tigra Posted July 20, 2008 Share Posted July 20, 2008 HI, i was wondering if anyone could help me, we are receiving a large amount of spam links on our comments form and we cant stop it. We have tried; 1. adding recaptcaha, 2. adding code to catch the ip address in the database but it doesnt show up for their comments but does for genuine comments. 3. a hidden form cell to trap spambots. 4. a blacklist of well known spammers/bots etc via the .htaccess file. 5. A 'confirm' javascript pop up confirmation before submit. 6. Coding to ban html links in post - but they still get through. We have run out of ideas ??? and think maybe they are bypassing the form script somehow as they can still post?? Any help would be greatly appreciated please. thank you. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/ Share on other sites More sharing options...
DarkWater Posted July 20, 2008 Share Posted July 20, 2008 Can I see what you actually did? Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594514 Share on other sites More sharing options...
tigra Posted July 20, 2008 Author Share Posted July 20, 2008 hi, no probs what do you need me to send? Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594537 Share on other sites More sharing options...
JasonLewis Posted July 20, 2008 Share Posted July 20, 2008 I would recommend keeping the captcha there, as they would be the best method. Are you sure your captcha was working correctly? Another suggestion... If it's a real dire situation, how about having an admin section behind it all (no doubt you do), and basically make comments be approved before being submitted on the website. Another question. Are the spam problems related to sexual innuendo? Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594540 Share on other sites More sharing options...
PFMaBiSmAd Posted July 20, 2008 Share Posted July 20, 2008 For anyone to thoroughly help, you need to post the form processing code, the form, and your .htaccess file. If no IP address is being recorded (and the code doing the recording is correct) that would indicate that the content is being delivered through a means other than a http request to your form processing code. Perhaps through a http request to some other script on your site that allows access to files or data or through php code injection or sql code injection. Bot scripts submit data to the form processing code, so most things you do in the form code, like item #5 on your list, have no effect (other than the things you might do to your form to help insure that someone (or a bot) visited the form before visiting the form processing code.) Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594545 Share on other sites More sharing options...
tigra Posted July 20, 2008 Author Share Posted July 20, 2008 wow thank you so much for all your replies and so fast. firstly... to projectfear.... yes the captcha is working correctly as i have posted test comments and entered the wrong answer and it redirected me back to the form... and yep we do have an admin side to delete/reply to comments etc but approving comments wouldnt be a very good option because we would still have to go through each one (but we may have to do this if we cant fix the prob)... and thirdly.... yep some of them are related to sexual innuendo - we have a script to blacklist words but that doesnt stop them. PFMaBiSmAd - yep i think you are right but I am fairly new to php so unsure where i need to check for sql injections etc or what i'm even looking for. Here is the form... (i apologise in advance for the length of this post)... <meta name="robots" content="noindex, nofollow" /> <?php $this_page = "sayhi"; // change this for each page (either: news, about, expeditions, services, speaking, photography, filming, exfac, sponsors) ?> <?php // This page may have been passed a $start_at_message_number variable as // if they click 'next 20 messages' they re-load this page but want to see diff messages $number_of_messages_to_show_per_page = 15; if ($start_at_message_number == NULL OR $start_at_message_number <= 0 ) $start_at_message_number = 1; ?> <?php include("header_above_title.php"); ?