNS users will see a phishing warning instead of the
original website. There are also other perks like spelling correction and
faster DNS resolves, but the phishing this is revolutionary. I joined
PhishTank today, and I’m currently in second place on number of phishing sites
submitted. I submitted 167 of them from Google’s blacklist after filtering it
with a short perl script.


#!/usr/bin/perl
use strict;
use LWP;
die("Specify a link file.") unless $ARGV[0];
open IN, "<", $ARGV[0];
open OUT, ">>", "results.".$ARGV[0];
while() {
  if(/new;
    $browser->timeout(3);
    my $response = $browser->get($1);
    if($response->is_success) {
      print OUT "$_\n";
      print "Success: $1\n";
    } else { print "Failed: $1\n"; }
  }
}

:) I’m so happy when I find sites that are already marked as phishers. If
only the process of submission could be automated completely…I’ll play with
the API on PhishNet and maybe it will become reality.

Schadenfreude » spam

Fighting Spam on Typo with Logic

PhishTank pwns Phishing Phools