php guestbook, spam, etc

[valoukh]

Hi all.

 

I have a php guestbook on our website and recently we've been getting a lot of ridiculous spam messages! I'm looking for advice on preventing it. I've looked into using image verification but it's proving difficult to set up so until I manage to figure it out (unless someone knows of some easy code that works!) I'm trying to find a temporary solution. I've noticed that 99% of the spam messages contain URLs, so I thought an IF statement like "if comment doesn't contain "http"" might do the trick. I've tried stuff like this but can't seem to get it working:

 

if not ($row['Comment'] =~ /http/) {

if not ($row['Comment']) =~ /http/ {

if not ($row['Comment'] =~ "http") { etc

 

Any help is much appreciated,

valoukh.

[BlueSkyIS]

if (stristr($row['Comment'], 'http')) { // http is in the string

[valoukh]

Thank you. I want it so that it prints all records without 'http' in them so i've written:

 

if not (stristr($row['Comment'], 'http')) { // http is in the string

 

but I'm getting the error:

 

Parse error: syntax error, unexpected T_STRING, expecting '(' in /home/l21denb/public_html/HTML/guestbook.php on line 155

 

Can't work out what's missing!

[valoukh]

I suppose I could do "if it contains http then nothing, else something"?

[valoukh]

that seems to work!

 

http://www.denbygrace.com/HTML/guestbook.php

[valoukh]

ah no, I just did a test message and its still printing URLs . Am I missing something?

[Gighalen]

This is just an idea I have, and I'm going to write the example off the top of my head, but hopefully it will help. Essentially its a number verification system.

 

Have this on your page inside the form where the user signs the guestbook. It generats a number from 1-100000 and saves it as a variable. It then asks the user to type the number in the textbox.

$number = rand(1, 100000);
echo "$number";
echo "<input type=\"hidden\" value=\"$number\" name=\"realnumber\">";
echo "<input type=\"text\" name=\"usernumber\">";

 

Here, the script compares the two numbers. If they match, it executes the guestbook script. If else, it well, doesnt.

$number = $_POST['number'];
$usernumber = $_POST['usernumber'];
if($number == $usernumber){
execute guestbook script
}
else
{
echo "Incorrect Verification Code!";
}

 

Crude example, but I hope it helps.

[valoukh]

Thanks for the code! Seems to be working, although you can get around it by not entering anything!

 

Do I need something like this?

 

if not(empty($usernumber )) {

if($number == $usernumber){

 

not sure of the syntax for the first IF

[darkfreaks]

<?php

if (!empty($usernumber )) { //code
}
if($number==$usernumber){ //code
}?>

[Gighalen]

Opps, my bad.

 

And thank you darkfreaks.

[valoukh]

I've put this:

 

if (!empty($usernumber )) {

echo "<style>body{font-size:12}</style>Incorrect Verification Code!";

}

 

but it still works :S

[valoukh]

Ah, seems to be working. I think it was because it was requesting POST from form "number" when it was called "realnumber".

 

Working: http://www.denbygrace.com/HTML/guestbook.php

 

Thanks everyone for your help!

[jonsjava]

um..bad news. I just broke your security. go look at your site.

[jonsjava]

let me explain further:

using Spam-Me-Not(I'm not crazy about writing my own decimal codes for letters), I converted http://jonsjava.com to

http://jonsjava.com

so I could then just do this:

<a href="&#104;&#116;&#116;&#112;&#58;&#47;&#47;&#106;&#111;&#110;&#115;&#106;&#97;&#118;&#97;&#46;&#99;&#111;&#109;">Mysite</a>(example)

so it would output the link to my site.  Your site doesn't protect against people posting html.  you fix that, and you'll have fixed most of your problem.

[valoukh]

Thanks for your input! I've replied on the site; I'm going to monitor it today and tomorrow.