Spam & Fraud Prevention


Objective: we want to prevent spam send from our contact form.

Let’s look at the problem a little closer. What kinds of spam are there?

1. Messages send from a bot issuing direct http requests

How the prevent this:

Using javascript and/or css detectionn should be pretty successful to kick this kind of bots out. For javascript prevention we could make the client to submit  the result of an artithmetic expression ( easier to crack ) or dom manipulation back to us.

2. Messages send from a bot automating the browser

How to prevent this:

Since these bots are using full blown browser they can’t be beaten with javascript tricks, because they have this. The impact isn’t that big, because using the browser they could probaly just send about 10 Emails per minute opposed to a couple hundred or thousand if sending direct http requests. However 10 Emails per minute isn’t that little.  What to do:

One Idea would be to measure time needed to submit a form. It is less than 10 seconds – kick it, its a bot.

3. Spam send by real people

This is the hardest one to beat, it is actually unbeatable.  The only think you can do to display captcha with increasing number of characters to type for each sent email. So if someone sends 5 Emails it would be OK,  but after 10-15 Emails it is going to get slower and slower for him.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: