0

I am running a LAMP web app where registered users can post classifieds, similar to craigslist. Recently I discovered that there seems to be a bot which is frequently posting fraud classifieds and I somehow can not get hold of it. The bot seems to only do a form post as the tracking log does not show any "thank you page" after posting or "entry page" before posting:

enter image description here

The PHP file that posts the classified verifies for certain keywords (similar to spam assasin) and by using the browser to create classifieds one can not create any with the text he is posting.

I am wondering how I could prevent him from posting. There is captcha, email and even SMS verification before he get's an account but once he has a verified account there is no captcha anymore but text recognition which somehow failes.

What would be a good strategy from preventing the bot from posting again? I seem to run out of options.

merlin
  • 2,717
  • 3
  • 29
  • 59
  • 1
    Can you see what IP address they're posting from? Maybe an IP blacklist would be a start? – dearsina Mar 04 '19 at 11:13
  • Prefer this https://stackoverflow.com/a/9516847/2249229 – Pankaj Dadure Mar 04 '19 at 11:30
  • can you try google captcha or blacklist the ip ranges that causes the issue – Nancy Moore Mar 04 '19 at 11:48
  • The form key method seems to be a good start. I am doing ip blacklisting and many other things which magically somehow do not work for this bot. E.g. text recognition. It is a miracle to me how he can bypass that one. – merlin Mar 04 '19 at 12:14

0 Answers0