anti-spam checks form $comments

[zoob]

I haven't done this in years and am trying to write my own anti-spam script.

It checks the posted $comments for spam keywords before using the mail() function.

 

Am I close?

 

$spam = array("viagra", "cialis", "sex");
      if($comments=="$spam")
     {
      exit;
      }

      else {
          $mail_fn=mail($myemail,$subject,$message_n,$headers);
      }

 

 

[Jacques1]

Am I close?

 

No. The mail() function by itself is the biggest spam risk of all, because virtually no PHP programmer is able to use it correctly. Replace it with a high-level library like PHPMailer.

 

Checking for a bunch of keywords is also a bit naive. You can give it a try, but spammers today aren't stupid. They understand that fishy keywords are the first thing everybody looks for, so they avoid or obfuscate them. Chances are you need more than that:

• A common first line of defense is a CAPTCHA like Google's reCAPTCHA.
• There are also extensive spam blacklists like Spamhaus, Stop Forum Spam or Project Honey Pot. Note, however, that there can be false positives, so don't just reject the submission.
• E-Mail spam filters have become fairly sophisticated and often use effective statistical approaches like Bayesian filtering. Use those instead of trying to reinvent the wheel.

[zoob]

I've just a few punks coming by and posting in my form. I'm a minimalist. I appreciate that link but it's like using a sledgehammer to kill a fly IMO.

[Jacques1]

This is a 5-minutes job and standard procedure even on the cheapest personal home pages.

 

I'm actually surprised that those home-made bad-words checks are still a thing. I thought they died in the 90s.

 

Either way, if you're going to keep the mail() stuff, then you might as well surrender. This is like putting up a sign that says “I've left the front door open, plz don't break in”.

Edited July 23, 2017 by Jacques1

[zoob]

Well, I'd still like help with my coding. If it doesn't work out, I'll take another look at the PHPMailer.

Someone gave me this but it's not working...

$spam = array("viagra", "cialis", "sex");
$spamfree=true;

for($i=0; $i<count($spam); $i++){if(strstr(strtolower($comments),strtolower($spam[i]))){$spamfree=false;}}
      if(!$spamfree)

     {

      echo "Don't spam";

      }


      else {

          $mail_fn=mail($myemail,$subject,$message_n,$headers);

      }  

[Jacques1]

As I already explained to you, I'm not interested in kindergarten code. Come back when you're desparate enough to switch to real programming.

 

Right now, you ask a lot of questions, but you clearly don't listen to answers.

Edited July 24, 2017 by Jacques1

[zoob]

Little help?

[cyberRobot]

Jacques1's suggestions are worth looking into.

 

If you're adamant about creating your own blocker...you could start with the following:

<?php
$spam = array("viagra", "cialis", "sex");  //make sure these are always lower case
if(in_array(strtolower($comments), $spam)) {
    echo "Don't spam";
} else {
    echo "Less likely to be spam";
}
?>

[Psycho]

 

Jacques1's suggestions are worth looking into.

 

If you're adamant about creating your own blocker...you could start with the following:

<?php
$spam = array("viagra", "cialis", "sex");  //make sure these are always lower case
if(in_array(strtolower($comments), $spam)) {
    echo "Don't spam";
} else {
    echo "Less likely to be spam";
}
?>

 

That would not work. The first parameter is the needle, which is to be searched in the haystack array. That function only returns true if the entire needle is found within one of the array values of the haystack. I.e. the needle must exactly match one of the values in the array. Assuming $comments is more than just a single word, the value would never exist in the $spam array. You need to instead check if the spam words exist in $comments. For this you would want to use stristr()  [case insensitive] with $comments as the haystack and each word in the $spam array as the needle.

//Array of spam words (case not important)
$spamWords = array("viagra", "cialis", "sex");
 
$isSpam = false; //Boolean flag
//Loop through each spam word
foreach($spamWords as $word)
{
    //If spam word is found in comments (case insensitive)
    if(stristr($comments, $word))
    {
        //Spam word found, set Boolean and exit loop
        $isSpam = true; break;
    }
}
 
if($isSpam) {
    echo "Contains spam words";
} else {
    echo "Does not contain spam words";
}

But, Jacques1 is right that this is not the "right" solution. Spammers will simply modify the words to bypass your simple word check: e.g. Vlagra (lower case "L" for the "i"), ci@lis, etc. Plus, more importantly, you could have false positives and block content that should not be. E.g. "sex" is included inside other words that would not necessarily be spam: sextant, sextuplets, etc. Of course you could further build out this logic to only look for full "word" matches which would require Regex and the word boundary modifier. That requires more complicated logic (i.e. more likely to introduce defects) and it will be slower. But, that still doesn't handle words with alternative letters. So, you would have to create a better list to look for those as well. And then you would need to  . . . 

 

Or you could just find a solution that has already taken all those scenarios into account and has been used by hundreds/thousands of sites so you know any impactful bugs have already been addressed.

Edited July 24, 2017 by Psycho

[zoob]

Yes - I see what you mean.

This is the first spam I've had with this site in 12 years.

Thanks

I appreciate it.

Edited July 25, 2017 by zoob