Adverts on my message board

Write code to filter the spam ....

If you can post the code for spBoardPost.asp, one of us will probably be
able to do it for you if you can't.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"PW" <pw***@SPAMbigpond.net.auwrote in message
news:uc**************@TK2MSFTNGP03.phx.gbl...

>
Hi,

I'm an amateur ASP programmer using ASP, VBScript, IIS and IE.

On one of my websites (www.usaus.org) I have started getting lots of

adverts

on my message board. Things like free ringtones, used car sales,
pharmacuticals, etc.

I delete them from time to time but its obvious now that my site is
targetted by somebodies robot.

Is there anyway to stop this?

TIA,
PW

"Steven Burn" <so*******@in-time.invalidwrote in message
news:eu**************@TK2MSFTNGP05.phx.gbl...

Write code to filter the spam ....

If you can post the code for spBoardPost.asp, one of us will probably be
able to do it for you if you can't.

Hi Steven,

Thanks for your reply. No problem posting the code as it belongs to a
public domain message board called simply 'ASPBoard'. I picked it up
somewhere, probably PSC.

How would you go about filtering the spam ? By individual domain or
something?

TIA,
PW

Code below ...

--------------------------------------------------
aspBoardPost.asp
--------------------------------------------------
<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer=True%>
<!--#INCLUDE FILE="aspBoardFunctions.asp"-->
<HTML>
<HEAD>
<%
Dim lngNewId
Dim strMsgLabel
Dim strTitleLabel
Dim strHeaderString
Dim strDetailString

If Request("author_nameStr")<"" Then
With Response
.Cookies("postName") = Request("author_nameStr")
.Cookies("postName").Expires = DateAdd("yyyy",1,Date)
.Cookies("postEmail") = Request("author_emailStr")
.Cookies("postEmail").Expires = DateAdd("yyyy",1,Date)
.Cookies("postUrl") = Request("author_urlStr")
.Cookies("postUrl").Expires = DateAdd("yyyy",1,Date)
End With
strDetailString = Request("detailStr")
If Request("incOrig") = "yes" Then
strDetailString = strDetailString & aspCrLf & " In response to: " &
aspCrLf & Request("origMsgStr")
End If
lngNewId = AddResponse(Request("msgId"), Request("headerStr"),
strDetailString, Request("author_nameStr"), Request("author_emailStr") & "",
Request("author_urlStr") & "")
Response.Redirect "aspBoardDetail.asp?Id=" & lngNewId
End If

If Request.QueryString("Id") 0 Then
strMsgLabel = "Your Response"
strTitleLabel = "Post a Follow-Up to:"
Else
strMsgLabel = "Your Message"
strTitleLabel = "Post a new thread"
End If
%>
<TITLE><%=abTitle%>&nbsp;<%=strTitleLabel%></TITLE>

</HEAD>

<%
If abBGImage="" Then
If abBGColor <"" Then
Response.Write "<BODY BGCOLOR=""" & abBGColor & """>"
End If
Else
Response.Write "<BODY BACKGROUND=""" & abBGImage & """>"
End If

strHeaderString = GetHeaderString(Request.QueryString("Id"), 0)
%>

<CENTER>
<%=GetTitleString%>
<h4><font face="<%=abFont%>"><%=strTitleLabel%><br>
<a href="aspBoardDetail.asp?Id=<%=Request.QueryString ("Id")%>">
<font color="#ff0000"><%=strHeaderString%></font></a></h4>
</CENTER>

<%
Dim adoRs

strSql="SELECT * FROM msgDetail WHERE msgId = " & Request.QueryString("Id")
Set adoRs=Server.CreateObject("ADODB.Recordset")
adoRS.Open strSql, adoConn, 1

If strHeaderString <abDefaultHeader Then
strHeaderString = "RE: " & strHeaderString
End If

