Spam problems on our comments form - Please help

tigra · July 20, 2008

HI, i was wondering if anyone could help me, we are receiving a large amount of spam links on our comments form and we cant stop it. We have tried;

1. adding recaptcaha,

2. adding code to catch the ip address in the database but it doesnt show up for their comments but does for genuine comments.

3. a hidden form cell to trap spambots.

4. a blacklist of well known spammers/bots etc via the .htaccess file.

5. A 'confirm' javascript pop up confirmation before submit.

6. Coding to ban html links in post - but they still get through.

We have run out of ideas ??? and think maybe they are bypassing the form script somehow as they can still post??

Any help would be greatly appreciated please.

thank you.

DarkWater · July 20, 2008

Can I see what you actually did?

tigra · July 20, 2008

hi, no probs what do you need me to send?

JasonLewis · July 20, 2008

I would recommend keeping the captcha there, as they would be the best method. Are you sure your captcha was working correctly?

Another suggestion... If it's a real dire situation, how about having an admin section behind it all (no doubt you do), and basically make comments be approved before being submitted on the website.

Another question. Are the spam problems related to sexual innuendo?

PFMaBiSmAd · July 20, 2008

For anyone to thoroughly help, you need to post the form processing code, the form, and your .htaccess file.

If no IP address is being recorded (and the code doing the recording is correct) that would indicate that the content is being delivered through a means other than a http request to your form processing code. Perhaps through a http request to some other script on your site that allows access to files or data or through php code injection or sql code injection.

Bot scripts submit data to the form processing code, so most things you do in the form code, like item #5 on your list, have no effect (other than the things you might do to your form to help insure that someone (or a bot) visited the form before visiting the form processing code.)

tigra · July 20, 2008

wow thank you so much for all your replies and so fast.

firstly... to projectfear.... yes the captcha is working correctly as i have posted test comments and entered the wrong answer and it redirected me back to the form... and yep we do have an admin side to delete/reply to comments etc but approving comments wouldnt be a very good option because we would still have to go through each one (but we may have to do this if we cant fix the prob)... and thirdly.... yep some of them are related to sexual innuendo - we have a script to blacklist words but that doesnt stop them.

PFMaBiSmAd - yep i think you are right but I am fairly new to php so unsure where i need to check for sql injections etc or what i'm even looking for.

Here is the form... (i apologise in advance for the length of this post)...

<?php $this_page = "sayhi"; // change this for each page (either: news, about, expeditions, services, speaking, photography, filming, exfac, sponsors) ?>

<?php

// This page may have been passed a $start_at_message_number variable as

// if they click 'next 20 messages' they re-load this page but want to see diff messages

$number_of_messages_to_show_per_page = 15;

if ($start_at_message_number == NULL OR $start_at_message_number <= 0 ) $start_at_message_number = 1;

?>

<?php include("header_above_title.php"); ?>

function confirmSubmit()

{

var agree=confirm("Please click 'OK' to confirm your comment, or click 'cancel' to make changes. thank you");

if (agree)

return true ;

else

return false ;

}

</script>

var RecaptchaOptions = {

theme: 'blackglass'

};

</script>

function select_all_message(what_form)

{

var text_val=eval("document." + what_form + ".message");

text_val.focus();

text_val.select();

}

function select_all_name(what_form)

{

var text_val=eval("document." + what_form + ".from_name");

text_val.focus();

text_val.select();

}

function select_all_subject(what_form)

{

var text_val=eval("document." + what_form + ".subject");

text_val.focus();

text_val.select();

}

function select_all_email(what_form)

{

var text_val=eval("document." + what_form + ".from_email");

text_val.focus();

text_val.select();

}

</SCRIPT>

<TITLE>Indian Ocean Rowing Race 2009 - Clark Carter and Ryan Storey: Say Hi</TITLE>

<?php include("header_below_title.php"); ?>

<TR>

<BR>

<H2>Drop us a message!</H2>

<TR>

<P>We'd love to hear from you so please fill in the form to the right and click 'Send'.</P>

<P>Your message will be emailed to us and a copy <B>posted online here for others to read</B>. Our reply will be posted online here and, if you enter your email address, a notification email will also be emailed to you.</P>

<P>If you need to contact us privately, please send your email to team[at]RowTheIndian.com.

