Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts

    [Security]How to avoid spambots

    Hello all,

    I've a big problem.
    I have a public guestbook.
    And some spambots can leave posts in my guestbook.
    I don't know how they do it.
    Does anyone know how to avoid spambots (a non CAPCHA way)?

    PHP Code:
    <?php
    //part of the guestbook script
    $strip_tags strip_tags$_POST['content'] );

    if( !
    preg_match('/http:\/\/(localhost)|' '(www\.trefnology\.nl)/i',$_SERVER['HTTP_REFERER']) )
    {
        die(
    "Wegens veiligheidsredenen kun je niet het gastenboek bekijken zonder dat je al op een pagina bent geweest van Trefnology.");
    }
    else
    {
        if ( isset( 
    $_SESSION["guestbook"] ) || $_SESSION["guestbook"] )
        {
            if( isset( 
    $_POST['submit'] ) )
            {
                if( !empty( 
    $_POST['hidden'] ) )
                {
                    die();
                }
                else
                {
                    if (
    trim(empty($_POST['name'])) || trim(empty($_POST['content']))) 
                    {
                        
    $error "<br /><strong>Je dient je naam en bericht op te geven om een bericht te plaatsen.</strong>";
                    }
                        if( 
    $strip_tags != $_POST['content'] )
                        {
                            die(
    "Het is verboden om HTML tags te gebruiken in het gastenboek. Ga terug naar het gastenboek om het opnieuw te proberen.");
                        }
                        else
                        {
                            
    $commentInsert " INSERT INTO
                                            $guestbooktable
                                            (
                                                name,
                                                email,
                                                website,
                                                content,
                                                ip,
                                                host
                                            )
                                            VALUES
                                            (
                                                '" 
    mysql_real_escape_string($_POST['name']) . "',
                                                '" 
    mysql_real_escape_string($_POST['email']) . "',
                                                '" 
    mysql_real_escape_string($_POST['website']) . "',
                                                '" 
    mysql_real_escape_string($_POST['content']) . "',
                                                '" 
    mysql_real_escape_string($_POST['ip']) . "',
                                                '" 
    mysql_real_escape_string($_POST['host']) . "'
                                             )"
    ;
                            
    $result mysql_query($commentInsert) or die (mysql_error());
                            
    header("Location: guestbook.php");
                        }
                }
            }
        }
        else
        {
            die();
        }
    }
    ?>
    How can the spammers breakthrough my security?
    Is my script above not right, tell me.
    Thanks for your help.

    Edit: Attached a screenshot from PHPmyadmin and a part of the log file from apache.


    Log:
    Code:
    81.177.22.198 - - [07/Aug/2007:20:34:42 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 121 "http://www.valdosta.edu/~tthompson/syllabi/sys.php?amateur.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
    81.177.22.198 - - [07/Aug/2007:20:34:42 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 121 "http://www.valdosta.edu/~tthompson/syllabi/sys.php?amateur.html" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
    81.177.22.198 - - [07/Aug/2007:20:34:43 +0200] "GET / HTTP/1.0" 200 10025 "http://www.trefnology.nl/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
    81.177.22.198 - - [07/Aug/2007:20:34:43 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5288 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
    81.177.22.198 - - [07/Aug/2007:20:34:45 +0200] "POST /guestbook.php?page=6 HTTP/1.0" 302 5288 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
    81.177.22.198 - - [07/Aug/2007:20:34:45 +0200] "GET / HTTP/1.0" 200 10025 "http://www.trefnology.nl/" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
    81.177.22.198 - - [07/Aug/2007:20:34:46 +0200] "GET /guestbook.php HTTP/1.0" 200 7973 "http://www.trefnology.nl/guestbook.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
    81.177.22.198 - - [07/Aug/2007:20:34:46 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5561 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
    81.177.22.198 - - [07/Aug/2007:20:34:46 +0200] "POST /guestbook.php?page=6 HTTP/1.0" 302 5561 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
    81.177.22.198 - - [07/Aug/2007:20:34:46 +0200] "GET /guestbook.php HTTP/1.0" 200 10558 "http://www.trefnology.nl/guestbook.php" "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"
    81.177.23.136 - - [07/Aug/2007:20:50:15 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 121 "http://www.valdosta.edu/~tthompson/syllabi/sys.php?teen.html" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:50:15 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 121 "http://www.valdosta.edu/~tthompson/syllabi/sys.php?teen.html" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:50:15 +0200] "GET / HTTP/1.0" 200 10025 "http://www.trefnology.nl/" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:50:15 +0200] "GET / HTTP/1.0" 200 10025 "http://www.trefnology.nl/" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:50:55 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:50:55 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:51:35 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5449 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:51:35 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5449 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:51:35 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:51:35 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:51:36 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:51:36 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:52:16 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:52:16 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:52:16 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:52:16 +0200] "GET /index.php HTTP/1.0" 200 10025 "http://www.trefnology.nl/index.php" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    81.177.23.136 - - [07/Aug/2007:20:52:55 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5449 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)"
    81.177.23.136 - - [07/Aug/2007:20:52:55 +0200] "GET /guestbook.php?page=6 HTTP/1.0" 200 5449 "http://www.trefnology.nl/guestbook.php?page=6" "Mozilla/5.0 (Windows; U; Win95; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0"
    PHP Code:
    <form method="post" action="<?=htmlentities($_SERVER['REQUEST_URI'])?>" onsubmit="return checkform(this);"> 
                            <label for="name">Naam:</label>
                            <input type="text" name="name" id="name" /><br />
                            <label for="email">Email:</label>
                            <input type="text" name="email" id="email" /><br />
                            <label for="website">Website:</label>
                            <input type="text" name="website" id="website" /><br />
                            <label for="comment">Bericht:</label>
                            <textarea name="content" id="comment"></textarea><br />
                            <input type="hidden" value="<?=$_SERVER['REMOTE_ADDR'];?>" name="ip" />
                            <input type="hidden" value="<?=gethostbyaddr($_SERVER['REMOTE_ADDR']);?>" name="host" />
                            <input type="text" name="hidden" id="hidden_field"/>
                            <input type="submit" name="submit" value="Plaats reactie" class="button" />
                        </form>
    Edit: I've added the new PHP code for the guestbook, which includes Len Whistler way.
    Attached Thumbnails Attached Thumbnails [Security]How to avoid spambots-phpmyadmin.jpg  
    Last edited by Masterslave; 08-11-2007 at 10:18 AM.

  • #2
    Senior Coder Len Whistler's Avatar
    Join Date
    Jul 2002
    Location
    Vancouver, BC Canada
    Posts
    1,323
    Thanks
    26
    Thanked 100 Times in 100 Posts
    Does anyone know how to avoid spambots (a non CAPCHA way)?

    You could create an extra form text field which is hidden from the user, if that field has value when submitted then the entire form is rejected. A spambot might fill it out while a user wont since they can't see it.

    OR

    One of the fields could require the answer to a simple math problem.
    Leonard Whistler

  • #3
    New Coder
    Join Date
    Aug 2007
    Location
    Wagga, Australia
    Posts
    59
    Thanks
    0
    Thanked 1 Time in 1 Post
    you could check for what type of browser the user is using, you will need the browscap.ini for php to do this, it has a fairly up 2 date list of spambots, check for their browser and if it comes back false or as one of the spam bots then don't upload the information.

    Len Whistler's suggestion is a good one as well

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by usik View Post
    you could check for what type of browser the user is using, you will need the browscap.ini for php to do this, it has a fairly up 2 date list of spambots, check for their browser and if it comes back false or as one of the spam bots then don't upload the information.

    Len Whistler's suggestion is a good one as well
    That's not a great solution by itself because the user agent is set by the user, and it can be changed fairly easily. If you used this in combination with another method it would help, though.