%>

<center>
<table width="80%" cellpadding="2" cellspacing="2" border="0">
<form method="post" action="aspBoardPost.asp" id="postForm" name="postForm"
LANGUAGE="javascript" onsubmit="return Submit_onclick()">
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your Name:</b></font></td>
<td><input id="author_nameStr" name="author_nameStr" type="text"
size="24" Value="<%=Request.Cookies("postName")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your Email:</b></font></td>
<td><input id="author_emailStr" name="author_emailStr" type="text"
size="24" Value="<%=Request.Cookies("postEmail")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your URL:</b></font></td>
<td><input id="author_urlStr" name="author_urlStr" type="text" size="24"
Value="<%=Request.Cookies("postURL")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Subject:</b></font></td>
<td><input id="headerStr" name="headerStr" type="text" size="48"
value="<%=strHeaderString%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>"
size="-1"><b><%=strMsgLabel%>:</b></font></td>
<td><textarea cols="48" rows="5" name="detailStr"
id="detailStr"></textarea></td>
</tr>
<%If Request.QueryString("Id") 0 Then%>
<%If abIncOrigMsg = True Then%>
<tr><td colspan="2">&nbsp;</td></tr>
<tr valign="top">
<td>&nbsp;</td>
<td><input type="checkbox" name="incOrig" Value="yes" CHECKED>
<font face="<%=abFont%>" size="-1"><b>Include original message in
response?<br></td>
</tr>
<%End If%>
<tr><td colspan="2">&nbsp;</td></tr>
<tr>
<td>&nbsp;</td>
<td><font face="<%=abFont%>" size="-1">Posted by
<%=adoRs.Fields("author_nameStr").Value%>&nbsp;on& nbsp;<%=FormatDateTime(adoRs.Fields("msgTime").Val ue,
1)%>&nbsp;at&nbsp;<%=FormatDateTime(adoRs.Fields(" msgTime").Value,
3)%></font></td>
</tr>
<tr>
<td valign="top"><font face="<%=abFont%>" size="-1"><b>Original
Message:</b></font></td><td><textarea cols="48"
rows="<%=GetRows(adoRs.Fields("detailStr").Value)% >" id="origMsg1"
name="origMsg1" disabled><%=ReplaceQuotes(adoRs.Fields("detailStr" ).Value,
0)%></textarea></td>
</tr>
<input type="hidden" id="origMsgStr" name="origMsgStr"
value="<%=adoRs.Fields("detailStr").Value%>">
<%End If%>
<input type="hidden" id="msgId" name="msgId"
value="<%=Request.QueryString("Id")%>">
<tr>
<td colspan="2" align="center">
<input type="submit" value="Post Message" Name="Submit">
</td>
</tr>
</form>
</table>
<br>
</center>
</BODY>
</HTML>

<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--

function Submit_onclick() {
//check for client side (form) validation

if (Form_Validate() == true) {
return true;
} else {
return false;
}

}

//-->
</SCRIPT>

<SCRIPT Language="JavaScript">

function Form_Validate() {

if (document.postForm.author_nameStr.value==""){
alert("[Your Name] cannot be blank");
return false;
}

if (document.postForm.author_emailStr.value==""){
alert("[Your Email] cannot be blank");
return false;
}

if (document.postForm.detailStr.value==""){
alert("[Your Response] cannot be blank");
return false;
}

return true;
}
</SCRIPT>

Typically, the aspboard.com website no longer exists apparently.

Going on the code you've posted, the function we need to modify
(AddResponse) appears to be located elsewhere (probably the
"aspBoardFunctions.asp" include file).

lngNewId = AddResponse(Request("msgId"), Request("headerStr"),
strDetailString, Request("author_nameStr"), Request("author_emailStr") &

"",

Request("author_urlStr") & "")

The filter will simply involve blocking the use of;

<a
[url
://

The latter of the three (will block all posts with http://, ftp:// etc) can
be avoided if posting URL's is something you want to keep, by modifying the
code to display the URL as text, rather than a hyperlink (about the only way
to keep URL's and not help the spammer at the same time as filtering by
domain, IP etc, is pointless)

If you can send me* a zipped copy of the aspboard files (original's if
possible), or post the AddResponse function, I'll do the modifications for
you and post them here.

