yoshida Posted December 29, 2006 Share Posted December 29, 2006 A while ago I've written my own guestbook (php), and used it for a small number of websites. I decided to create my own to be safe from spam messages. Or at least that's the plan (read: misconception). The guestbook is this one (soon to be replaced by one like this, my latest creation).A week ago I validated the website (the blue/white one) as xhtml 1.0 transitional. It can now be found with Google, but spambots can find it too! Is there any way to avoid these spam messages in the future, without making it harder for regular visitors to leave a message? (I know that's a BIG contradiction, but I hope you get my drift)Handler: //handler;$gnam=$_POST['gnam'];$gmal=$_POST['gmal'];$datum=$_POST['datum'];$gdat=$_POST['gdat'];$page=$_POST['page'];$gcon=addslashes($_POST['gcon']); if ($gnam == "" || $gcon == "") {//checks if a user actually left his name and message after the beep;echo "<div class=\"warning\">Niet alle verplichte velden zijn ingevuld.</div> <meta http-equiv=refresh content=\"1; url=index.php?pageid=gastenboek&command=write\">"; } else { $query="INSERT INTO gastenboek VALUES ('','$gnam','$gmal','$page','$datum','$gdat','$gcon')"; mysql_query($query); echo "<div class=\"warning\">Uw bericht is toegevoegd, dank u wel.</div><meta http-equiv=refresh content=\"1; url=index.php?pageid=gastenboek\">"; } Form: //form;echo "<form action=\"index.php?pageid=gastenboek&command=write\" method=\"post\">";$date=date('ymdHi');$maand_array = array("januari", "februari", "maart", "april","mei", "juni", "juli", "augustus", "september","oktober", "november", "december");$datum = date("j ") . $maand_array[date("n") - 1] . date(" Y");echo "<table><tr><td><b>Naam:</b></td><td><input type=\"text\" name=\"gnam\" size=\"40\"></td></tr>";echo "<tr><td><b>E-mailadres:</b><td><input type=\"text\" name=\"gmal\" size=\"40\"></td></tr>";echo "<tr><td><b>Website:</b> http://</td><td><input type=\"text\" name=\"page\" size=\"40\"></td></tr></table><br />";echo "<b>Datum:</b>$datum<input type=\"hidden\" name=\"gdat\" value=\"'$date'\"><input type=\"hidden\" name=\"datum\" value=\"$datum\">";echo "<br /><textarea rows=\"20\" cols=\"88\" name=\"gcon\"></textarea><br /><input type=\"submit\" name=\"akkoord\" value=\"voeg toe\">"; And yes I know this script is vulnerable for injection attacks, but I'm working on that one (any help is welcome tho).Thanks in advance, and have a great newyear everyone.PS as important: how do I avoid e-mail adresses from getting harvested from my guestbook? Link to comment Share on other sites More sharing options...
PrateekSaxena Posted December 29, 2006 Share Posted December 29, 2006 You can just not show the email addresses of the people that are posting on the guestbook. Probably you could ask for the URL of there website and link there name to that URL Link to comment Share on other sites More sharing options...
yoshida Posted December 29, 2006 Author Share Posted December 29, 2006 Thanks for the workaround.But the biggest problem here is spam messages in my guest book.I'm curious how spambots identify a guestbook? Link to comment Share on other sites More sharing options...
justsomeguy Posted January 2, 2007 Share Posted January 2, 2007 There are several ways. For example, they could do a Google search for "guest book" and look for forms that have fields with specific names.You might want to look into using a spam database like spamhaus to look up the IP of the poster and try to determine if the IP is blacklisted. There are several services that maintain blacklisted IPs and hosts, but I'm not sure if you can use them with PHP. Most of them are for email servers. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now