ohdang888 Posted June 5, 2008 Share Posted June 5, 2008 ok so i created this anti-spam script this morning.... this is just the back end... but the front end would be like this: a part of a form that has "Enter the number you see to the left". And a four digit number is there... and then the person's ip address, along with the date and the md5 of that random number, are stored in the database. The date is also stored in the session. Next backend page (registering users): the date is grabbed form the session, and it uses that and the ip address to find the correct md5 in the database... and if the md5 of the number they entered matches the code in the database, its a real human. And thoughts/suggestions/criticism? Thanks! <?php //random number $num = rand(0, 4999); // database vars $ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $md5 = md5($num); $date = date("Y-m-d H:i:s"); mysql_query("INSERT INTO `type_num` (`ip`,`md5_of_num`,`date`) VALUES ('$ip', '$md5', '$date') ") or die(mysql_error()); $_SESSION['date'] = $date; ?> Link to comment https://forums.phpfreaks.com/topic/108868-review-my-anti-spam-script/ Share on other sites More sharing options...
discomatt Posted June 5, 2008 Share Posted June 5, 2008 IPs can change on a per-request basis ( manily dial-up users ) Your best bet is to used tried and tested methods. A simple CAPTCHA (some go way over the top these days) will work great, and there are tons of resources/pre-built classes you can use. Link to comment https://forums.phpfreaks.com/topic/108868-review-my-anti-spam-script/#findComment-558451 Share on other sites More sharing options...
ohdang888 Posted June 5, 2008 Author Share Posted June 5, 2008 i know ip's can change.. but 1) odds are its not going to change while a user is registering, right? 2) i know how spammers can change their ip address thousands of times.. but.. won't that only prevent them from registering, which is what i want?? so... my method still holds up then, or am i wrong? i know there's better, more secure ways, i;m just trying to learn php. Thanks. Link to comment https://forums.phpfreaks.com/topic/108868-review-my-anti-spam-script/#findComment-558454 Share on other sites More sharing options...
discomatt Posted June 5, 2008 Share Posted June 5, 2008 Well, I'm just saying you might piss off a few dial up users that access page a, and then are denied on page b because their IPs have changed. A robot can easily keep the same IP over two requests... so I don't think you're stopping anything with that, just annoying legitimate users. The thing is a robot is designed to look like a real user. The only thing thats different is a user can react to strange, random requests ( aka slightly distorted works or lettering ). That's why CAPTCHA has become so prominent... robots are even set up now to check an email box for verification requests... the previous method of making sure a user was legit. Link to comment https://forums.phpfreaks.com/topic/108868-review-my-anti-spam-script/#findComment-558461 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.