If sending them, please send them to;

files /at/ it-mate /dot/ co /dot/ uk

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"PW" <pw***@SPAMbigpond.net.auwrote in message
news:Ok**************@TK2MSFTNGP03.phx.gbl...

>
"Steven Burn" <so*******@in-time.invalidwrote in message
news:eu**************@TK2MSFTNGP05.phx.gbl...

Write code to filter the spam ....

If you can post the code for spBoardPost.asp, one of us will probably be
able to do it for you if you can't.

Hi Steven,

Thanks for your reply. No problem posting the code as it belongs to a
public domain message board called simply 'ASPBoard'. I picked it up
somewhere, probably PSC.

How would you go about filtering the spam ? By individual domain or
something?

TIA,
PW

Code below ...

--------------------------------------------------
aspBoardPost.asp
--------------------------------------------------
<%@ Language=VBScript %>
<%Option Explicit%>
<%Response.Buffer=True%>
<!--#INCLUDE FILE="aspBoardFunctions.asp"-->
<HTML>
<HEAD>
<%
Dim lngNewId
Dim strMsgLabel
Dim strTitleLabel
Dim strHeaderString
Dim strDetailString

If Request("author_nameStr")<"" Then
With Response
.Cookies("postName") = Request("author_nameStr")
.Cookies("postName").Expires = DateAdd("yyyy",1,Date)
.Cookies("postEmail") = Request("author_emailStr")
.Cookies("postEmail").Expires = DateAdd("yyyy",1,Date)
.Cookies("postUrl") = Request("author_urlStr")
.Cookies("postUrl").Expires = DateAdd("yyyy",1,Date)
End With
strDetailString = Request("detailStr")
If Request("incOrig") = "yes" Then
strDetailString = strDetailString & aspCrLf & " In response to: " &
aspCrLf & Request("origMsgStr")
End If
lngNewId = AddResponse(Request("msgId"), Request("headerStr"),
strDetailString, Request("author_nameStr"), Request("author_emailStr") &

"",

Request("author_urlStr") & "")
Response.Redirect "aspBoardDetail.asp?Id=" & lngNewId
End If

If Request.QueryString("Id") 0 Then
strMsgLabel = "Your Response"
strTitleLabel = "Post a Follow-Up to:"
Else
strMsgLabel = "Your Message"
strTitleLabel = "Post a new thread"
End If
%>
<TITLE><%=abTitle%>&nbsp;<%=strTitleLabel%></TITLE>

</HEAD>

<%
If abBGImage="" Then
If abBGColor <"" Then
Response.Write "<BODY BGCOLOR=""" & abBGColor & """>"
End If
Else
Response.Write "<BODY BACKGROUND=""" & abBGImage & """>"
End If

strHeaderString = GetHeaderString(Request.QueryString("Id"), 0)
%>

<CENTER>
<%=GetTitleString%>
<h4><font face="<%=abFont%>"><%=strTitleLabel%><br>
<a href="aspBoardDetail.asp?Id=<%=Request.QueryString ("Id")%>">
<font color="#ff0000"><%=strHeaderString%></font></a></h4>
</CENTER>

<%
Dim adoRs

strSql="SELECT * FROM msgDetail WHERE msgId = " &

Request.QueryString("Id")

Set adoRs=Server.CreateObject("ADODB.Recordset")
adoRS.Open strSql, adoConn, 1

If strHeaderString <abDefaultHeader Then
strHeaderString = "RE: " & strHeaderString
End If

%>

<center>
<table width="80%" cellpadding="2" cellspacing="2" border="0">
<form method="post" action="aspBoardPost.asp" id="postForm"

name="postForm"

LANGUAGE="javascript" onsubmit="return Submit_onclick()">
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your Name:</b></font></td>
<td><input id="author_nameStr" name="author_nameStr" type="text"
size="24" Value="<%=Request.Cookies("postName")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your Email:</b></font></td>
<td><input id="author_emailStr" name="author_emailStr" type="text"
size="24" Value="<%=Request.Cookies("postEmail")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Your URL:</b></font></td>
<td><input id="author_urlStr" name="author_urlStr" type="text"

size="24"

