473,785 Members | 2,847 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Need help preventing spammers in guestbooks

1 New Member
Hello,
This is my first post, and any help would be greatly appreciated.
I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able to modify the php script to eliminate posts containing www and http which solved the problem for a while, but the spammers are back in full force.

I need to add a security measure to eliminate the spam, but I don't want it to bee too obtrusive. I thought if I added a field to the form with a required field that was constant (with a line describing that the viewer must enter the text "VXPTO132" in order to complete the post, this would work.

Unfortunately, I don't know php enough to know how to add that string into the code. Could anyone please tell me the line(s) I need to add? Thank you in advance.


Here's the code:

<html><head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<META HTTP-EQUIV="Content-Language" CONTENT="En">
<META NAME="Keywords" CONTENT="none">
<META NAME="revisit-after" CONTENT="31 days">
<title>Precio us Memories & More ~ Personal Tributes</title>
</HEAD><body>
<center>
<h2><b><font face="arial">Pe rsonal Tribute</b></h2></font><br>
</center>
<?php

/*+---------------------------------------------------------------+
| PHP GuestBook Version 1.5.0
| Copyright 1999-2000 All Rights Reserved.
| TELEMATICS SOFTWARE
| E-Mail:mr.shifter @hosted.uklinux .net
| Script License: GPL
| Script Archive at:
| http://www.hosted.uklinux.net/php/freescripts/index.php
| Upload both guestbook.php and guestbook.html, chmod 666
| to guestbook.html read/write for all. Call the html page in
| your browser and you now have a simple guestbook script.
|
+--------------------------------------------------------------+*/
/*-------------- Set Necessary Variables ----------- */

$GUEST_LIST = "guestbook.htm" ;
// Absolute path to guestbook.htm file.
// chmod 666 to this html file

$PLACE_HOLDER = "<!--Add_Comments-->";
//Position of new messages in html document.


$REFERERS = array('www.prec iousmemoriesand more.com' ,'www.goodbyes. org', 'preciousmemori esandmore.com', 'goodbyes.org') ;
// use without http://
// URL(s) of servers who are authorised to use this script.


/*------- End Variables section ---------- */

function error($error_me ssage) {
echo $error_message. "<BR>";
exit;
}

function check_referer () {
global $REFERERS, $HTTP_REFERER;
if ($HTTP_REFERER != "")
while (list($val, $ref) = each($REFERERS) )
if (preg_match("/^http:\/\/$ref/", $HTTP_REFERER))
return;
error("Unauthor ized access to: $HTTP_REFERER") ;
}

check_referer() ;

if ($action == 'write') {

$date = date("d/m/Y");

$file_array = file($GUEST_LIS T) or die("Sorry...ca n not open $GUEST_LIST");

$file = join ("", $file_array);

$name = htmlspecialchar s(stripslashes( $name));
$email = htmlspecialchar s(stripslashes( $email));
$title = htmlspecialchar s(stripslashes( $title));
$comment = htmlspecialchar s(stripslashes( $comment));

//if the comment contains "www." then stop execution of script
if(strstr($comm ent, "www."))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}

//if the comment contains "www." then stop execution of script
if(strstr($comm ent, "http:"))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}

$add = $PLACE_HOLDER;
$add .= "\n<DL><DT> <A HREF=\"mailto:$ email\">$name</A><DD><BR>$comm ent<BR><BR>Trib ute added on $date</DL>\n";
$file = preg_replace("/$PLACE_HOLDER/", $add, $file);

$fp = fopen("$GUEST_L IST", "w") or die ("Sorry...ca n not write to $GUEST_LIST");
flock($fp, 1);
fputs($fp, $file);
flock($fp, 3);
fclose($fp);


echo("<center>< p> You have entered the following tribute,<br></p><table><tr><t d>");
echo ("$add<BR>") ;
echo("</td</tr></table></center>");
echo("<center>< p>Thanks for adding your personal tribute</p></font></center>");

}
?>
<br>
<center><font face="arial" size="2" color"FFFFFF">
Return to <A HREF="guestbook .htm">the Tribute Page</A> to view your message<br>
(If your message is not displayed, click on the REFRESH button)
<hr>
</font>
</center>
</body></html>
Jul 20 '06 #1
1 4869
ronverdonk
4,258 Recognized Expert Specialist
I have in my email archive an excellent article by Ian Gilfillan about how to tackle this problem.