> <script LANGUAGE="JavaScript"> function confirmSubmit() { var agree=confirm("Please click 'OK' to confirm your comment, or click 'cancel' to make changes. thank you"); if (agree) return true ; else return false ; } </script> <script type= "text/javascript"> var RecaptchaOptions = { theme: 'blackglass' }; </script> <SCRIPT LANGUAGE="JavaScript"> function select_all_message(what_form) { var text_val=eval("document." + what_form + ".message"); text_val.focus(); text_val.select(); } function select_all_name(what_form) { var text_val=eval("document." + what_form + ".from_name"); text_val.focus(); text_val.select(); } function select_all_subject(what_form) { var text_val=eval("document." + what_form + ".subject"); text_val.focus(); text_val.select(); } function select_all_email(what_form) { var text_val=eval("document." + what_form + ".from_email"); text_val.focus(); text_val.select(); } </SCRIPT> <TITLE>Indian Ocean Rowing Race 2009 - Clark Carter and Ryan Storey: Say Hi</TITLE> <?php include("header_below_title.php"); ?> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%"> <TR> <TD VALIGN="top"> <BR> <H2>Drop us a message!</H2> <form onsubmit="return confirmSubmit();" method="POST" action="send_message.php" NAME="say_hi"> <TABLE BORDER="0" CELLPADDING="1" CELLSPACING="0"> <TR> <TD VALIGN="top"> <P>We'd love to hear from you so please fill in the form to the right and click 'Send'.</P> <P>Your message will be emailed to us and a copy <B>posted online here for others to read</B>. Our reply will be posted online here and, if you enter your email address, a notification email will also be emailed to you.</P> <P>If you need to contact us privately, please send your email to team[at]RowTheIndian.com. </TD> <TD WIDTH="10"> </TD> <TD> <span id="hide">url<input type="text" name="URL" value=""></span> <INPUT type="text" name="from_name" value="Your Name" size="45" onClick="select_all_name('say_hi');"><BR> <INPUT TYPE="text" name="from_email" size="45" value="Your Email Address" onClick="select_all_email('say_hi');"><BR> <INPUT TYPE="text" name="subject" size="45" value="Message Subject" onClick="select_all_subject('say_hi');"><BR> <BR> <TEXTAREA ROWS="7" COLS="35" NAME="message" onClick="select_all_message('say_hi');">Your message will be emailed to us and posted online.</TEXTAREA><BR><div style="visibility:hidden; display:none;"> <label>What is 2+3? <input type="text" name="website"></label> </div> <div style="visibility:hidden"> <input name="email2" type="text" size="45" id="email2" /> </div> <BR> <?php require_once('recaptchalib.php'); $publickey = "6LfbWgIAAAAAAFAT36h0ya9E2GxrcMXyWd55faa-"; // you got this from the signup page echo recaptcha_get_html($publickey); ?> <BR> <INPUT type="submit" name="send" value=" Send >> "> </TD> </TR> </TABLE> <?php // Now work out how many messages will $sql_string = "SELECT * FROM contact ORDER BY message_id DESC"; // end of the sql statement $searchResults = mysql_query ($sql_string); $no_of_messages = mysql_num_rows($searchResults); if ($no_of_messages >= ($start_at_message_number - 1 + $number_of_messages_to_show_per_page)){ $last_message_on_this_page = $number_of_messages_to_show_per_page + $start_at_message_number -1; } else { // if there aren't enough mesages to gill up this page $last_message_on_this_page = $no_of_messages; } // Now are they viewing the most recent messages, (ie start_at_message_number = 0)? // how many will be shown on this page? $number_on_this_page = min($number_of_messages_to_show_per_page,$no_of_messages); if ($start_at_message_number == 1){ echo("<H2>Latest ".$number_on_this_page." of ".$no_of_messages." messages:</H2>"); } else { echo("<H2>Showing older messages " . $start_at_message_number . " - " . $last_message_on_this_page . " of ".$no_of_messages.":</H2>"); } ?> </FORM> <?php $messages_skipped_over = 0; $messages_shown_sofar = 0; while( $Mesage_items = mysql_fetch_array($searchResults) AND $messages_shown_sofar < $number_of_messages_to_show_per_page) { //now need to skip through messages until we get to the $start_at_message_number $messages_skipped_over = $messages_skipped_over + 1; if ($messages_skipped_over < $start_at_message_number) continue; $messages_shown_sofar = $messages_shown_sofar + 1; // convert news date to frieldy version $date_return = mysql_query ("SELECT DATE_FORMAT('".$Mesage_items["date"]."', '%D %b %y')"); $row = mysql_fetch_array($date_return); $Happy_Date = $row[0]; //do we have a name from them or shallw e just write 'anon'? if ($Mesage_items["from_name"] == NULL OR $Mesage_items["from_name"] == ""){ $their_name = "Anonymous"; } else { $their_name = $Mesage_items["from_name"]; } echo("<TABLE BORDER=\"0\" CELLSPACING=\"0\"><TR><TD VALIGN=\"TOP\" WIDTH=\"40\" ALIGN=\"left\"><IMG SRC=\"images/letter.jpg\" ALIGN=\"left\"></TD><TD>"); echo("<H3>" . $Mesage_items["subject"] . " <FONT SIZE=\"2\">(". $their_name ." - ". $Happy_Date .")"); if ( $Mesage_items["about_news_id"] > 0){ // if this was a comment from a news item get the details of it $sql_string = "SELECT * FROM news WHERE news_id='" . $Mesage_items["about_news_id"] . "'"; // end of the sql statement $NewssearchResults = mysql_query ($sql_string); $News_item = mysql_fetch_array($NewssearchResults); echo(" - Re: News item '<A TARGET=\"NEW\" HREF=\"news_detail.php?news_id=".