Value="<%=Request.Cookies("postURL")%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>" size="-1"><b>Subject:</b></font></td>
<td><input id="headerStr" name="headerStr" type="text" size="48"
value="<%=strHeaderString%>"></td>
</tr>
<tr>
<td><font face="<%=abFont%>"
size="-1"><b><%=strMsgLabel%>:</b></font></td>
<td><textarea cols="48" rows="5" name="detailStr"
id="detailStr"></textarea></td>
</tr>
<%If Request.QueryString("Id") 0 Then%>
<%If abIncOrigMsg = True Then%>
<tr><td colspan="2">&nbsp;</td></tr>
<tr valign="top">
<td>&nbsp;</td>
<td><input type="checkbox" name="incOrig" Value="yes" CHECKED>
<font face="<%=abFont%>" size="-1"><b>Include original message in
response?<br></td>
</tr>
<%End If%>
<tr><td colspan="2">&nbsp;</td></tr>
<tr>
<td>&nbsp;</td>
<td><font face="<%=abFont%>" size="-1">Posted by

<%=adoRs.Fields("author_nameStr").Value%>&nbsp;on& nbsp;<%=FormatDateTime(ado
Rs.Fields("msgTime").Value,

1)%>&nbsp;at&nbsp;<%=FormatDateTime(adoRs.Fields(" msgTime").Value,
3)%></font></td>
</tr>
<tr>
<td valign="top"><font face="<%=abFont%>" size="-1"><b>Original
Message:</b></font></td><td><textarea cols="48"
rows="<%=GetRows(adoRs.Fields("detailStr").Value)% >" id="origMsg1"
name="origMsg1" disabled><%=ReplaceQuotes(adoRs.Fields("detailStr" ).Value,
0)%></textarea></td>
</tr>
<input type="hidden" id="origMsgStr" name="origMsgStr"
value="<%=adoRs.Fields("detailStr").Value%>">
<%End If%>
<input type="hidden" id="msgId" name="msgId"
value="<%=Request.QueryString("Id")%>">
<tr>
<td colspan="2" align="center">
<input type="submit" value="Post Message" Name="Submit">
</td>
</tr>
</form>
</table>
<br>
</center>
</BODY>
</HTML>

<SCRIPT ID=clientEventHandlersJS LANGUAGE=javascript>
<!--

function Submit_onclick() {
//check for client side (form) validation

if (Form_Validate() == true) {
return true;
} else {
return false;
}

}

//-->
</SCRIPT>

<SCRIPT Language="JavaScript">

function Form_Validate() {

if (document.postForm.author_nameStr.value==""){
alert("[Your Name] cannot be blank");
return false;
}

if (document.postForm.author_emailStr.value==""){
alert("[Your Email] cannot be blank");
return false;
}

if (document.postForm.detailStr.value==""){
alert("[Your Response] cannot be blank");
return false;
}

return true;
}
</SCRIPT>

"Steven Burn" <so*******@in-time.invalidwrote in message
news:up**************@TK2MSFTNGP03.phx.gbl...

Typically, the aspboard.com website no longer exists apparently.

Going on the code you've posted, the function we need to modify
(AddResponse) appears to be located elsewhere (probably the
"aspBoardFunctions.asp" include file).

> lngNewId = AddResponse(Request("msgId"), Request("headerStr"),
strDetailString, Request("author_nameStr"), Request("author_emailStr") &

"",

>Request("author_urlStr") & "")

The filter will simply involve blocking the use of;

<a
[url
://

The latter of the three (will block all posts with http://, ftp:// etc)
can
be avoided if posting URL's is something you want to keep, by modifying
the
code to display the URL as text, rather than a hyperlink (about the only
way
to keep URL's and not help the spammer at the same time as filtering by
domain, IP etc, is pointless)

If you can send me* a zipped copy of the aspboard files (original's if
possible), or post the AddResponse function, I'll do the modifications for
you and post them here.

If sending them, please send them to;

files /at/ it-mate /dot/ co /dot/ uk

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Hi Steven,

Files sent as requested.

