Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help me block those pesky spammers - Method being tested - Ran into a bug

    First of all I'd like to say hello to all... [wave]

    I'm a moderate X/HTML and CSS programmer but I have little skill in the art of javascript and other languages etc... but I need help stopping spammers playing in my guestbook (Advanced Guestbook 2.3.3), so I thought I'd ask you guys for some guideance.

    The majority of visitors to my site go directly to my guestbook 'addentry.php' so I thought... if I add some code in my .htaccess file to deny access to addentry.php if referer is null I could stop about 95% - 100% of these spammers.


    This is the sort of thing I'm looking to implement (BTW: This is not real code but an example of what im trying to acheive... if possible!!)

    IF PAGE_REQUEST = mydomain/guestbook/addentry.php
    THEN IF REFERER_URL = NULL
    DO REDIRECT = /error/403_forbidden.shtml


    I'm sure this would be valuable in keeping out pesky spammers, and less time consuming than using the 'deny from xxx.xxx.xxx.xxx'. Also, modifying my guestbook so that entries get approved first is a last resort fo me, I would rather have less maintenance.

    Anybody have any ideas?..
    Last edited by smiffy; 10-25-2005 at 08:02 PM. Reason: title update -> ran into a bug

  • #2
    Senior Coder
    Join Date
    Dec 2004
    Location
    Essex, UK
    Posts
    2,636
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry can't help you with the PHP, but I also use Advanced Guestbook - and even though I've read about the problem of spammers with it, I haven't had any (touch wood).

    How do they actually find your page?

    You could rename the addentry.php file - and all references to it - if that's what they look for, and also rename the link at the bottom saying 'Advanced Guestbook...'. With AG you can also set the maximum length of message/characters.

  • #3
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi mark87

    How do they actually find your page?
    For about 2 weeks my log files have been reporting a lot of hits (about 20 hits a day) to my addentry.php but had no referer, except one, that was refered by a google search for 'addentry.php'.

    I'm baffled how they found my guestbook but nothing was being posted, so i wasn't too concerned up until a couple of days ago when posts started. They come in the form of 'great site', 'nice layout' etc... how would they know? they only visited the addentry page!!

    I thought about renaming the page but I've read of others doing the same but the problem returned sometime later... You'd think they'd have better things to do.

    I'm sure there is a way to deny a certain page as the entry point to a website but I don't have the knowledge... just the idea. Thanks for your reply though and keep touching wood

  • #4
    Regular Coder
    Join Date
    Jul 2005
    Location
    LA, California
    Posts
    202
    Thanks
    0
    Thanked 0 Times in 0 Posts
    if you know there ip addresses, then ban them from all pages
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    There are 3 kinds of ppl those who can count and those who cant
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Script-Megafest.com Coming Oh so very soon

  • #5
    $object->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Jun 2003
    Posts
    3,088
    Thanks
    2
    Thanked 23 Times in 23 Posts
    I did a bit of Googling on your behalf and found a great solution in another forum:

    The solution is to modify a bit your guestbook so that the bots will not be able to automatically post in it. Just add something unique in the form (a hidden input field) where a guestbook entry is made. Then modify the source code of the guestbook to check if the hidden field is present before adding the entry. It shoud be very simple to implement.
    I've seen something similar to this. I didn't try looking at the code for it but I think what they did was setup a javascript alert button which had to be clicked before the desired action would take place (which of course in your case, is to post to your guestbook).
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    SNAP to it!

  • #6
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Al_90
    if you know there ip addresses, then ban them from all pages
    I have already started banning IP addresses that are leaving posts but there are hundred+ others that are directly hitting my addentry file that haven't left a message... yet! It just seems impracticable to have a list to include them all in my .htaccess file.

    edit: I have had 249 unique IP visitors/spammers to this page since 1st Oct '05

    vinyl_junkie:
    Thanks for your googling... do you have a link to the information you mentioned?
    Last edited by smiffy; 10-20-2005 at 03:38 AM.