  • #5
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks for the replies so far.
    I'll do the way Len Whistler said.
    I've post above the new code.
    Last edited by Masterslave; 08-11-2007 at 10:19 AM.

  • #6
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I have a spammessage recieved moments ago.

    Code:
    71.202.35.104 - - [12/Aug/2007:12:36:45 +0200] "GET /guestbook.php?page= HTTP/1.0" 200 3576 "http://www.trefnology.nl/guestbook.php?page=" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2"
    71.202.35.104 - - [12/Aug/2007:12:37:01 +0200] "POST /guestbook.php?page= HTTP/1.0" 302 3576 "http://www.trefnology.nl/guestbook.php?page=" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2"
    71.202.35.104 - - [12/Aug/2007:12:37:14 +0200] "GET /guestbook.php HTTP/1.0" 200 6542 "http://www.trefnology.nl/guestbook.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2"
    How can he post a message after I've pumped up the security?
    Somebody?

    Maybe change
    PHP Code:
    if( !empty( $_POST['hidden'] ) )
    {
      die();

    into:
    PHP Code:
    if( !empty( trim$_POST['hidden'] ) ) )
    {
      die();

    ???
    Attached Thumbnails Attached Thumbnails [Security]How to avoid spambots-pma.jpg  
    Last edited by Masterslave; 08-12-2007 at 11:50 AM.

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,464
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    Another idea ...

    Put a fake form above your real form and comment it out:

    <!--
    <form method='post' action='process.php'>
    Name: <input type='text' name='name' value=''><br>
    Email: <input type='text' name='email' value=''><br>
    <input type='submit' name='submit' value='Submit'>
    </form>
    -->

    Then, create a real PHP script called "process.php" that
    does nothing except return to a thankyou page.

    The Spambots see the form even though it's commented-out.
    It processes that form and does not look for any more forms.
    For some reason, the programmers are too lazy to make the robots
    come back to your site and look for more forms ... so the fake form
    gets processed and the real form is left untouched.

    I've used this method and have never had spammer problems.

  • Users who have thanked mlseim for this post:

    Masterslave (08-27-2007)

  • #8
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Ok mlseim, thanks for your reply.
    I'll give it a try later this day.

  • #9
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    This seems like a lot to go through to avoid using a CAPTCHA. What is wrong with requiring the simple math problem?

  • #10
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    There's nothting wrong with that but if you look the code in my startpost, the 'invisible' input field method seems to be not working, so I think the math method will not work either (I guess...).

    I haven't try the extra form method yet that mlseim told.

  • #11
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by Masterslave View Post
    There's nothting wrong with that but if you look the code in my startpost, the 'invisible' input field method seems to be not working, so I think the math method will not work either (I guess...).

    I haven't try the extra form method yet that mlseim told.
    I'm guessing that the field is ignored either because the spambot realizes it's hidden, or is set to only fill out certain fields. You could try making the field normally and hiding it with css. The math method should work. If the field is empty you ignore the post.

  • #12
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    I'm guessing that the field is ignored either because the spambot realizes it's hidden, or is set to only fill out certain fields. You could try making the field normally and hiding it with css. The math method should work. If the field is empty you ignore the post.
    That field is visible but, indeed I did, hide it with CSS display: none

  • #13
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Sorry for my late reaction, I was on a little vacation in Germany. I've inserted the form which is commented in html (don't know how you say that in proper English).
    Hope the spammers can't post anymore.

  • #14
    Regular Coder Masterslave's Avatar
    Join Date
    Dec 2005
    Posts
    287
    Thanks
    2
    Thanked 0 Times in 0 Posts
    I'vent recieved spam for almost a week, so I think it's working. Thanks mlseim!

  • #15
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,464
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    and if the spammers figure out that they need to check for more than
    one form, then you'll have to spin another plan .... that's part of the game.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •