You are here: Re: Avoiding guestbook spam « PHP Programming Language « IT news, forums, messages
Re: Avoiding guestbook spam

Posted by Jψrn Dahl-Stamnes on 05/26/07 05:28

Schraalhans Keukenmeester wrote:

> One of my customers' site has been 'discovered' by the spammers community.
> What else is new.
>
> None of the messages they posted sofar ended up showing in the guestbook,
> since they fail to pass the correct verification string. (yes, available
> in written text and audio for the visually impaired)
>
> Yet the volume and size of unsuccesful posts is increasing to a point
> where they may become a burden on server and bandwith.
>
> I added some logic to the scripts blocking spammer ip adresses via
> .htaccess, but this proves pretty useless, and might block the innocent.
> Their addresses may be spoofed, their systems unknowingly abused by
> others.
>
> Given the fact I have rather limited freedom on this client's host, what
> would be your recommended means of preventing spam submission in the first
> place, if possible? Of course, anything taking up as much or more
> resources than my current solution wouldn't really improve things.
>
> Your ideas are appreciated!

What about the following solution. It involves using session variables.

In your guestbook.php:

$_SESSION['guestbook'] = time ();
echo "<FORM ACTION="add.php" ...>

And in add.php:

// Check to see if this was posted through MY guestbook.php
if (!isset($_SESSION['guestbook'])) die ("Sorry...");

// Check if the user has used some time to fill out the guestbook form.
// If the time used to fill it out is too short, the chance is that there
// is a computer filling this out - not a human.
$diff = time() - $_SESSION['guestbook'];
if ($diff < 100) die ("Sorry, humans only");

// Also check the user agent.
$agent = $_SERVER['HTTP_USER_AGENT'];
if (0 = strlen($agent) || !isset($agent)) die ("No user-agent given");

Remember to do a session_start() first in both scripts.
This will not stop humans from adding spams, but it will stop computer
programs feeding your form with data. So this can be used in combination
with other solutions.

--
JΓΈrn Dahl-Stamnes
http://www.dahl-stamnes.net/dahls/

 

Navigation:

[Reply to this message]
УдалСнная Ρ€Π°Π±ΠΎΡ‚Π° для программистов  •  Как Π·Π°Ρ€Π°Π±ΠΎΡ‚Π°Ρ‚ΡŒ Π½Π° Google AdSense  •  England, UK  •  ΡΡ‚Π°Ρ‚ΡŒΠΈ Π½Π° английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Π‘Π°ΠΉΡ‚ ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ Π² Π‘Ρ‚ΡƒΠ΄ΠΈΠΈ Π’Π°Π»Π΅Π½Ρ‚ΠΈΠ½Π° ΠŸΠ΅Ρ‚Ρ€ΡƒΡ‡Π΅ΠΊΠ°
ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Π²Π΅Π±-сайтов, Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния, поисковая оптимизация