spam

[yoshida]

A while ago I've written my own guestbook (php), and used it for a small number of websites. I decided to create my own to be safe from spam messages. Or at least that's the plan (read: misconception). The guestbook is this one (soon to be replaced by one like this, my latest creation).A week ago I validated the website (the blue/white one) as xhtml 1.0 transitional. It can now be found with Google, but spambots can find it too! Is there any way to avoid these spam messages in the future, without making it harder for regular visitors to leave a message? (I know that's a BIG contradiction, but I hope you get my drift)Handler:

//handler;$gnam=$_POST['gnam'];$gmal=$_POST['gmal'];$datum=$_POST['datum'];$gdat=$_POST['gdat'];$page=$_POST['page'];$gcon=addslashes($_POST['gcon']);			if ($gnam == "" || $gcon == "") {//checks if a user actually left his name and message after the beep;echo "<div class=\"warning\">Niet alle verplichte velden zijn ingevuld.</div> <meta http-equiv=refresh content=\"1; url=index.php?pageid=gastenboek&command=write\">";        }							else {	$query="INSERT INTO gastenboek VALUES ('','$gnam','$gmal','$page','$datum','$gdat','$gcon')";	mysql_query($query);	echo "<div class=\"warning\">Uw bericht is toegevoegd, dank u wel.</div><meta http-equiv=refresh content=\"1; url=index.php?pageid=gastenboek\">";	}

Form:

//form;echo "<form action=\"index.php?pageid=gastenboek&command=write\" method=\"post\">";$date=date('ymdHi');$maand_array = array("januari", "februari", "maart", "april","mei", "juni", "juli", "augustus", "september","oktober", "november", "december");$datum = date("j ") . $maand_array[date("n") - 1] . date(" Y");echo "<table><tr><td><b>Naam:</b></td><td><input type=\"text\" name=\"gnam\" size=\"40\"></td></tr>";echo "<tr><td><b>E-mailadres:</b><td><input type=\"text\" name=\"gmal\" size=\"40\"></td></tr>";echo "<tr><td><b>Website:</b> http://</td><td><input type=\"text\" name=\"page\" size=\"40\"></td></tr></table><br />";echo "<b>Datum:</b>$datum<input type=\"hidden\" name=\"gdat\" value=\"'$date'\"><input type=\"hidden\" name=\"datum\" value=\"$datum\">";echo "<br /><textarea rows=\"20\" cols=\"88\" name=\"gcon\"></textarea><br /><input type=\"submit\" name=\"akkoord\" value=\"voeg toe\">";

And yes I know this script is vulnerable for injection attacks, but I'm working on that one (any help is welcome tho).Thanks in advance, and have a great newyear everyone.PS as important: how do I avoid e-mail adresses from getting harvested from my guestbook?

[PrateekSaxena]

You can just not show the email addresses of the people that are posting on the guestbook. Probably you could ask for the URL of there website and link there name to that URL

[yoshida]

Thanks for the workaround.But the biggest problem here is spam messages in my guest book.I'm curious how spambots identify a guestbook?

[justsomeguy]

There are several ways. For example, they could do a Google search for "guest book" and look for forms that have fields with specific names.You might want to look into using a spam database like spamhaus to look up the IP of the poster and try to determine if the IP is blacklisted. There are several services that maintain blacklisted IPs and hosts, but I'm not sure if you can use them with PHP. Most of them are for email servers.