Jump to content

Guestbook is being attacked


m2e

Recommended Posts

Hi there,

I have a very simple guestbook on my website :
[a href=\"http://www.ment2excel.com/guestbook/guestbook-view.php\" target=\"_blank\"]http://www.ment2excel.com/guestbook/guestbook-view.php[/a]

Today it seems it has been attacked by some random messages. This is not the first time this has happend, but it has never been to this extent.

Is there anything that can be done to stop this? Is it a problem with my code, allowing this to happen?

Thanks,
Russell
Link to comment
Share on other sites

[!--quoteo(post=360353:date=Mar 31 2006, 02:39 PM:name=m2e)--][div class=\'quotetop\']QUOTE(m2e @ Mar 31 2006, 02:39 PM) [snapback]360353[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Hi there,

I have a very simple guestbook on my website :
[a href=\"http://www.ment2excel.com/guestbook/guestbook-view.php\" target=\"_blank\"]http://www.ment2excel.com/guestbook/guestbook-view.php[/a]

Today it seems it has been attacked by some random messages. This is not the first time this has happend, but it has never been to this extent.

Is there anything that can be done to stop this? Is it a problem with my code, allowing this to happen?

Thanks,
Russell
[/quote]

hi Russell
If your code's not too big, can you post it?
Cheers
Mark

you allow HTML tags, which is not necessarily wise.

unless that's the way you want it, use strip_tags to get rid of <A> links, etc (ie, any HTML)

[code]
$content = strip_tags($content);
[/code]

you can specify to leave certain tags and strip the rest. check [a href=\"http://www.php.net/strip_tags\" target=\"_blank\"]http://www.php.net/strip_tags[/a] for info.

Cheers
Mark
Link to comment
Share on other sites

If your questnook is being attacked then its down poor validation /coding when someone posts a message. Never trust what a user submits always validate user input. By not allowing them to post HTML/Javascript as this is why your guestbook is being attacked.

If you want HTML to be posted but only a certain HTML tags uses strup_tags with the secound flag like so:
strip_tags($_POST['message'], "<b><u><i><p>");

strip_tags will now strip all html tags accept <b>, <u>, <i> and <p>!

If you implement that it wont make your script bullet proof but it can help prevent spammers adding links/javascript etc.
Link to comment
Share on other sites

You could also try adding image verification to the script where the user has to put in a string of letters and numbers before being able to send the form.

[a href=\"http://www.devpapers.com/article/149\" target=\"_blank\"]http://www.devpapers.com/article/149[/a] is an easy to follow article
Link to comment
Share on other sites

[!--quoteo(post=360437:date=Mar 31 2006, 07:30 PM:name=sford999)--][div class=\'quotetop\']QUOTE(sford999 @ Mar 31 2006, 07:30 PM) [snapback]360437[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You could also try adding image verification to the script where the user has to put in a string of letters and numbers before being able to send the form.

[a href=\"http://www.devpapers.com/article/149\" target=\"_blank\"]http://www.devpapers.com/article/149[/a] is an easy to follow article
[/quote]

that is a good idea, and very good for stopping bots, but it wouldnt stop me just bombarding the guestbook with several hundred/thousand (or as many as i could be bothered) spams. try some/all of these:

1, strip tags as i mentioned above.

2, create a function that checks for certain words (drug, penis, etc etc. you know the ones)

3, why publish them straight away? have some form of moderation first so that a post does not appear on your page immediately.

4, flood control. stop users/bots posting anything within a certain amount of time. in fact, as it's a guess book and not a forum, why would someone want to post more than once anyway? maybe even restrict it to one a day.

5, you say it was attacked earlier today. going by the time you posted this topic (2.39PM according to what i see) and the time it is now (19:42PM here), they're still there. all of them. even if you don't follow any of steps 1-4 above, isn't there something you can do MANUALLY at least, rather than leave it there to look bad and encourage others to test spamming out?

hope that helps
cheers
Link to comment
Share on other sites

Thanks - theres a lot there that I can do - I think the most poignant thing for me, was not allowing the posts to appear automatically.

I did actually clear them out - but no sooner had I cleared it.......

Thanks for all your help..

Regards,
Russell
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.