[Hidden-tech] Spammers piggy backing on my website

[Town Websites]

Spam bots will hit every web form they can find , and often.

A simple line of defense is to add a captcha when a registration is
submitted.  You might also make use of an api such as that at StopForumSpam
which lets you check a spam database for probable bad IP addresses; you
could combine the two and only require filling out a captcha for users that
come in from an IP reported for spamming.  If you're finding many of the
spams are coming from the same IP addresses, you can add them to deny lists
for your site.  You can probably also configure your subscription service to
require either your manually approving all accounts before the are
activated, or to require that the user click through the reply email to
activate the account.

Email spam is a separate concern.  To protect your email, you want to make
sure your domain's email SPF records show all IP's where email can
originate, that will help to limit the damage of others spoofing your domain
as a source of email.

Another concern is that you need to keep your site up to date particularly
if you have installed any 3rd party packages - spam bots are constantly
trolling websites to find old versions of well known scripts that have
security vulnerabilities, which will let them take over the site.  Sites
need to be monitored and you should keep any installed packages up to date.
If your site is hacked, your website will probably be used to originate
spamming emails, and that will likely get the server blacklisted - with the
service provider probably considering you responsible because it was your
site that got hacked.

Where you are now sounds like a relatively small problem for which one or
more of the initial ideas can contain the problems at a manageable level.
Good luck!

Charlie Heath
Town Websites


-----Original Message-----
From: hidden-discuss-bounces at lists.hidden-tech.net
[mailto:hidden-discuss-bounces at lists.hidden-tech.net] On Behalf Of
Videatives
Sent: Friday, October 28, 2011 6:35 AM
To: Hidden-Tech Tech
Subject: [Hidden-tech] Spammers piggy backing on my website

   ** Be sure to fill out the survey/skills inventory in the member's area.
   ** If you did, we all thank you.


Hello Hidden Techers,

Has anyone had a problem with spammers piggy-backing on your  
websites?  I have a video library subscription service at www.videatives.com

.
Anyone who wants to can open a 14 day trial subscription.  For the  
pass few weeks I have been getting about six new subscribers who embed  
a message
in their sign-up form about lacy hair wigs.  There is often some  
stylized text about what a good article they found on some website.   
The email addresses look weird
and the password is always "super123."   I have been deleting these  
particular "subscribers" as soon as they come it, but it is like  
cutting off one head of The Hydra.

Currently the problem is more a nuisance, but I worry that some sort  
of spam is being sent out into the world with my web address on it or  
eventually my
website will become corrupted.

Does anyone have ideas about what is gong on, how I can stop it, and  
should I be worried.

Thanks,

George E. Forman
President, Videatives
Amherst, Massachusetts
_______________________________________________
Hidden-discuss mailing list - home page: http://www.hidden-tech.net
Hidden-discuss at lists.hidden-tech.net

You are receiving this because you are on the Hidden-Tech Discussion list.
If you would like to change your list preferences, Go to the Members   
page on the Hidden Tech Web site.
http://www.hidden-tech.net/members