</TD>

</TD>

<TD>

<BR>

<TEXTAREA ROWS="7" COLS="35" NAME="message" onClick="select_all_message('say_hi');">Your message will be emailed to us and posted online.</TEXTAREA><BR><div style="visibility:hidden; display:none;">

<label>What is 2+3?

</div>

</div>

<BR>

<?php

require_once('recaptchalib.php');

$publickey = "6LfbWgIAAAAAAFAT36h0ya9E2GxrcMXyWd55faa-"; // you got this from the signup page

echo recaptcha_get_html($publickey);

?>

<BR>

</TD>

</TR>

</TABLE>

<?php

// Now work out how many messages will

$sql_string = "SELECT * FROM contact ORDER BY message_id DESC"; // end of the sql statement

$searchResults = mysql_query ($sql_string);

$no_of_messages = mysql_num_rows($searchResults);

if ($no_of_messages >= ($start_at_message_number - 1 + $number_of_messages_to_show_per_page)){

$last_message_on_this_page = $number_of_messages_to_show_per_page + $start_at_message_number -1;

} else { // if there aren't enough mesages to gill up this page

$last_message_on_this_page = $no_of_messages;

}

// Now are they viewing the most recent messages, (ie start_at_message_number = 0)?

// how many will be shown on this page?

$number_on_this_page = min($number_of_messages_to_show_per_page,$no_of_messages);

if ($start_at_message_number == 1){

echo("<H2>Latest ".$number_on_this_page." of ".$no_of_messages." messages:</H2>");

} else {

echo("<H2>Showing older messages " . $start_at_message_number . " - " . $last_message_on_this_page . " of ".$no_of_messages.":</H2>");

}

?>

</FORM>

<?php

$messages_skipped_over = 0;

$messages_shown_sofar = 0;

while( $Mesage_items = mysql_fetch_array($searchResults) AND $messages_shown_sofar < $number_of_messages_to_show_per_page) {

//now need to skip through messages until we get to the $start_at_message_number

$messages_skipped_over = $messages_skipped_over + 1;

if ($messages_skipped_over < $start_at_message_number) continue;

$messages_shown_sofar = $messages_shown_sofar + 1;

// convert news date to frieldy version

$date_return = mysql_query ("SELECT DATE_FORMAT('".$Mesage_items["date"]."', '%D %b %y')");

$row = mysql_fetch_array($date_return);

$Happy_Date = $row[0];

//do we have a name from them or shallw e just write 'anon'?

if ($Mesage_items["from_name"] == NULL OR $Mesage_items["from_name"] == ""){

$their_name = "Anonymous";

} else {

$their_name = $Mesage_items["from_name"];

}

echo("<TABLE BORDER=\"0\" CELLSPACING=\"0\"><TR><TD VALIGN=\"TOP\" WIDTH=\"40\" ALIGN=\"left\"><IMG SRC=\"images/letter.jpg\" ALIGN=\"left\"></TD><TD>");

echo("<H3>" . $Mesage_items["subject"] . " <FONT SIZE=\"2\">(". $their_name ." - ". $Happy_Date .")");

if ( $Mesage_items["about_news_id"] > 0){ // if this was a comment from a news item get the details of it

$sql_string = "SELECT * FROM news WHERE news_id='" . $Mesage_items["about_news_id"] . "'"; // end of the sql statement

$NewssearchResults = mysql_query ($sql_string);

$News_item = mysql_fetch_array($NewssearchResults);

echo(" - Re: News item '<A TARGET=\"NEW\" HREF=\"news_detail.php?news_id=".$Mesage_items["about_news_id"]."\">".$News_item["title"]."</A>'");

}

echo("</FONT></H3>");

echo("<P>". str_replace("\n","\n<br>",$Mesage_items["message"] ) . "</P>");

// have we replied yet?

