Finding Hidden Text

LordRogaine

I am having problems with spammers from Russian and Nigeria who are spamming my members with their yahoo and hotmail email addresses. I have programs in place that identify the email messages that contain certain key words such as "yahoo" or "hotmail". The problem is that these spammers are aware of it and try to hide these words by writing them like this in their messages

y_a-h_o-o or (yahoo) or ya-H_o-o

Is it possible to write some code that would identify a word that is hidden the way I showed here?

Thanks in advance,
Lord Rogaine

Bunkermaster

well you could create a function stripping all non alphabetic characters from a string and work on its return.

function degiber( $mystring ){
    $workstring = strtolower( $mystring ); 
    $returnstring = '';
    for( $i = 0 ; $i < strlen( $mystring ) ; $i++ ){
        $currentindex = substr( $workstring , $i , 1 );
        if( chr( $currentindex ) >= chr( 97 ) &&  chr( $currentindex ) <= chr( 122 )){
            $returnstring .= $currentindex;
        }
    }
    return $returnstring;
}

dirty code, am tired.

bradgrafelman

Or a one-liner:

$degibered = preg_replace('/[^a-z]/', '', strtolower($mystring));

Note that also strips out spaces.

NogDog

I might do something like:

$badWords = array(
   '/yahoo/i',
   '/hotmail/i',
   '/gmail/i'
);
if(preg_match($badWords, preg_replace('/[^a-z\d\s]/i', '', $text)))
{
   // found a "bad word"
}
else
{
   // seems to be OK
}

LordRogaine

Thanks everyone for the help! Greatly appreciated.

bradgrafelman

So... does that reoslve your issue? If so, don't forget to mark this thread resolved.

big_nerd

I would use: $text = preg_replace('/^{\w/','',$text);}

I think I have that right? (\w = alphabetic)

big.nerd

bradgrafelman

Except that you'd want to enclose that in a character class so the '^' becomes a negation operator instead of a start-of-string operator.

Also, \w ("word character") includes numbers and underscores.

MarkR

How are they spamming your members? Presumably through your web site.

The trick is to make it sufficiently difficult for them to spam your members in an automated fashion (e.g. a CAPTCHA or something) that they won't bother.

Most spammers use incredibly lame robots that are defeated by the most trivial human checker.

Do you record the IP address of each message that's sent? You could place limits per day per IP, forcing the spammers to change their IPs.

If they are using public proxies, you could probably detect that (using some public proxy list service) and block those IPs from posting messages at all.

If they are all from the same netblock(s), you could blacklist those specific netblocks while affecting few legitimate users.

If they need to register to post messages, you could insist on email verification, then deactivate their accounts each time you detect this, forcing them to expend effort registering and activating new accounts (which they probably won't bother).

You could also place per-user limits on messages (particularly for recently created users).

You could have various types of auditing so that you could detect spam users and deactivate them.

Deactivated users who have sent spam could have their existing messages deleted.

If you are sending these people emails, you could hold them in an approval queue for a while, and have someone manually authorise them (provided they've got sufficient time to do this on legit messages) - give them tools so that they can easily do a bulk delete from a particular sender.

Mark