Wednesday, September 26, 2007

Cyberspider Crap-of-the-Day Bot Award

No clue what this spider does as it only asked for my home page but I know what it doesn't do, it doesn't ask for robots.txt.

Here's the 411 on this bad bot:

81.56.161.126 [veigy.globalitsolution.com.] requested 1 pages as "cyberspider"
These crappy crawlers just keep coming...

Double iPod Storage with iDoubler from Analog Magic

Found out an old friend of mine who's a real smart guy wrote some cool software to compress music files on an iPod. This iPod software tool of his called iDoubler uses some real high tech audio analysis processing to reduce the size of MP3 files and others in half, without compromising quality, thus doubling the amount of storage on your iPod or other music players.

Most of the music stored on my Zen is in MP3 format so even if I didn't put twice as many songs on the Zen, using iDoubler would cut the upload time in half.

Anyway, I just thought that it would be worth mentioning iDoubler for the rest of you out there that may, like me, still have a music player with 5GB or less so we can jam yet more into our old trusty music players until prices and sizes drop on those fancy 30GB devices.

Tuesday, September 25, 2007

CONTACT US Form Spammers STILL STUMPED!

It's been about 2 months since I implemented my last anti-spam form submit code and surprisingly the spammers were stopped dead this time and don't seem to have a clue how to get around it.

Without giving away all the secrets so the little pecker heads don't read this and figure it out, it's a combination of javascript in the browser and some server side tracking algorithms that seem to be able to detect the spam scripts very accurately.

Looking at my log today the spammers may have just given up on my site because the ton of failed posts no longer appears.

Here's a few highlights of the last anti-spam patch:

  • No captcha that a human must type as the javascript itself is the captcha
  • Browser and user agent validation
  • Data center blocking
  • Behavior profiling
The cute thing with the javascript captcha code is that it automatically builds a series of letters in a value that's posted back to the server. Each time something is entered into a field, meaning a human manually typing in a name, email address or comment, the javascript code adds another letter to the internal captcha string. Basically how it works is the human entering data into the form automatically creates the captcha answer returned as a form value.

The way the javascript is written it's nothing that happens the exact same way twice and the results are always different so I'm sure they gave up trying after a bit because the first wrong answer submitted and I froze the form from being used again. This stopped the spammers from hacking at the code as one wrong move and they were locked out for 24 hours before they could attempt it again.

Unfortunately, I might've locked out a couple of humans with javascript disabled as well but I can't tell as the volume of form submissions looks normal, no obvious decline, and the page clearly states that javascript must be enabled in order for the form to work.

I think a few minor casualties are acceptable for my peace of mind and less work cleaning up spammers messes.

Bye bye spammers, nice know'n ya!