  • #7
    $object->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Jun 2003
    Posts
    3,088
    Thanks
    2
    Thanked 23 Times in 23 Posts
    Quote Originally Posted by smiffy
    vinyl_junkie:
    Thanks for your googling... do you have a link to the information you mentioned?
    Sorry, I don't. The post in that other forum was really the only difference in that thread to what has already been discussed here. I have very limited javascript skills myself, so I'm afraid I wouldn't be much help actually setting up what I suggested.

    What you might do though is post a question in the javascript forum and ask for some help putting the code together.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    SNAP to it!

  • #8
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by vinyl-junkie
    What you might do though is post a question in the javascript forum and ask for some help putting the code together.
    I'm sure it's not allowed... Posting Guidelines (1).

    Unless a moderator could move this post for me.

  • #9
    $object->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Jun 2003
    Posts
    3,088
    Thanks
    2
    Thanked 23 Times in 23 Posts
    You might want to contact a moderator for clarification, but I don't see this as cross-posting, as long as you don't copy/paste your original question into the javascript forum. This is a related question, in my opinion, and more to do with javascript than general web building.

    The question that you should ask is "How do I tack on a javascript alert (or something similar) to my guestbook to stop at least some of the spam?" You can word that however you want. You'd probably want to give a link to this thread so that the whole solution isn't rehashed.

    If a moderator deems the above as cross-posting, I'd be interested in their reasoning.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    SNAP to it!

  • #10
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Before I post in another section I took your advice and I've just PM'ed a Moderator... Just to be safe.

  • #11
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,470
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    I'm guessing the spammers are using some automated software to hammer your guestbook.

    Try this:

    Using Javascript on your main page, set a cookie.

    Then,

    When the visitor goes to another page to write in your guestbook,
    use Javascript to check for that cookie.

    Note: Cookies can't be set and read on the same page without a
    page refresh, thus the mention of having it set on the main page, and
    the visitor going to another page to write in your guestbook.

    ------------------

    I would guess that the spammers would be blocked because the cookies are a function of the browser, and they aren't using a browser.

    I've never tried it, but it's an idea that might work.

    The only "bad thing" would be if someone has their cookies turned off.
    But, most people have them enabled.
    Last edited by mlseim; 10-20-2005 at 10:01 PM.

  • #12
    Regular Coder
    Join Date
    Oct 2005
    Location
    Arizona
    Posts
    336
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm far from a JS expert, I just know enough to be dangerous.

    But with the website that I'm building I use frames. Everypage that I have written, (but the opening mainpage) has a bit of JS that keeps anyone from accessing that page directly.

    Code:
    <script>
    //By JavaScript Kit (http://javascriptkit.com)
    //Over 400+ free scripts here!
    
    //if not in frames
    if (parent.frames.length==0)
    //CHANGE "index.htm" to the URL of your main frame page
    window.location.replace("index.htm")
    </script>
    Now if you don't like to use frames maybe you are someone with better knowledge can change this so it can read a session cookie that would be created from your home page. I think someone above suggested that.

    PhotoJoe

  • #13
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,622
    Thanks
    0
    Thanked 645 Times in 635 Posts
    Chances are that the program the spammers are using to hit the guestbook doesn't process the Javascript and therefore can access the page directly. Whatever javascript solution you implement will be completely bypassed by their program. You need to implement a server side solution to block the spammers.

    The two most common solutions I have seen implemented are to display a graphic that contains some characters that must be entered into one of the fields in order to post (and the spammers program can't read the graphic content) and to block multiple posts from the same IP address within a given time period (eg. 15 minutes).
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #14
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,470
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    OK,

    So let's take the cookie idea a step farther.

    If you set the cookie using Javascripting and then
    look for the cookie in the PHP script, that would solve
    the spammer problem, since the cookie would not be
    set to begin with (they disable Javascripting).

    That might work.

  • #15
    New Coder
    Join Date
    Oct 2005
    Location
    Leicester, England
    Posts
    35
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by mlseim
    I'm guessing the spammers are using some automated software to hammer your guestbook.
    You are right they dont look at any of my website except the addentry.php... I woul


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •