a minor technicality

neil dixon’s blog

RSS2.0 Feed

Blocking spam registrations with name fields

Published by neil on June 13th, 2008

screenshot_01.jpgBritcaster.com - the original home of the Uk’s podcaster community - still ticks over in a lazy backwater of the internet receiving a handful of new show registrations each week. It also receives twice as many spammer registrations - but not any longer.

Spammers use any and all online forms in an attempt to create a link to their website(s) from as many places on the internet as they can manage. If you are puzzled as to the reason, it is all about the battle to show up higher on search engines by manipulating one of the most important factors: the number of sites that link to yours.

In the past, most of these bogus form submissions and site registrations were automated. Coded ‘bots’ are sent out to scour the internet, following links, seeking suitable forms, filling out the details, and submitting the false data. There are relatively easy to block through the use of CAPTCHA images - those slightly obscured letter and number combinations you so frequently see on registration forms these days. There are other techniques to help prevent automated submissions, but recently there has been a marked increase in the umber of real human submissions. These, of course, are a great deal harder to block.

Clearing out the spammer registrations at Britcaster over recent months, I started to notice a trend and monitored how the submission were being made. This provided a very straightforward to block every spam submission, without the need for CAPTCHA images or clever javascripts, images, or complex coding under the hood.

What I spotted

The registration form has two fields for the registrant’s name: Firstname, and Surname. In every single spam registration the spammer placed an identical name in both of those fields. The solution was to look at those two fields, and if they matched, block the form submission! Couldn’t be easier and spammer registrations have reduced to zero. One important consideration is when you find the matching name fields, do not present a validation error explaining the problem, simply cut off the form submission with some kind of obscure, fatal error.

There is a flaw in this, of course. I’ve now posted about this and if word spreads, it may get picked up by spammers and they change their tactics. But I’d rather take that risk and spread the word about this very simple technique to thwart their efforts for at least a little while.

Tags: , , ,
Posted in TechGeek |

Related Content

One Response to “Blocking spam registrations with name fields”

  1. Natalie Ford Says:
    June 13th, 2008 at 10:56 am

    What happens if someone is really called a name with the same surname? It does sometimes happen, especially with Deed Poll name changes…

Leave a Reply

Comments for this post will be closed on 10 December 2008.

COMMENT APPROVAL POLICY: Please use a genuine name and email address for your comment. Please use your real name, not SEO keyword text. Please limit any outgoing links in your comment to a maximum of ONE, which should not be the same as you entered URL in the form. Please be considerate to other commenters. Please be relevant to the blog post and contribute to the discussion. Blatant link generation comments (we get a lot of those!) will be deleted. LICENSE By submitting a comment here you grant this site a perpetual license to reproduce your words and name/web site in attribution. Your comment may be edited or removed by a site admin if deemed necessary.

 

 

© NeilDixon 2006-2008. All rights reserved.