by Seiichiro » Wed Feb 28, 2007 8:48 pm
I had trouble with a guestbook a couple years ago like this. Here's what I did... watched trends in spam posts and created a list (array) of keywords and phrases that signaled bots. Created a condition in the source in the post functions where it checked against the array. If a flag came up, the poster's account, IP address and date/time were logged into a separate database and the post was not added. After gaining a few entries into the "spam" database, I also filtered against IP addresses (DHCP still often gives out the same IP address).
Also add checking against users. If there are a bunch of spam posts (especially if they're in a row), flag the user and disable the account. Also increase the required delay between posts.
Sure it's digging through the source and manipulating the database directly, but sometimes you just gotta do that.
In this recent surge, look for posts that are just links with irregular URL's that don't go anywhere. Is there a way to check the http status of a link in php? If the return code is anything other than 200 and all the post is is a link, flag it.
... wish I could read MAC addresses with PHP. Anyone?