January 21, 2020

Crashing spammers

Nico Sap @NicoJuicy

Every day I had to remove 18 links. I already implemented recaptcha, but it wasn't enough.
When I cleaned up the database today, I had 500 spam accounts.

After the cleanup, 5 new spam posts appeared... So this was enough for me. Time to act.

I decided to take another approach. I saw they filled in all fields at once, which isn't usual in a Reddit like site.

So I added a hidden body field. Which, when filled in, returns an XML-bomb which could lead to a 3GB memory usage. I hope it's overloading most crawlers.

The XML-bomb itselve is called "a billion laughs" and it's returning a self expanding xml-entity. Although some headless browsers could handle it, I hope most spamming crawlers just crash.

I'm awaiting results and going to sleep now.

Update: Tweaked the honeypot method a little bit. Hope it gets results ( i saw spam appearing during the creation of this post)

Loading comments...