$Mesage_items["about_news_id"]."\">".$News_item["title"]."</A>'"); } echo("</FONT></H3>"); echo("<P>". str_replace("\n","\n<br>",$Mesage_items["message"] ) . "</P>"); // have we replied yet? if( $Mesage_items["replied"] == 1){ // yes we have // get the reply date happy version $date_return = mysql_query ("SELECT DATE_FORMAT('".$Mesage_items["reply_date"]."', '%D %b %y')"); $row = mysql_fetch_array($date_return); $Happy_Reply_Date = $row[0]; echo("<TABLE BORDER=\"0\"><TR><TD WIDTH=\"20\"></TD><TD ALIGN=\"left\">"); echo("<H3><FONT COLOR=\"#cd4040\">" . $Mesage_items["reply_from"] . "'s Reply</FONT><FONT COLOR=\"#cd4040\" SIZE=\"2\"> (". $Happy_Reply_Date .")</FONT></H3>"); echo("<P><FONT COLOR=\"#cd4040\">". str_replace("\n","\n<br>",$Mesage_items["reply_message"] ) . "</FONT></P>"); echo("</TD></TR></TABLE>"); } echo("</TD></TR></TABLE>"); echo("<HR COLOR=\"#ececec\">"); } // Do we need to show them a button saying next / previous messages? ?> <TABLE BORDER="0" CELLPADDING="10" CELLSPACING="10" WIDTH="100%"> <TR> <TD ALIGN="left"> <?php // Only show the 'newer messages' button if there are newer messages if ($start_at_message_number > 1){ ?> <FORM ACTION="<?php echo($PHP_SELF);?>" METHOD=POST> <INPUT TYPE="hidden" VALUE="<?php echo($start_at_message_number - $number_of_messages_to_show_per_page); ?>" NAME="start_at_message_number"> <INPUT TYPE="submit" VALUE="<< Newer Messages" NAME="btn_more_recent"> </FORM> <?php } ?> </TD> <TD ALIGN="right"> <?php // Only show the 'earlier messages' button if there are more messages to show if ($no_of_messages > $last_message_on_this_page){ // how many will be shown on next page? $number_left_for_next_page = min($number_of_messages_to_show_per_page,($no_of_messages - $last_message_on_this_page)); ?> <FORM ACTION="<?php echo($PHP_SELF);?>" METHOD=POST> <INPUT TYPE="hidden" VALUE="<?php echo($last_message_on_this_page + 1); ?>" NAME="start_at_message_number"> <INPUT TYPE="submit" VALUE="Older Messages >>" NAME="btn_older"> </FORM> <?php } ?> </TD> </TR> </TABLE> <?php ?> here is the form processing code... . <meta name="robots" content="noindex, nofollow" /> <?php require_once('recaptchalib.php'); $privatekey = "6LfbWgIAAAAAAKFeilnMoHd2ClFE5pAnuuwaxJ4U"; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { die ("The validation letters were not entered correctly. Please hit the '<B>Back</B>' button on your web browser and <B>Try Again</B>.<BR><BR>Thanks." . "(reCAPTCHA said: " . $resp->error . ")"); } ?> <?php $this_page = "sayhi"; // Change this for each page (either: news, about, expeditions, services, speaking, photography, filming, exfac, sponsors) ?> <?php include("header_above_title.php"); ?> <TITLE>Indian Ocean Rowing Race 2009 - Clark Carter and Ryan Storey: Write News Comment</TITLE> <?php include("header_below_title.php"); ?> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" WIDTH="100%"> <TR> <TD VALIGN="top"> <BR> <H2>Thanks for your message!</H2> <IMG HSPACE="10" SRC="images/contact.jpg" ALIGN="left"> <?php $SpamErrorMessage = "No website URLs are permitted in the forms content area. Please click the back button on your web browser and try again, thank you"; //if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();} if (preg_match("/http/i", "$message")) {echo "$SpamErrorMessage"; exit();} /* If e-mail is not valid show error message */ if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) /* If URL is not valid set $website to empty */ if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website)) { $website = ''; } function process ($validate = true) { # form submission if ((! $validate) || $this->validate()) { # Edit user input - go back to original form with fields filled in if ($_POST['confirmedit'] == "Edit") { $this->display(); # Show user input - confirm that the user entered what they meant to enter } elseif ($_POST['submit']) { $this->addConfirmMsg("Please click \"Confirm\" to complete the submission. To make changes, click \"Edit.