tmyonline Posted August 21, 2007 Share Posted August 21, 2007 Dear all: I created a guestbook for my charity in order to get people's feedback. Unfortunately, since the day I launched it, someone kept coming back to our guestbook and entered nasty materials for the purpose of advertisement of sexual services. No matter how many times I deleted such nasty comments, I kept getting different messages each time but the idea and purpose are the same. I'm wondering if my guestbook URL has been used for automatic submission of such ads. I was thinking about changing my guestbook URL but I'm not sure if this helps. Any suggestions? Thanks. Quote Link to comment Share on other sites More sharing options...
lemmin Posted August 21, 2007 Share Posted August 21, 2007 Does it submit using GET? If so, it is very easy to autimate the process from an outside source. You can check the "HTTP_REFERER" variable to see where the page was directed from. Quote Link to comment Share on other sites More sharing options...
thefollower Posted August 21, 2007 Share Posted August 21, 2007 if the inputed data is stored on your database and you are using $POST form you could get their ip address then do : IF "this ip" then exit in logical terms.. to get their ip i believe you use : $ip = $_SERVER["REMOTE_ADDR"]; then do a check on your table for that ip on any inputted text get the row and auto delete that text with the ip. Though more logical to "hide" cos some people have same ip so you might delete a valid shout & block the ip as mentioned above can be a possibility. Also just to add you could add a method that all shout outs have to be verified by staff before showing up on the page. this would stop people seeing the adverts in the first place. Quote Link to comment Share on other sites More sharing options...
dbo Posted August 22, 2007 Share Posted August 22, 2007 While there is a lot of filtering/input validation you could do it might not hurt to have an extra step where you "validate" a post. Like uh... give it your seal of approval before it actually gets posted. Quote Link to comment Share on other sites More sharing options...
Hypnos Posted August 22, 2007 Share Posted August 22, 2007 Bots have gotten smart enough to look for textarea form fields, and try submitting spam to them. So now, even on software you write, you susceptible to comment spam. The best thing you can do is just put a "Are you human?" style question on the form. If you try to use a CAPTCHA library someone else wrote, your site's protection will fall once the CAPTCHA library has been circumvented (which they seem to be at an alarming rate). Not to mention it's much more annoying than a simple text question. Quote Link to comment Share on other sites More sharing options...
Canadiengland Posted August 22, 2007 Share Posted August 22, 2007 use a random number to pick an image verification picture that they have to click on? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.