It details how to scan addresses and text for non-allowed words, tags and other indications that might suggest a spammer attack.

This article is too long to post in this reply, but if you send me your email address (you don't have one in the members list) I will forward this article to you.
You can send me mail via the members list.

Hear from you - Ronald :cool:
Jul 20 '06 #2

Sign in to post your reply or Sign up for a free account.

Similar topics
11
8756
Possible hacking of my ASP form - Need advice
by: Jim | last post by:
Hi, I keep getting form results emailed to me that would indicate a form from my web site is getting submitted with all fields blank or empty, but my code should preventing users from proceeding if they left any field blank. My guess is that someone is trying to hack the site using the form to gain entry or run commands -- I don't really know since I'm not a hacker. I just know that forms are often susceptible to these kinds of...
ASP / Active Server Pages
1
2450
Preventing runaway mysqld process
by: David Hane | last post by:
Hi all, I would like give users the ability to experiment with complex queries but I'm worried about them creating queries that will bog down the server. Does anyone have any ideas for preventing a runaway process? I'd like to empower my users AND keep my server online :-) Thanks!
MySQL Database
6
4135
Need Help in Replacing Text String in Multiple html Files
by: Jerry Werner | last post by:
I need to replace my email address on hundreds of web pages with a new address (in a graphic, not a mailto) in order to thwart the email harvesters that spammers are using. Ideally, I'd like to do so while maintaining the same file dates. My web site is currently hosted on a Sun/Solaris/Apache platform. Does anyone know of a reliable way to recursively replace one text string with another, either using unix commands, a proven perl...
HTML / CSS
21
2047
What is the concensus on Template Sites
by: PassingBy | last post by:
I recently came across a template site selling cd's and was wondering what the groups opinion is of this? I purchased one of the cd's and the templates are great and Im looking forward to learning some design tips from the contents of the cd.... site: www.toptemplatecd.com Jim
HTML / CSS
43
2626
need bullet proof input validator
by: SLH | last post by:
hi people. im trying to validate input received via a text area on an ASP page before writing it to a database. i cant use client side javascript due to policy, so it all has to happen on the server. here is what i was trying, but pieces of it continue to break for one reason or another. the thinking behind this function was like this: if the input is less than 10 characters long, fail. if its 10 characters or greater, but it doesnt...
ASP / Active Server Pages
12
2153
Preventing Request.Form abuse
by: Mark Rae | last post by:
Hi, See the previous thread Request.Form abuse in this newsgroup... I'm looking for a simple and efficient way to prevent people hijacking the <formtags on my websites and using them to send spam. I would imagine they're using the HttpWebRequest method for this. Essentially, it would require a property on a WebForm that indicates whether it is *only* for PostBack (true by default, but configurable), which would
ASP.NET
4
1963
i need help with my mail script
by: shror | last post by:
dear all, i have started learning php 2 weeks ago and i have wrote my first script for mail sender and the script takes all my data and move to the thanks page but the problem is that the mails never comes, so i need your help with me, and here is my script: mail.htm code: <form method="POST" action="mail.php" onSubmit="">
PHP
4
1580
I need some cleanings tips and advice.
by: CleaningTips | last post by:
Me and my buddy made a website called www.CleaningTips.com, its basically a free forum and free blog driven web site dedicated as a source people can goto to find out how to clean and remove stains from pretty much anything. Problem is, as of yet, you couldn't find out how to clean anything right now cause the site is new and no one has found it yet. We don't know enough about cleaning and tips and tricks to really fill the site. Were...
PHP
12
2118
Preventing spammers from using mail form
by: MikeB | last post by:
I created a small website for a friend. On this website he has a contact page where people can send him email. When I wrote this page I checked some tutorial pages and they warned about certain precautions to take to avoid spammers using the mail form to spam multiple people. I believe I did most of that, such as making sure that the header fields does not include multiple addresses, etc. Now it does seem some spammer has discovered...
PHP
0
9480
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10153
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10093
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9952
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8976
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7500
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5511
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
2
3654
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
3
2880
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us