Thanks,
Paul

Sorry for taking so long to respond (have been away for a couple days).

Open up aspBoardFunctions.asp and go to line #134, then add the following;

'// Begin code block
'// Message
If Instr(1, sMessage, "<a", vbTextCompare) OR _
Instr(1, sMessage, "[url", vbTextCompare) OR _
Instr(1, sMessage, "<sc", vbTextCompare) Then _
Response.Write "Error: Potential spam detected<br><br>" & _
"Please click the back button on your " & _
"browser and check your message again": Response.End
'// End code block

This will add a filter to the "sMessage" string, to prevent <a, [url and
<script entries.

You should probably add it for the other fields aswell (just replace
sMessage with their respective variable names).

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"PW" <pw***@SPAMbigpond.net.auwrote in message
news:eg**************@TK2MSFTNGP05.phx.gbl...

>
"Steven Burn" <so*******@in-time.invalidwrote in message
news:up**************@TK2MSFTNGP03.phx.gbl...

Typically, the aspboard.com website no longer exists apparently.

Going on the code you've posted, the function we need to modify
(AddResponse) appears to be located elsewhere (probably the
"aspBoardFunctions.asp" include file).

lngNewId = AddResponse(Request("msgId"), Request("headerStr"),
strDetailString, Request("author_nameStr"), Request("author_emailStr")

&

"",

Request("author_urlStr") & "")

The filter will simply involve blocking the use of;

<a
[url
://

The latter of the three (will block all posts with http://, ftp:// etc)
can
be avoided if posting URL's is something you want to keep, by modifying
the
code to display the URL as text, rather than a hyperlink (about the only
way
to keep URL's and not help the spammer at the same time as filtering by
domain, IP etc, is pointless)

If you can send me* a zipped copy of the aspboard files (original's if
possible), or post the AddResponse function, I'll do the modifications

for

you and post them here.

If sending them, please send them to;

files /at/ it-mate /dot/ co /dot/ uk

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Hi Steven,

Files sent as requested.

Thanks,
Paul

Hi Steven,

I've implemented the code, now will just sit back and wait to see what the
result is.

Thanks for your help, it is much appreciated.

PW


"Steven Burn" <so*******@in-time.invalidwrote in message
news:%2******************@TK2MSFTNGP04.phx.gbl...

Sorry for taking so long to respond (have been away for a couple days).

Open up aspBoardFunctions.asp and go to line #134, then add the following;

'// Begin code block
'// Message
If Instr(1, sMessage, "<a", vbTextCompare) OR _
Instr(1, sMessage, "[url", vbTextCompare) OR _
Instr(1, sMessage, "<sc", vbTextCompare) Then _
Response.Write "Error: Potential spam detected<br><br>" & _
"Please click the back button on your " & _
"browser and check your message again": Response.End
'// End code block

This will add a filter to the "sMessage" string, to prevent <a, [url and
<script entries.

You should probably add it for the other fields aswell (just replace
sMessage with their respective variable names).

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

No problem ;o)

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

"PW" <pw***@SPAMbigpond.net.auwrote in message
news:eY**************@TK2MSFTNGP02.phx.gbl...

>
Hi Steven,

I've implemented the code, now will just sit back and wait to see what the
result is.

Thanks for your help, it is much appreciated.

PW


"Steven Burn" <so*******@in-time.invalidwrote in message
news:%2******************@TK2MSFTNGP04.phx.gbl...

Sorry for taking so long to respond (have been away for a couple days).

Open up aspBoardFunctions.asp and go to line #134, then add the

following;

'// Begin code block
'// Message
If Instr(1, sMessage, "<a", vbTextCompare) OR _
Instr(1, sMessage, "[url", vbTextCompare) OR _
Instr(1, sMessage, "<sc", vbTextCompare) Then _
Response.Write "Error: Potential spam detected<br><br>" & _
"Please click the back button on your " & _
"browser and check your message again": Response.End
'// End code block

This will add a filter to the "sMessage" string, to prevent <a, [url and
<script entries.

You should probably add it for the other fields aswell (just replace
sMessage with their respective variable names).

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!