if( $Mesage_items["replied"] == 1){ // yes we have

// get the reply date happy version

$date_return = mysql_query ("SELECT DATE_FORMAT('".$Mesage_items["reply_date"]."', '%D %b %y')");

$row = mysql_fetch_array($date_return);

$Happy_Reply_Date = $row[0];

echo("<TABLE BORDER=\"0\"><TR><TD WIDTH=\"20\"></TD><TD ALIGN=\"left\">");

echo("<H3><FONT COLOR=\"#cd4040\">" . $Mesage_items["reply_from"] . "'s Reply</FONT><FONT COLOR=\"#cd4040\" SIZE=\"2\"> (". $Happy_Reply_Date .")</FONT></H3>");

echo("<P><FONT COLOR=\"#cd4040\">". str_replace("\n","\n<br>",$Mesage_items["reply_message"] ) . "</FONT></P>");

echo("</TD></TR></TABLE>");

}

echo("</TD></TR></TABLE>");

echo("<HR COLOR=\"#ececec\">");

}

// Do we need to show them a button saying next / previous messages?

?>

<TR>

<?php

// Only show the 'newer messages' button if there are newer messages

if ($start_at_message_number > 1){

?>

<FORM ACTION="<?php echo($PHP_SELF);?>" METHOD=POST>

<INPUT TYPE="hidden" VALUE="<?php echo($start_at_message_number - $number_of_messages_to_show_per_page); ?>" NAME="start_at_message_number">

</FORM>

<?php

}

?>

</TD>

<?php

// Only show the 'earlier messages' button if there are more messages to show

if ($no_of_messages > $last_message_on_this_page){

// how many will be shown on next page?

$number_left_for_next_page = min($number_of_messages_to_show_per_page,($no_of_messages - $last_message_on_this_page));

?>

<FORM ACTION="<?php echo($PHP_SELF);?>" METHOD=POST>

<INPUT TYPE="hidden" VALUE="<?php echo($last_message_on_this_page + 1); ?>" NAME="start_at_message_number">

<INPUT TYPE="submit" VALUE="Older Messages >>" NAME="btn_older">

</FORM>

<?php

}

?>

</TD>

</TR>

</TABLE>

<?php

?>

here is the form processing code... .

<?php

require_once('recaptchalib.php');

$privatekey = "6LfbWgIAAAAAAKFeilnMoHd2ClFE5pAnuuwaxJ4U";

$resp = recaptcha_check_answer ($privatekey,

$_SERVER["REMOTE_ADDR"],

$_POST["recaptcha_challenge_field"],

$_POST["recaptcha_response_field"]);

if (!$resp->is_valid) {

die ("The validation letters were not entered correctly. Please hit the '<B>Back</B>' button on your web browser and <B>Try Again</B>.<BR><BR>Thanks." .

"(reCAPTCHA said: " . $resp->error . ")");

}

?>

<?php $this_page = "sayhi"; // Change this for each page (either: news, about, expeditions, services, speaking, photography, filming, exfac, sponsors) ?>

<?php include("header_above_title.php"); ?>

<TITLE>Indian Ocean Rowing Race 2009 - Clark Carter and Ryan Storey: Write News Comment</TITLE>

<?php include("header_below_title.php"); ?>

<TR>

<BR>

<H2>Thanks for your message!</H2>

<?php

$SpamErrorMessage = "No website URLs are permitted in the forms content area. Please click the back button on your web browser and try again, thank you";

//if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}

if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();}

/* If e-mail is not valid show error message */

if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))

/* If URL is not valid set $website to empty */

if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website))

{

$website = '';

}

function process ($validate = true) {

# form submission

if ((! $validate) || $this->validate()) {

# Edit user input - go back to original form with fields filled in

if ($_POST['confirmedit'] == "Edit") {

$this->display();

# Show user input - confirm that the user entered what they meant to enter

} elseif ($_POST['submit']) {

$this->addConfirmMsg("Please click \"Confirm\" to complete the submission. To make changes, click \"Edit.\"");

$this->removeElement('submit');

$buttons[] = &HTML_QuickForm::createElement('submit', null, 'Confirm', array("style"=>"width: 85px;"));

$buttons[] = &HTML_QuickForm::createElement('submit', null, 'Edit', array("style"=>"width: 85px;"));

$this->addGroup($buttons, 'confirmedit', null, ' ');

$this->displayPreview();

# Submission confirmed - write to DB (,send emails), show status msg

} elseif ($_POST['confirmedit'] == "Confirm") {

//Submission confirmed. Write to DB or send emails etc

// ...