\""); $this->removeElement('submit'); $buttons[] = &HTML_QuickForm::createElement('submit', null, 'Confirm', array("style"=>"width: 85px;")); $buttons[] = &HTML_QuickForm::createElement('submit', null, 'Edit', array("style"=>"width: 85px;")); $this->addGroup($buttons, 'confirmedit', null, ' '); $this->displayPreview(); # Submission confirmed - write to DB (,send emails), show status msg } elseif ($_POST['confirmedit'] == "Confirm") { //Submission confirmed. Write to DB or send emails etc // ... } } } # Function: previewSubmission() # Displays user input for confirmation (user input saved in hidden fields) function displayPreview() { $this->freeze(); $this->display(); } ?> <?php $ip_address = GetHostByName($REMOTE_ADDR); // First check that the message doesn't seem to be offensive $offensive_words = array("fuck","asshole","dickhead","penis","dick","sex","xxx","porn","pornstar","nude","naked","lesbian","viagra","pussy","tits","porn","gambling","pharmacy","casino","cunt","sluts","sdzoux","auto insurance","replica","furniture","debit","groups.google","credit","href","cigarettes","escorts","buy-used-car","http","florida","bqgoef","louis","vuitton","zxpcuk","nursing","http"); $is_offensive = 0; // assume innocent until proven guilty for ($i = 0; $i < sizeof($offensive_words); $i++) { if ((strpos( $message . $from_name, $offensive_words[$i]) != FALSE)){ $is_offensive = 1; // if it matches any bad words //echo("Failed on [" . $offensive_words[$i] . "]\n"); } } // Now also check that it's not a blank comment or that they left it as 'Your Comment' by 'Your Name' // if so, we may as well call it offensive and delete it (unless they left their name out, inwhich case write anonymous) if (($message == "Your message will be emailed to us and posted online.") OR ($message == "") OR ($message == NULL)){ // ok so they didn't write in the body of the message, but is there atleast maybe a subject? if (($subject == "Message Subject") OR ($subject == "") OR ($subject == NULL)) $is_offensive = 1; // noppe, nothing usefull at all } if ($from_name == "Your Name"){ $from_name = NULL; } if ($from_email == "Your Email Address"){ $from_email = NULL; } if ($is_offensive == 0) { // if it's not offensice // SAVE THEIR Message // Need to generate a new comment_id $ContactResults = mysql_query ("SELECT max(message_id) FROM contact"); if (!$ContactResults ) { echo("Error finding max contact_id"); include("footer.php"); exit(); } $message_id = null; $row = mysql_fetch_array($ContactResults); $message_id = $row[0]; $message_id += 1; $email2 = stripslashes($_POST["email2"]); if (!empty($email2)) { header("location: pretend_that_email_sent.php"); exit(); } // Now to save the comment $sql_string = "INSERT INTO contact SET message_id='$message_id', from_name='$from_name', message='$message', ip_address='$ip_address', subject='$subject', from_email='$from_email', date=NOW()"; // end of the sql statement if (!mysql_query($sql_string)) { echo("There was an error saving your message. Please try again."); } // Ok so now email the message out to us $email_subject = 'New message from RowTheIndian.com'; $email_to = "team@RowTheIndian.com"; $composed_body = "G'day Chaps,\n\n[" . $from_name . "] email addr [". $from_email ."] has just written you a message from the www.RowTheIndian.com site:\n\n-----------------------------\n\nSUBJECT = " . $subject . "\n\n" . $message . "\n\n-----------------------------\n\n$ip=@$REMOTE_ADDR;\nTO REPLY to this message, visit www.RowTheIndian.com/reply_to_message.php?message_id=". $message_id ."\n\nTO DELETE this message, click this link: www.RowTheIndian.com/auto_delete_comment.php?message_id=".$message_id ; $from = "From: No Reply - Row The Indian <team@RowTheIndian.com>"; mail($email_to, $email_subject, $composed_body , $from); // send the email // All done } // end if for not offensive // Was it offensive or has it been sent ok? if ($is_offensive) { ?> <BR><P><B>But...</B> it seems that you either didn't type in your message properly, or that it contained one or more blacklisted words. Please hit the '<B>Back</B>' button on your web browser and check what you wrote and <B>Try Again</B>.<BR><BR>Thanks.</P> <?php } else { // it was ok and was sent ?> <BR><P>Your comment has been emailed to us, and a copy put online <A HREF="sayhi.php">here</A>.<BR> <BR><P>Our reply to your message will also be posted online at the same place <A HREF="sayhi.php">here</A>, underneath your message. <?php if($from_email == NULL OR $from_email == ""){ echo("As you didn't enter your email address, no notification of our reply can be sent, so you'll just have to keep coming back to see!</P>"); } else { echo("A notification email letting you know when we reply will automatically be emailed to you.</P>"); } ?> <BR>Thanks!</P> <?php } ?> </TD> <TD WIDTH="25"></TD> <TD WIDTH="240" VALIGN="top" ALIGN="left"> <BR> </TD> </TR> </TABLE> <?php include("footer.php"); ?