2
4 Comments

Crashing spammers

Every day I had to remove 18 links. I already implemented recaptcha, but it wasn't enough.
When I cleaned up the database today, I had 500 spam accounts.

After the cleanup, 5 new spam posts appeared... So this was enough for me. Time to act.

I decided to take another approach. I saw they filled in all fields at once, which isn't usual in a Reddit like site.

So I added a hidden body field. Which, when filled in, returns an XML-bomb which could lead to a 3GB memory usage. I hope it's overloading most crawlers.

The XML-bomb itselve is called "a billion laughs" and it's returning a self expanding xml-entity. Although some headless browsers could handle it, I hope most spamming crawlers just crash.

I'm awaiting results and going to sleep now.

Update: Tweaked the honeypot method a little bit. Hope it gets results ( i saw spam appearing during the creation of this post)

  1. 1

    I am curious about your XML-bomb technique. Can you elaborate? For example, when you say "it's returning a self expanding xml-entity", do you mean after the form is submitted? Or while it's still being filled out?

    1. 1

      The XML bomb happens when the form is submitted in an "incorrect way". Eg. with a hidden field or when a link or a text is submitted ( which doesn't make sense for the use-case).

      About the actual file:
      https://www.soapui.org/docs/security-testing/security-scans/xml-bomb

  2. 1

    Update: The spam crawler didn't fill in the hidden field and had a workaround for recaptcha.

    The Honeypot method was tweaked with checking if all fields were filled in ;

    • Title
    • URL
    • Tags
    • Value

    It's not logical to fill in all at once and it's warned against it.

    Currently it's good enough, not perfect.

  3. 1

    Update: It seems the XML-bomb is working. No more spam messages on my Reddit like site and lower traffic currently.

    My current guess is that they tried to add +/- 10 posts, which would lead to a max of 30 GB. memory usage after a while. Their server had probably far lower specs.

    I will monitor it the next few days and pray they won't implement a workarround.

Trending on Indie Hackers
How I grew a side project to 100k Unique Visitors in 7 days with 0 audience 49 comments Competing with Product Hunt: a month later 33 comments Why do you hate marketing? 29 comments My Top 20 Free Tools That I Use Everyday as an Indie Hacker 17 comments $15k revenues in <4 months as a solopreneur 14 comments Use Your Product 13 comments