Stop forum (and blog) spam

[faceless]

This is a potentially useful site if you have a site or blog, but I've a feeling it could be used nefariously if the right checks aren't done...

http://www.stopforumspam.com/

[major.tom]

That looks interesting, but it's basically an e-mail blacklist, right? So it wouldn't be useful until an e-mail has been added, unless I'm mistaken.

What I do on my (personal) site (without forums) is the following:

• create a hidden link somewhere on my site
  
• reference the hidden link in robots.txt (bad robots will ignore it or possibly even use it as a list of interesting places to poke around)
  
• create a Rewrite rule for the elicit location
  
• anyone (read anything poking around there gets blacklisted for a set time (3-7 days)
  

This requires linux + apache + iptables.

The cool thing about this is that it traps web crawlers who don't obey robots.txt, but can't affect the casual user. This is what's known as a "sticky honeypot".

[faceless]

I got to it through an ip check on someone who registered recently. It smelled suspicious, so a bit of a check showed that it was the same person who'd spammed some other site, using two different emails.

I like your plan there with how you do things. I saw something like it last year with a guy who was protecting the identity of some blogger. He knew who it was, so put a honey-pot in that checked for anyone using the blog alias and the person's real name in a search. When someone put the real person and alias together, he knew the game was up...

[major.tom]

The heavy lifting (blacklisting) comes largely from an open source script (DAVBlack).

the link:

[faceless]

This was the ip of someone who signed up tonight - the username and email combination set my spidey senses tingling and bingo!