Get answers quicker by searching

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

  • Ben September 2016
Spambot subscribes with hex numbers in name field
  • Note: I have searched the troubleshooting page and the forum and have actually applied some of the suggestions I've seen, but the issue still persists...

    For the last few months I've been getting a ridiculous number of spam subscribers to several of my brand's lists. The email addresses look valid, but the name fields are filled with hex numbers that look like this: 57cf006e6e796. We are using the latest version of Sendy and all the lists are double opt-in, by the way (we only allow double opt-in with our clients).

    I've been trying out ways (see below my sign-off) for the past few weeks to combat this with one list in particular, to no avail -- I'm still seeing a ton of Unconfirmed subscribes in the list with a hex number in the Name field.

    Interestingly enough, when I test the form myself and put a hex number that starts with 57 in the name field, my deterrent in the code appears to work, as that email address does not then show up in the list as Unconfirmed, and no opt-in email is received. So why am I still getting a ridiculous number of these clearly bogus hex-number-in-name-field-but-valid-looking-email-address subscribes? My complaint rate at Amazon has gone up and I am now on probation, and I've eliminated all other possibilities for having caused the complaints -- it has to be from these bogus subscribes!

    Help, please! What can I do??

    Thank you, Abi B.


    Here is what I've been trying out for the past few weeks....

    The form in my subscribe-form.php file has a hidden field ( input type="text" name="url" )

    And here is my subscribe.php file:

        //-------- This file is the form action called upon for all forms that need to subscribe to this list --------//
    //INCLUDE VARIABLES
    include ("sendy-variables.php");
    
    if (strpos($name, '57') === 0) {//is this a spammer with the string pattern we've been seeing at the start of the name field?
        //Skip the script and send the spammer to the success page (as a decoy)
        header("Location: $success_url");
    
    }else{ //now check for other spammers
            if(isset($_POST['url']) && $_POST['url'] == ''){//if the hidden url field is empty, then form hasn't been filled out by spambot and we can run the script
    
                //If no name is entered on the subscribe form, the instructional field text will be replaced with blank before submission
                if($name=='Your Name (not required)' || $name=='')
                {
                    $name='';
                }
    
                //Collect all variables and submit for subscription
                $postdata = http_build_query(
                    array(
                    'api_key' => $your_api_key,
                    'list_id' => $list,
                    'name' => $name,
                    'email' => $email,
                    'list' => $list,
                    'boolean' => 'true'
                    )
                );
                $opts = array('http' => array('method'  => 'POST', 'header'  => 'Content-type: application/x-www-form-urlencoded', 'content' => $postdata));
                $context  = stream_context_create($opts);
                $result = file_get_contents($your_installation_url.'/subscribe', false, $context);
                $result2 = file_get_contents($your_installation_url.'/api/subscribers/subscription-status.php', false, $context);   
    
                //check result and redirect
                if($result=='Invalid email address.'){ 
                    header("Location: $invalid_url");
                }elseif($result=='Already subscribed.'){//redirect to dynamic on-list page (display will depend on on-list status)
                    header("Location: $alreadyonlist_url?status=$result2");
                }elseif($result){
                    header("Location: $success_url");
                }else{
                    header("Location: $fail_url");}
    
            } else {//otherwise, send the spambot to the success page (as a decoy)
                    header("Location: $success_url");
                    }
    
    }
    
  • 1 Comment
  • Vote Up0Vote Down BenBen
    Posts: 3,489Sendy support

    Hi,

    why am I still getting a ridiculous number of these clearly bogus hex-number-in-name-field-but-valid-looking-email-address subscribes?

    It's hard to explain or pinpoint why your form is being targetted by spam robots.

    To combat this, use some sort of CAPTCHA in your sign up form to deter these robots.

    Best regards,
    Ben

This discussion has been closed.
All Discussions