> Here is the .htaccess file... (the http refferer ones are the main ones spamming us - especially google.groups) RewriteEngine on RewriteBase / RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|DA$|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pockey|Proxy|psbot|PSurf|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Zeus.*Webster|Zeus [NC] RewriteRule ^.* - [F,L] RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} google\.groups\.com [NC,OR] RewriteCond %{HTTP_REFERER} groups\.google\.jp [NC,OR] RewriteCond %{HTTP_REFERER} yourfreehosting\.net [NC,OR] RewriteCond %{HTTP_REFERER} justfree\.com [NC,OR] RewriteCond %{HTTP_REFERER} yoyohost\.com [NC,OR] RewriteCond %{HTTP_REFERER} (mortgage) [NC,OR] RewriteCond %{HTTP_REFERER} (nursing) [NC,OR] RewriteCond %{HTTP_REFERER} (insurance) [NC,OR] RewriteCond %{HTTP_REFERER} (imitation) [NC,OR] RewriteCond %{HTTP_REFERER} volny\.cz/popec/utubeporn [NC,OR] RewriteCond %{HTTP_REFERER} nursing\.com RewriteRule .* - [F] Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594564 Share on other sites More sharing options...
JasonLewis Posted July 20, 2008 Share Posted July 20, 2008 Well you could have it not post anything that has the blacklisted words in it. Or anything related. If it contains the word, the comment is not posted. How about making people register then? Oh and please wrap that code in [ code ] [ / code ] tags, minus the spaces of course. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594567 Share on other sites More sharing options...
tigra Posted July 20, 2008 Author Share Posted July 20, 2008 Yes when a blacklisted word is used it shows an error message already, and says to go back and try again. Making people register is another option, but we really didn't want to add another step, or people may not post at all. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594576 Share on other sites More sharing options...
MadTechie Posted July 20, 2008 Share Posted July 20, 2008 How about making people register then? Oh and please wrap that code in [ code ] [ / code ] tags, minus the spaces of course. And use email activation, they spam you ban, they get another email precess repeats.. worst case.. every post will say in a queue until an mod can verifiy it. registration with email activation, IP loggin and captcaha, word filtering, normally stops 95% (depending on the site) Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594577 Share on other sites More sharing options...
unkwntech Posted July 20, 2008 Share Posted July 20, 2008 If they are not providing and IP I would do somthing like this: if(strlen($ip) < 12) { //No IP or not valid } Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594724 Share on other sites More sharing options...
JasonLewis Posted July 20, 2008 Share Posted July 20, 2008 Yes when a blacklisted word is used it shows an error message already, and says to go back and try again. Making people register is another option, but we really didn't want to add another step, or people may not post at all. Okay. You'd be surprised by people registering. Most people if required to register to post would. I know for one that I do if I am required to post. Just make it worth there while. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594744 Share on other sites More sharing options...
shedokan Posted July 20, 2008 Share Posted July 20, 2008 put a captcha, check ip and in the processing form check where the form was submitted from. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-594831 Share on other sites More sharing options...
tigra Posted July 21, 2008 Author Share Posted July 21, 2008 Hi, yes i already have a captcha in place, and a check for ip but it doesnt save the ip from spammer comments, only real human comments - which is rather strange - this makes me think that they aren't using the form to post comments. How do i go about adding code to check where the form was submitted from? I'd love to be able to find out who these spammers are so i can report them. Also, does anyone know how i can do a check to see if they are posting directly to the db - sql injection etc? Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-595177 Share on other sites More sharing options...
JasonLewis Posted July 21, 2008 Share Posted July 21, 2008 Check the referrer to see, then make sure that it is from the form's page. If it isn't, then don't post the form. Quote Link to comment https://forums.phpfreaks.com/topic/115649-spam-problems-on-our-comments-form-please-help/#findComment-595267 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.