473,287 Members | 1,492 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,287 software developers and data experts.

Need help preventing spammers in guestbooks

1
Hello,
This is my first post, and any help would be greatly appreciated.
I create online memorials which contain guestbooks which have been the subject of computer generated spam. I have been able to modify the php script to eliminate posts containing www and http which solved the problem for a while, but the spammers are back in full force.

I need to add a security measure to eliminate the spam, but I don't want it to bee too obtrusive. I thought if I added a field to the form with a required field that was constant (with a line describing that the viewer must enter the text "VXPTO132" in order to complete the post, this would work.

Unfortunately, I don't know php enough to know how to add that string into the code. Could anyone please tell me the line(s) I need to add? Thank you in advance.


Here's the code:

<html><head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<META HTTP-EQUIV="Content-Language" CONTENT="En">
<META NAME="Keywords" CONTENT="none">
<META NAME="revisit-after" CONTENT="31 days">
<title>Precious Memories & More ~ Personal Tributes</title>
</HEAD><body>
<center>
<h2><b><font face="arial">Personal Tribute</b></h2></font><br>
</center>
<?php

/*+---------------------------------------------------------------+
| PHP GuestBook Version 1.5.0
| Copyright 1999-2000 All Rights Reserved.
| TELEMATICS SOFTWARE
| E-Mail:mr.shifter@hosted.uklinux.net
| Script License: GPL
| Script Archive at:
| http://www.hosted.uklinux.net/php/freescripts/index.php
| Upload both guestbook.php and guestbook.html, chmod 666
| to guestbook.html read/write for all. Call the html page in
| your browser and you now have a simple guestbook script.
|
+--------------------------------------------------------------+*/
/*-------------- Set Necessary Variables ----------- */

$GUEST_LIST = "guestbook.htm";
// Absolute path to guestbook.htm file.
// chmod 666 to this html file

$PLACE_HOLDER = "<!--Add_Comments-->";
//Position of new messages in html document.


$REFERERS = array('www.preciousmemoriesandmore.com' ,'www.goodbyes.org', 'preciousmemoriesandmore.com','goodbyes.org');
// use without http://
// URL(s) of servers who are authorised to use this script.


/*------- End Variables section ---------- */

function error($error_message) {
echo $error_message."<BR>";
exit;
}

function check_referer () {
global $REFERERS, $HTTP_REFERER;
if ($HTTP_REFERER != "")
while (list($val, $ref) = each($REFERERS))
if (preg_match("/^http:\/\/$ref/", $HTTP_REFERER))
return;
error("Unauthorized access to: $HTTP_REFERER");
}

check_referer();

if ($action == 'write') {

$date = date("d/m/Y");

$file_array = file($GUEST_LIST) or die("Sorry...can not open $GUEST_LIST");

$file = join ("", $file_array);

$name = htmlspecialchars(stripslashes($name));
$email = htmlspecialchars(stripslashes($email));
$title = htmlspecialchars(stripslashes($title));
$comment = htmlspecialchars(stripslashes($comment));

//if the comment contains "www." then stop execution of script
if(strstr($comment, "www."))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}

//if the comment contains "www." then stop execution of script
if(strstr($comment, "http:"))
{
die("Sorry, but you cannot post URLs in a message. Please try again");
}

$add = $PLACE_HOLDER;
$add .= "\n<DL><DT><A HREF=\"mailto:$email\">$name</A><DD><BR>$comment<BR><BR>Tribute added on $date</DL>\n";
$file = preg_replace("/$PLACE_HOLDER/", $add, $file);

$fp = fopen("$GUEST_LIST", "w") or die ("Sorry...can not write to $GUEST_LIST");
flock($fp, 1);
fputs($fp, $file);
flock($fp, 3);
fclose($fp);


echo("<center><p> You have entered the following tribute,<br></p><table><tr><td>");
echo ("$add<BR>");
echo("</td</tr></table></center>");
echo("<center><p>Thanks for adding your personal tribute</p></font></center>");

}
?>
<br>
<center><font face="arial" size="2" color"FFFFFF">
Return to <A HREF="guestbook.htm">the Tribute Page</A> to view your message<br>
(If your message is not displayed, click on the REFRESH button)
<hr>
</font>
</center>
</body></html>
Jul 20 '06 #1
1 4813
ronverdonk
4,258 Expert 4TB
I have in my email archive an excellent article by Ian Gilfillan about how to tackle this problem.

It details how to scan addresses and text for non-allowed words, tags and other indications that might suggest a spammer attack.

This article is too long to post in this reply, but if you send me your email address (you don't have one in the members list) I will forward this article to you.
You can send me mail via the members list.

Hear from you - Ronald :cool:
Jul 20 '06 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

11
by: Jim | last post by:
Hi, I keep getting form results emailed to me that would indicate a form from my web site is getting submitted with all fields blank or empty, but my code should preventing users from proceeding...
1
by: David Hane | last post by:
Hi all, I would like give users the ability to experiment with complex queries but I'm worried about them creating queries that will bog down the server. Does anyone have any ideas for...
6
by: Jerry Werner | last post by:
I need to replace my email address on hundreds of web pages with a new address (in a graphic, not a mailto) in order to thwart the email harvesters that spammers are using. Ideally, I'd like to do...
21
by: PassingBy | last post by:
I recently came across a template site selling cd's and was wondering what the groups opinion is of this? I purchased one of the cd's and the templates are great and Im looking forward to...
43
by: SLH | last post by:
hi people. im trying to validate input received via a text area on an ASP page before writing it to a database. i cant use client side javascript due to policy, so it all has to happen on the...
12
by: Mark Rae | last post by:
Hi, See the previous thread Request.Form abuse in this newsgroup... I'm looking for a simple and efficient way to prevent people hijacking the <formtags on my websites and using them to send...
4
by: shror | last post by:
dear all, i have started learning php 2 weeks ago and i have wrote my first script for mail sender and the script takes all my data and move to the thanks page but the problem is that the mails...
4
by: CleaningTips | last post by:
Me and my buddy made a website called www.CleaningTips.com, its basically a free forum and free blog driven web site dedicated as a source people can goto to find out how to clean and remove...
12
by: MikeB | last post by:
I created a small website for a friend. On this website he has a contact page where people can send him email. When I wrote this page I checked some tutorial pages and they warned about certain...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.