}

# Function: previewSubmission()

# Displays user input for confirmation (user input saved in hidden fields)

function displayPreview() {

$this->freeze();

$this->display();

}

?>

<?php

$ip_address = GetHostByName($REMOTE_ADDR);

// First check that the message doesn't seem to be offensive

$offensive_words = array("fuck","asshole","dickhead","penis","dick","sex","xxx","porn","pornstar","nude","naked","lesbian","viagra","pussy","tits","porn","gambling","pharmacy","casino","cunt","sluts","sdzoux","auto insurance","replica","furniture","debit","groups.google","credit","href","cigarettes","escorts","buy-used-car","http","florida","bqgoef","louis","vuitton","zxpcuk","nursing","http");

$is_offensive = 0; // assume innocent until proven guilty

for ($i = 0; $i < sizeof($offensive_words); $i++) {

if ((strpos( $message . $from_name, $offensive_words[$i]) != FALSE)){

$is_offensive = 1; // if it matches any bad words

//echo("Failed on [" . $offensive_words[$i] . "]\n");

}

// Now also check that it's not a blank comment or that they left it as 'Your Comment' by 'Your Name'

// if so, we may as well call it offensive and delete it (unless they left their name out, inwhich case write anonymous)

if (($message == "Your message will be emailed to us and posted online.") OR ($message == "") OR ($message == NULL)){

// ok so they didn't write in the body of the message, but is there atleast maybe a subject?

if (($subject == "Message Subject") OR ($subject == "") OR ($subject == NULL)) $is_offensive = 1; // noppe, nothing usefull at all

}

if ($from_name == "Your Name"){

$from_name = NULL;

}

if ($from_email == "Your Email Address"){

$from_email = NULL;

}

if ($is_offensive == 0) { // if it's not offensice

// SAVE THEIR Message

// Need to generate a new comment_id

$ContactResults = mysql_query ("SELECT max(message_id) FROM contact");

if (!$ContactResults ) {

echo("Error finding max contact_id");

include("footer.php");

exit();

}

$message_id = null;

$row = mysql_fetch_array($ContactResults);

$message_id = $row[0];

$message_id += 1;

$email2 = stripslashes($_POST["email2"]);

if (!empty($email2)) {

header("location: pretend_that_email_sent.php");

exit();

}

// Now to save the comment

$sql_string = "INSERT INTO contact SET message_id='$message_id', from_name='$from_name', message='$message', ip_address='$ip_address', subject='$subject', from_email='$from_email', date=NOW()"; // end of the sql statement

if (!mysql_query($sql_string)) {

echo("There was an error saving your message. Please try again.");

}

// Ok so now email the message out to us

$email_subject = 'New message from RowTheIndian.com';

$email_to = "team@RowTheIndian.com";

$composed_body = "G'day Chaps,\n\n[" . $from_name . "] email addr [". $from_email ."] has just written you a message from the www.RowTheIndian.com site:\n\n-----------------------------\n\nSUBJECT = " . $subject . "\n\n" . $message . "\n\n-----------------------------\n\n$ip=@$REMOTE_ADDR;\nTO REPLY to this message, visit www.RowTheIndian.com/reply_to_message.php?message_id=". $message_id ."\n\nTO DELETE this message, click this link: www.RowTheIndian.com/auto_delete_comment.php?message_id=".$message_id ;

$from = "From: No Reply - Row The Indian <team@RowTheIndian.com>";

mail($email_to, $email_subject, $composed_body , $from); // send the email

// All done

} // end if for not offensive

// Was it offensive or has it been sent ok?

if ($is_offensive) {

?>

<BR><P><B>But...</B> it seems that you either didn't type in your message properly, or that it contained one or more blacklisted words. Please hit the '<B>Back</B>' button on your web browser and check what you wrote and <B>Try Again</B>.<BR><BR>Thanks.</P>

<?php

} else { // it was ok and was sent

?>

<BR><P>Your comment has been emailed to us, and a copy put online <A HREF="sayhi.php">here</A>.<BR>

<BR><P>Our reply to your message will also be posted online at the same place <A HREF="sayhi.php">here</A>, underneath your message.

