Form Spam Redirection

Form Spam Redirection

You may appreciate what I've done with some spammers that have been hammering the contact forms of one site. I normally block the IPs at the country level and that takes care of most of the problem, and the latest script filters catch most of the rest of it. But this one site was on a Windows server so there was no .htaccess file to set up the blocking.

I was deleting most of the spam so it didn't go to the people that process the forms, but last month the submitted form data got to be 22 MB and it was already 13 MB today.

So my first thought was to just exit the script when it flagged the things I have been looking for. What I was doing was changing the subject line and the email list so only I got it. That way I could check for false positives. But most of the spam was always coming in under the same flag and just being deleted in my Outlook right away, so why not just dump it at the server level and not be bothered?

Well, that was a great idea, but then I realized that I could just dump the script "user", or I could send them somewhere else. www.fbi.gov came to mind, but then I had a better idea: Why not just send them back to where they were coming from? They are using dedicated servers or open proxy servers, so what better place than to make them hit the server they are using to bother everybody? While it may not help anything, there is a chance that the web server operators may see the increased traffic and investigate just what the heck is going on with their server "pining" itself over and over again.

So the script has been modified so that if it is a spammer, they are redirected back to their own IP address. And just now I got the idea that maybe I should change that and send them to 127.0.0.1, which would be the devfault for whatever system they are on.

What I was thinking is that if there is a web site on the server that is being used, it would take them to that default address on the server and not whatever IP they are using. That is, if they go back to their own IP and there is nothing there to access from the outside, the traffic may not be noticed. But if there is a default web site there assigned to 127.0.0.1, then it may register a hit on the web server... Well, I'll leave it like this for now and see how it goes.