There are a few general classes of attack in this arena. One would be the “room full of poorly-paid people”. This is fundamentally impossible to defend from.
Another would be the automated Perl script. If the attackers are going this route, changing the filename of the handler will only affect them once. They’ll circle back, re-read your form page to find the new handler name, and hammer at it again.
These automated attacks are susceptible to Tim’s “honeypot” spam trap, though. Basically, it presents a supernumerary field in the form that looks like you ought to put some data in it, but then it hides that field from view of normal users. The upshot is that if the handler sees that field empty, it considers that a human filled it out, but if a value is present in that field, it realizes that it’s probably spam and kills it.
If you just changed the form to include the honeypot trap, then I would give this another day or so and see if it settles down. Also look carefully at the IP addresses that have been captured by the script. See if there’s a pattern to them, or if they are from all over the place. If you see a pattern, like a group of attack messages that are all from the same address, or addresses that are the same up to the last segment, then your ISP can block those addresses from reaching your server at all.
Remember, even a CAPTCHA cannot defeat the room full of people attack.
If you’re being spammed by a really clever bot (one that recognizes and side-steps Tim’s clever land mine), then there’s nothing at the easy Action level that you can do about it. (Yes, Mike’s easibase Action is fairly easy to include in your page, but it requires a server-side component that is anything but easy – and in some cases, impossible due to hosting provider policy – to install.)
Your options in this arms race are to do nothing (sort through the crap manually), do what you’ve already done (which will get rid of automated abuse), or go the extra mile and install a CAPTCHA, either using Milke’s Action and server component or by hand-coding in reCAPTCHA or another free service.
Walter
On Jan 18, 2012, at 5:26 AM, James Mansell wrote:
Basically is there a simple way of me getting around this i.e. Re-generating the form but just giving it a generic file name. Could it be the current file name that the spammers have picked up on? This competition only has 2 weeks left to run so I just need to get by until then.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options