You just deployed your snazzy new Web 2.0 + friendship bracelets site, with social networking, tagging and an Open API all rolled into one.
Within a few short days, webform spammers have already written custom scripts for your site and begun gumming up your new friendship bracelet machinery with agloco spam.
For signing up new users, you might use something like Simple Captcha to ensure a human is driving the wheel.
But user-generated friendship bracelet submissions, obtained from the general public, is the bread and butter of your app. You decide to leave it Captcha-free, as adding a captcha to this process proved to reduce valid submissions by 30%.
Hitting Spammers Back with the Goatse-bomb
Install the DNSBL_check plugin:ruby script/plugin install http://www.spacebabies.nl/svn/dnsbl_check
Add the before_filter to the controller/action pairs you want to protect:
class SubmitController before_filter :dnsbl_check, :only => [:new, :create] ... endOpen up vendor/plugins/dnsbl_check/lib/dnsbl_check.rb and find this line:
render :text => 'Access denied', :status => 403Replace it with this one:
redirect_to 'http://goatse.cz/'
Checkin, deploy to production …
... And just imagine the look on the faces of your beloved spammers:
Note: the above exercise was for educational and entertainment purposes. Obviously most spammers use bots and might never see our lovely goatse redirect, but just in case they pop in to see why their spam isn’t getting through. :)
Yet Another Rails Blog is brought to you by 
Cool, thanks. I can use this. Incidentally, I still can’t use your fsxtrader application. Not in Ubuntu and not in Fedora Core, either. I get the same error I reported in your fsxtrader announcement post (and would have posted this there but the comments are off.)