📜 ⬆️ ⬇️

A look at modern web forms spam protection systems

What will be discussed

Probably never stop fighting people who want to put down their links or something to advertise, with people who do not want to see in their comments or on forums “left advertising” and sometimes even “right”.

Like someone who in the past has spent a lot of time developing web form spam tools. I would like to dwell on the points that many authors miss while agitating for this or that method of protection.

Repeatedly, similar topics were raised at various resources, but all the articles that came to my eyes were written by people on the other side of the barricades.

A small historical excursion

Many years have passed since botmaster released its famous XRumer . At that time it was a real revolution in spam technology, spam has moved to the industrial level.
Automatic recognition of captchas (at first, the simplest, and then quite complex), activation of accounts by email, the ability to engage in dialogue with himself, the hooper, who allows you to quickly assemble the necessary forum databases, work in hundreds of streams - all this justified the rather high price of this software product. Moderators of forums, guestbooks, and later blogs, cleaned out tons of spam, and sometimes even banned the registration of new users ...

I will not advertise the hrumer, but it was a truly revolutionary and unique product in its class (the word was not entirely appropriate, since it is actually relevant at the present time).

Black SEO of those times mainly consisted in competent running of untwisted resources on the correct bases of forums and guest pages. Very often, such simple actions led to amazing results.

Protection of the forums, guestbooks and blogs of those times was at a rather primitive level, at best they were simple captchas, and often the protection was completely absent ...

The public response was the development of methods to combat malicious software. Of course, even before the hrumer there was software for spam and remedies, but it was with the advent of this software that this problem became particularly relevant.

Modern methods to combat spam web forms

How spammed resources on which the above described methods of protection are established


Finally, I would like to summarize and summarize all of the above in a comparative table.
Method or service protectionVirtuesdisadvantagesThe possibility of hacking
Captcha Picture
  • It is easy to install, for most CMS there are several built-in types of captcha-pictures + many plug-ins for working with the reCAPTCHA service.

  • Many types of modern captcha-pictures of captchas are hard to recognize even if you are not a robot.

  • Recognized using OCR or special services such as antigate.

Text captcha
  • There are implementations for many CMS and it’s not difficult to make yourself; you can customize your own question-answer dictionary.

  • There are no particular shortcomings, apart from the risk that the person also does not know the answer to the question you raised.

  • Hacked on the basis of compiled for popular resources, updated database included in the kit hrumer.
  • You can also organize recognition by third parties.

Captures on JS
  • Most modern spam programs do not know how to bypass such protection.

  • There are no particular drawbacks, but testing in different browsers is necessary, since some moments of JS are executed by different browsers in different ways.

  • Easy to manage with a managed browser.

Captcha tricks in server side view
  • You can implement your cunning algorithm.

  • The effectiveness of protection with the correct operation of the bot is questionable.

  • Easy to manage with a managed browser.

  • Able to "transparently" catch a significant part of spam in the comments.

  • Unable to protect registration forms, or any other arbitrary forms.

  • With the help of a managed browser and not very aggressive behavior of the bot, you can spam.

  • Able to "transparently" catch a significant part of spam in the comments.

  • Not universal, suitable only for comments in blogs.
  • Comments of readers cease to be part of the content of your site from the point of view of a search engine.

  • With the help of a managed browser and not very aggressive behavior of the bot, you can spam advertising messages.

  • Very fun for users.
  • Provides maximum protection from bots at the moment.

  • Quite large in size.
  • While there are few plugins for CMS, and the class for universal connection is only in PHP.

  • Having studied the mechanism of work, I think that automatic recognition or transmission to third parties is very problematic.

Source: https://habr.com/ru/post/107286/

All Articles