6

我在我掌握的网站上有一个论坛,每天都会收到垃圾邮件。目前我删除垃圾邮件并阻止IP。但这不是很好。被阻止的 IP 列表正在迅速增长,但论坛中的垃圾邮件数量也在迅速增长。

论坛完全是我自己的代码。它是用 PHP 和 MySQL 构建的。

阻止垃圾邮件的具体方法有哪些?

编辑 我忘了提到的是,论坛需要对未注册用户开放才能发帖。有点像博客评论。

4

14 回答 14

12

在我编写的留言簿应用程序中,我实现了两个功能来防止大部分垃圾邮件:

  • 不允许 POST 作为会话中的第一个请求

  • 发布时需要有效的 HTTP Refer(r)er

于 2009-01-27T20:48:30.147 回答
5

我知道哪种方法有效的一种方法是在提交表单之前使用 JavaScript。例如,将方法从 GET 更改为 POST。;) 垃圾邮件机器人在执行 JavaScript 方面很糟糕。当然,这也意味着非 Javascript 的人将无法使用您的网站……如果您关心他们的话。;)(注意:我没有)

于 2009-01-27T20:40:32.177 回答
5

In my experience, the best easy defenses come from just doing something "non-standard". If you make your site non-standard, this makes it so that any automated spam would have to be coded specifically for your site, which (no offense) probably isn't worth the effort. Note that if the spam is coming from human spammers, there's not really anything you can do that won't also stop legitimate posters. So the goal is to find a solution that will throw away any "standard" posts - that is, "fill out the whole form and push submit".

A couple examples that come to mind of things that you could try:

  • Have a hidden form field with a name that sounds like something a spammer would want to fill out, like "website" or "homepage" or something like that. If the form field gets filled out, throw away the message instead of posting it, because it was a bot automatically filling in the whole form, even invisible fields.
  • You don't have to use a "real" captcha, but even something simple like "Enter the following word backwards: <random backwards word>" or "What is the domain name of this website?". Easy for a human to do, but it would require a fairly complex bot to figure out what to fill in.
于 2009-01-27T21:17:05.520 回答
4

你可以使用验证码,有一些很好的脚本,比如PHPCaptcha,或者使用垃圾邮件控制服务,比如Akismet,它们有一个PHP API

于 2009-01-27T20:41:35.027 回答
2

您可能想查看这个问题,其中有几个答案描述了如何实现非侵入式验证码。

要考虑的另一件事是在帖子之间需要时间以防止大量垃圾邮件。

于 2009-01-27T20:42:37.663 回答
2

Include a CAPTCHA that is always "orange".

于 2009-01-27T21:30:33.073 回答
2

The spams may be by bots or humans - bots are more likely.

To stop the bots, put in a hidden field populated by Javascript - there is a 99.5% chance that a standard, stupid bot that isn't customised to your site will fail to fill that in.

If they fail to fill it in correctly, give them a message that Javascript is required or something, and give them an opportunity to post some other way (e.g. with a captcha or registration). That way anonymous users who aren't spambots can (mostly) still post with no problems, and most spambots (which haven't been tailored for your specific site) won't.

Don't bother blacklisting IP addresses or using third party blacklists, that will just generate false positives. Almost all bots use the same IP addresses as (some) legitimate users.

Another trick is to put in a text field with a plausible sounding name, which is made difficult to see with CSS - anyone filling this field in with anything is considered to be a bot.

于 2009-01-27T21:32:35.533 回答
2

Advanced solutions:

You can try your luck with non-standard form:

  • fields that must stay empty hidden with CSS
  • fields with misleading names, e.g. <input name=email> for something that is not an e-mail.

For me CAPTCHA is like giving up to spammers and letting them damage your forum anyway – except that instead of spam damage, you get usability and accessibility damage.

于 2009-04-05T15:56:07.703 回答
2

Something I've found to be surprisingly effective: disallow comments that contain too many URLs (more than, say, 5). Since doing that, I've had zero comment spam.

Edit: Since writing the above, I've had recurring comment spam with only one link. I have now added some honeypot fields and have had no commend spam for a few months now.

于 2009-04-05T16:11:51.690 回答
0

在他们回复发送到他们注册的电子邮件地址的电子邮件之前,不要让任何人发帖。您会看到许多论坛和邮件列表会生成一个唯一的电子邮件地址或 Web url,该电子邮件地址或网址会发送到新用户给定的电子邮件地址,他们必须回复电子邮件或单击链接以完成注册。

于 2009-01-27T20:37:08.627 回答
0

Captcha 绝对是最简单的方法——如果你想要一些防 bot 的东西,试试 KittenAuth(虽然这次我有 pandas)

于 2009-01-27T20:52:38.797 回答
0

There is no single answer since Spam is really a matter of economics: how much is it worth it to someone to put their stuff onto the web. There, however, some solutions that seem pretty good

于 2009-01-27T21:30:43.837 回答
0

I want to say that in most time, a CAPTCHA is enough for you to prevent SPAMers. But do use a strong one, like http://www.captcha.net/.

Remember that SPAMers do not want to spend much time to deal with a particular site(except heavy traffic sites), they use a tool to post AD on a lot of sites. So make your FORM a little unusual, (e.g. give the user a image says '1.5+2.4=?' and let users to answer, this will block most of the spam tools :) )

于 2009-04-05T15:49:05.630 回答
-1

The easiest thing I've done to stop spammers with (so far) 100% consistency is to validate the text that was submitted. If you use the php function strstr() to check for "a href" or even a non-clickable http or www, you can then just reroute the spammer elsewhere. I actually have a script then write to my .htaccess file to deny the offending IP address. Not sure if there's any other kind of spam to be concerned about, but links are all I've seen so far.

于 2013-05-09T01:36:09.673 回答