[vox-tech] Strange web form submissions; regexp to filter?

[Rick Moen]

Quoting Bill Kendrick (nbs at sonic.net):

> I've got 72 examples from 50 IP addresses (all over the board).
> I assume it's people with some kind of virus/trojan.

It's automated comment spam.  The script that generates it puts
gibberish into fields it thinks are likely to be fields for fullname,
and such, and a plausible string in what it thinks is an e-mail address
field, but then puts a fatuous comment like "Nice site!" and then a
spamvertised URL into whatever it thinks is a comment field.

If you get tired of cleaning up after it, require that posters correctly
answer a simple question of your devising, e.g., "What's Jimmy Carter's
first name?", and then discard any submissions that don't include a
correct answer.

Odds are, you'd never even have to update it to ask, e.g., "What's Billy
Carter's surname?", because hardly anyone running a comment-spam script
ever bothers to customise it for any one site.  They just blitz
everything findable that looks like a Web form, and make up any losses
in volume.


> User agents are all over the board, too.

And faked.

> So (1) it's distributed, (2) it's cross-browser and somewhat
> cross-platform (or apparently so).

Rule #1:  Spammer lie.
Rule #2:  Spammers are stupid.  (However, more often than not they're
   using blackbox toolkits written by tolerably competent people.)

It's probably neither cross-platform nor cross-browser.  (See Rule #1.)

Trying to hit that gibberish with a regex is going to be a losing
battle.  Try a different tactic.