GitLab

Overview

While dirtroadcentury.com uses Recaptcha to prevent spam, some clever bastards have figured out how to get around it. As a result, our Slack channel, and my personal email, is getting blown up with spam messages creating a bunch of noise that drowns out legitimate Contact Us requests.

Quick and Dirty Solution Proposal

Since the majority of the spam is caused by two sources, and are relatively similar, we should be able to cut down on the amount of spam by checking for various key words and email address when validating the form.

This can be done in a couple different ways. The ideal way would be writing a form validator that checks the sender of the message, and the body of the message for contents similar to known spam messages and email addresses, and fail the validation accordingly. We could just quickly filter out spam directly from the routes.py file, but I would prefer to have a proper validator to keep the routes.py file clean.

Spam Examples

Here are some screenshots of the typical spam I see coming through.

A few details to note:

• Eric Jones spam is always similar, and always comes from an email that contains that name.
• Some spam uses the Name field to contain all of the spam message. Having a length limit on this field could be useful.

Documentation Resources

Flask WTForms: https://flask-wtf.readthedocs.io/en/0.15.x/
Custom Form Validators using WTForms: https://wtforms.readthedocs.io/en/2.3.x/validators/#custom-validators