[LRUG] Spammers

David Nolan dave at textgoeshere.org.uk
Tue Sep 9 12:51:57 PDT 2008 

Date: Wed, 3 Sep 2008 21:04:49 +0100

> From: "David Nolan" <dave at textgoeshere.org.uk>
> Subject: [LRUG] Spammers
> To: chat at lists.lrug.org
> Message-ID:
>        <f8cc17d10809031304o6638ec01l57d86511286f5ae at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> I've got a tiny app with a tiny signup form which is attracting spam like
> hungry zombies to Brainsfest 2008 "All The Cerebellum You Can Knaw" Day.
>
> At the moment, the spam is... naive... so identifying it is not the issue.
>
> What I'd like the list's advice on is what to render on spam submission,
> and
> how to implement it.
>
> - normal model validation, non-model spam? accessor, custom
> ActiveController::SpammyMiscreant exception caught in the controller, ...?
> - render http status 500, 404, 200 or something else?
> - if 200, render nothing, a normal form error message, or something else?
>
> How do you do it and why?
>
> Cheers,
> Dave
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20080903/8d97d940/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 3
> Date: Wed, 3 Sep 2008 21:26:46 +0100
> From: "Philip Cowans" <pcowans at gmail.com>
> Subject: Re: [LRUG] Spammers
> To: "London Ruby Users Group" <chat at lists.lrug.org>
> Message-ID:
>        <c3e3391c0809031326q4d3a6c2i8edf820dc8067e66 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2008/9/3 David Nolan <dave at textgoeshere.org.uk>
> >
> > What I'd like the list's advice on is what to render on spam submission,
> and how to implement it.
> >
> > - normal model validation, non-model spam? accessor, custom
> ActiveController::SpammyMiscreant exception caught in the controller, ...?
> > - render http status 500, 404, 200 or something else?
> > - if 200, render nothing, a normal form error message, or something else?
>
> I'd either render a regular 200 response explaining why it has been
> blocked, and ideally giving instructions on how to get support if the
> request is acually non-spam, or a 403 status code with an error page
> containing the same information. The easy way to implement this would
> presumably just be to do an explicit render with a status code in the
> controller.
>
> Phil
>

Thanks Phil.

That's the conclusion I came to. I wondered whether people had experience of
spam arms races where they ended up handling outside the normal validation
methods.

And I really really don't want a captcha.

Cheers,
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20080909/35aede40/attachment-0003.html>

More information about the Chat mailing list