<?php

if($from_email == NULL OR $from_email == ""){

echo("As you didn't enter your email address, no notification of our reply can be sent, so you'll just have to keep coming back to see!</P>");

} else {

echo("A notification email letting you know when we reply will automatically be emailed to you.</P>");

}

?>

<BR>Thanks!</P>

<?php

}

?>

</TD>

<BR>

</TD>

</TR>

</TABLE>

<?php include("footer.php"); ?>

Here is the .htaccess file... (the http refferer ones are the main ones spamming us - especially google.groups)

RewriteEngine on

RewriteBase /

RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|DA$|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pockey|Proxy|psbot|PSurf|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Zeus.*Webster|Zeus [NC]

RewriteRule ^.* - [F,L]

RewriteEngine on

# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} google\.groups\.com [NC,OR]

RewriteCond %{HTTP_REFERER} groups\.google\.jp [NC,OR]

RewriteCond %{HTTP_REFERER} yourfreehosting\.net [NC,OR]

RewriteCond %{HTTP_REFERER} justfree\.com [NC,OR]

RewriteCond %{HTTP_REFERER} yoyohost\.com [NC,OR]

RewriteCond %{HTTP_REFERER} (mortgage) [NC,OR]

RewriteCond %{HTTP_REFERER} (nursing) [NC,OR]

RewriteCond %{HTTP_REFERER} (insurance) [NC,OR]

RewriteCond %{HTTP_REFERER} (imitation) [NC,OR]

RewriteCond %{HTTP_REFERER} volny\.cz/popec/utubeporn [NC,OR]

RewriteCond %{HTTP_REFERER} nursing\.com

RewriteRule .* - [F]

JasonLewis · July 20, 2008

Well you could have it not post anything that has the blacklisted words in it. Or anything related. If it contains the word, the comment is not posted.

How about making people register then?

Oh and please wrap that code in [ code ] [ / code ] tags, minus the spaces of course.

tigra · July 20, 2008

Yes when a blacklisted word is used it shows an error message already, and says to go back and try again.

Making people register is another option, but we really didn't want to add another step, or people may not post at all.

MadTechie · July 20, 2008

How about making people register then?

Oh and please wrap that code in [ code ] [ / code ] tags, minus the spaces of course.

And use email activation, they spam you ban, they get another email precess repeats.. worst case.. every post will say in a queue until an mod can verifiy it.

registration with email activation, IP loggin and captcaha, word filtering, normally stops 95% (depending on the site)

unkwntech · July 20, 2008

If they are not providing and IP I would do somthing like this:

if(strlen($ip) < 12)
{
    //No IP or not valid
}

JasonLewis · July 20, 2008

Yes when a blacklisted word is used it shows an error message already, and says to go back and try again.

Making people register is another option, but we really didn't want to add another step, or people may not post at all.

Okay. You'd be surprised by people registering. Most people if required to register to post would. I know for one that I do if I am required to post. Just make it worth there while.

shedokan · July 20, 2008

put a captcha, check ip and in the processing form check where the form was submitted from.

tigra · July 21, 2008

Hi, yes i already have a captcha in place, and a check for ip but it doesnt save the ip from spammer comments, only real human comments - which is rather strange - this makes me think that they aren't using the form to post comments.

How do i go about adding code to check where the form was submitted from? I'd love to be able to find out who these spammers are so i can report them.

Also, does anyone know how i can do a check to see if they are posting directly to the db - sql injection etc?

JasonLewis · July 21, 2008

Check the referrer to see, then make sure that it is from the form's page. If it isn't, then don't post the form.

Sign In

Spam problems on our comments form - Please help

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information