Presentation is loading. Please wait.

Presentation is loading. Please wait.

Who: Jake Munson Company: Idaho Power Website: Location: Kuna, ID Attack of the spam bots.

Published byJennifer Freeman Modified over 10 years ago

Similar presentations

Presentation on theme: "Who: Jake Munson Company: Idaho Power Website: Location: Kuna, ID Attack of the spam bots."— Presentation transcript:

1 Who: Jake Munson Company: Idaho Power Website: http://techfeed.net/blog/ Email: yacoubean@gmail.com Location: Kuna, ID Attack of the spam bots

2 What is a spam bot? Any kind of spam that comes in through web forms. Comment spam in blogs Feedback forms Registrations forms

3 How do spam bots work? Automated software Directly attack form processor Cached forms http://www.botmaster.net/ This autosubmitter uses a huge database of forums, guestbooks, wikis and blogs to post messages...its ability to work around most types of 'captchas'. Manual spammers Armies of cheap labor

4 How do you stop them? Remove feedback options Moderation queues CAPTCHA The user has to prove they are human Emerging methods Make the spammer prove they aren't a spammer

5 CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart Please enter the text you see in the image: The Good Can be very effective OCR software has difficulty reading the image Automated-no moderation is necessary CAPTCHA In ColdFusion Alagad Captcha- http://www.alagad.com/index.cfm/name-captcha Lyla Captcha- http://lyla.maestropublishing.com/

6 CAPTCHA The Bad Accessibility problems Captcha is designed to defeat automated screen readers Blind people use screen readers Linux problems Difficult, but not impossible, to run CF based Captchas on headless Linux #1 web design rule: Don't make me think-Steve Krug Captcha is designed to make the user think, which is bad for usability Some Captchas are so difficult the user needs to make multiple attempts Charlie Arehart discusses making Captcha easier http://carehart.org/blog/client/index.cfm/2006/8/17/the_angst_against_captcha s I don't use (Captchas) as a double-key deadbolt lock to keep out intruders, I just use them as a screendoor to keep out random pests

7 Programmatically Identify Spammers Users are innocent until proven guilty. Body of Evidence to Prove Innocence Mouse movement Keyboard usage Empty hidden field is empty Normal time to fill out form 1 or less URLs in form contents Form contents are not spammy

8 Mouse Movement Users move mice, spam bots don't

9 Keyboard Usage Users bang on keyboards, spam bots don't

10 3 Key More Clues The evidence is starting to pile up Empty hidden field is empty Spammers fill out all fields Normal time to fill out form Software is a lot faster than users 1 or less URLs in form contents Spammers like to...well, spam Dave Shuck's idea

11 The Final Straw If all else fails, call in the Dream Team If you want to use any of these ideas, use Akismet http://www.akismet.com/ Similar to virus definitions You send form contents to a web service, it returns true or false Compares form contents to vast database of known form spam Community of web developers contributes to database Extremely accurate

12 If it walks like a duck... Users don't do spammy things Each test is unreliable by itself Many tests together can identify spammers CFFormProtect http://cfformprotect.riaforge.org/ Others are doing it Ben Nadel-http://bennadel.com/index.cfm?dax=blog:405.view Be creative!

13 Questions?

Download ppt "Who: Jake Munson Company: Idaho Power Website: Location: Kuna, ID Attack of the spam bots."

Similar presentations

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.
Using NIMAC 2.0: The Accessible Media Producer Portal NIMAC 2.0 for AMPs.

Using NIMAC 2.0: The Accessible Media Producer Portal NIMAC 2.0 for AMPs.
COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.

COMPUTER MALWARE FINAL PROJECT PROPOSAL THE WAR AGAINST CAPTCHA WITH IMPLEMENTATION OF THE WORLDS MOST ACCURATE CAPTCHA BREAKER By Huy Truong & Kathleen.
Rev. 6.2012 SYBASE ASE: MDA TABLE ASSISTANT Sybase Administration Tools available at: mailto:

Rev SYBASE ASE: MDA TABLE ASSISTANT Sybase Administration Tools available at: mailto:
23-Aug-14 HTML/XHTML Forms. 2 What are forms? is just another kind of XHTML/HTML tag Forms are used to create (rather primitive) GUIs on Web pages Usually.

23-Aug-14 HTML/XHTML Forms. 2 What are forms? is just another kind of XHTML/HTML tag Forms are used to create (rather primitive) GUIs on Web pages Usually.
Concept Proposal for a Third Generation Online Community of Practice Platform By R.A. Dalton, MKMP, Master Facilitator Office Phone (870) 365-7496 (Mon-Fri.

Concept Proposal for a Third Generation Online Community of Practice Platform By R.A. Dalton, MKMP, Master Facilitator Office Phone (870) (Mon-Fri.
Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.

Detecting Bugs Using Assertions Ben Scribner. Defining the Problem  Bugs exist  Unexpected errors happen Hardware failures Loss of data Data may exist.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The Way to Success … Sta rt Sta rt Ak Technologies Mo. +91-94264 50998 | 98253 78685 . Visit.

The Way to Success … Sta rt Sta rt Ak Technologies Mo | Visit.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Bayesian Theorem & Spam Filtering

Bayesian Theorem & Spam Filtering
563.10.3 CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.

CAPTCHA Presented by: Sari Louis SPAM Group: Marc Gagnon, Sari Louis, Steve White University of Illinois Spring 2006.
Brought to you by the UCSB Web Standards Group (WSG)

Brought to you by the UCSB Web Standards Group (WSG)
Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.

Victor Ivanov. Introduction  Definition  Unsolicited bulk messages  Concerns  Server load  Garbage content.
What is a Web log (blog)? Skills: reading and searching a blog IT concepts: blog, subscription, one-to-many communication, wire-frame diagram, permalink,

What is a Web log (blog)? Skills: reading and searching a blog IT concepts: blog, subscription, one-to-many communication, wire-frame diagram, permalink,
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou

Human Computation CSC4170 Web Intelligence and Social Computing Tutorial 7 Tutor: Tom Chao Zhou
How To Open an Email Account Tech Tools Project Joanna Conrad-Pacelli Last Updated: 6/3/11.

How To Open an Account Tech Tools Project Joanna Conrad-Pacelli Last Updated: 6/3/11.
E-Mail Marketing PE: Understand the use of direct marketing to attract attention and to build brand. PI: Explain the nature of e-mail marketing tactics.

Marketing PE: Understand the use of direct marketing to attract attention and to build brand. PI: Explain the nature of marketing tactics.
S ELECTION OF WEB HOST AND WEB PAGE SYSTEM. W EB HOST stores all the pages of your website and makes them available to computers connected to the Internet.

S ELECTION OF WEB HOST AND WEB PAGE SYSTEM. W EB HOST stores all the pages of your website and makes them available to computers connected to the Internet.

Similar presentations

Ads by Google