Page 1 of 1

Problems with SPAM in guestbook

Posted: Wed Nov 02, 2005 6:46 am
by Swannie
Hello people,

I joined to ask you people if you have an answer for a problem I have with my guestbook.

I use a simple but effective guestbook script called Doika guestbook, version 2.6a. It works, no problems with it so far.

Except for annoying SPAM nowadays. They keep on entering those bloody messages like: "I like your site, please visit my".
Not even proper English most of the time. Links to <span style='color:red;text-decoration:blink' title='Alert a moderator!'>grilled spam</span> and such are entered.

I remove them by hand now. But in the php coding it says that you can avoid SPAM. But no idea how to do that. I can make a php script fit my website and such, but I'm no programmer.

I heard that I could add some lines to avoid these bloody spam messages.

And... could it also be possible to add php coding in there to let the script send a thank-you e-mail?

Hope to hear from one or more of you!

Thanks in advance!!!

John...

Posted: Wed Nov 02, 2005 7:57 am
by timvw
I've decided to review every comment before it get's published at my site.


That allowed me to build a list with sites/words that spammers use often.
They've tried a couple of different sites/words once they noticed that.
So i've modified my list too ;)
And, last two weeks, i haven't seen them again. ;)

Posted: Wed Nov 02, 2005 8:01 am
by Swannie
Hey, thanks for your reaction.


The thing is, I simply don't have the time to review it before publishing. And it's far too many entries per week to do it that way.

I'll wait for more reactions or antoher solution.

Thanks anyway!

Posted: Wed Nov 02, 2005 8:09 am
by foobar
You can create a blocking mechanism that will not allow posts to be made within a certain time interval. Additionally, you can search for common words/phrases used by spammers, disable external links, or only external links to certain websites. To make sure you're guest book isn't bot-spammed, add a little CAPTCHA to the posting page.

Posted: Wed Nov 02, 2005 8:18 am
by yum-jelly
Like timvw said is good idea, but I also let them see their comment posted so they think they have succeeded in adding their spam. you do this by getting their IP and only showing there spam post to them and no one else!

I set a column in the db * spam *

Then when I loop the result for display....

Code: Select all

if ( $result['spam'] && $visitor_ip = $result['ip'] )
{
// show them their trash
}
else
{
// not the spammer, don't show it!
}
You might be asking why I do this, because when they think their spam is still there, they will not write another one! Sure it's not the case 100% of the time, but I have seen it work for me 9 out of 10 times! I had many that would come back everyday and write another spam post, but after doing this, they come back and check to see if their post is there, if it is they leave and most never come back again. I know it sounds like dumb logic but it works.


yj

Posted: Wed Nov 02, 2005 8:37 am
by Swannie
Beneath is the php code of the guestbook.
It stores all the entries in a text file. Like I said, it works fine. And it even says in the script that you can prevent SPAM.

But I tried some things, but it didn't work.

Help me out here. What should I add or change and where?

Code: Select all

<?php
############################################################
# Doika guestbook version 2.6a
# Copyright (C) 2001 Doika.net
# http://doika.net webmaster@doika.net
# All Rights reserved
# Freeware
############################################################
# Configure

session_start();

$gb_name  = "MIRACLE";     // Guestbook name
$gb_data  = "data.txt";      // File (path not URL) where data stored, chmod 666
$gb_psswd = "*******";        // Admin password
$gb_mail = ""; // Your email, only neaded if private messages are enabled

include("languages/english.inc.php");  // Path (not URL) to language file
# include("languages/french.inc.php");
# include("languages/finnish.inc.php");
# include("languages/swedish.inc.php");
# include("languages/dutch.inc.php");
# include("languages/german.inc.php");
# include("languages/russian.inc.php");
# include("languages/latvian.inc.php");
# include("languages/lithuania.inc.php");
# include("languages/italian.inc.php");
# include("languages/spanish.inc.php");
# include("languages/polish.inc.php");
# include("languages/polish2.inc.php");
# include("languages/greek.inc.php");
# include("languages/turkish.inc.php");
# include("languages/czech.inc.php");
# include("languages/norwegian.inc.php");
# include("languages/portugues_brasil.inc.php");
# include("languages/chinese_traditional.inc.php");
# include("languages/chinese_traditional2.inc.php");
# include("languages/chinese_simplified.inc.php");

// Features: true = enabled, false = disabled

$gb_flthtml = true;          // Html code filter (recomended: true)
$gb_url2lnk = true;          // Convert url:s to links in message
$gb_smiley = true;           // Smileys
$gb_fltbdwrd = true;         // Badword filter
$gb_privmsg = false;          // Privated messages
$gb_fltspam = true;          // Spam filter


$gb_msgpg = 10;               // Messages per page
$gb_lngwrd = 35;             // Max word length
$gb_lngmsg = 1000;            // Max message length

# Don't change anything below here unless you know what you're doing
############################################################
# Functions

function flt_tags ($text, $html){
 if ($html) {
    $text = strip_tags($text);
    $text = htmlspecialchars($text);}
 $text = ereg_replace("\|", "", $text);
 $text = ereg_replace("\r", "", $text);
 $text = ereg_replace("\n", "<br> ", $text);
 $text = stripslashes($text);
 $text = trim($text);
 return $text;
}

function flt_bdwrd ($text, $badwords){
 foreach ($badwords as $badword){
 $text = str_replace ($badword, "***", $text);}
 return $text;
}

function flt_smiley ($text){
 $text = ereg_replace(" ", " <img src=\"images/sm01.gif\" width=\"15\" height=\"15\" alt=\":)\" border=\"0\">", $text);
 $text = ereg_replace(" ", " <img src=\"images/sm02.gif\" width=\"15\" height=\"15\" alt=\":D\" border=\"0\">", $text);
 $text = ereg_replace(" ", " <img src=\"images/sm03.gif\" width=\"15\" height=\"15\" alt=\"8)\" border=\"0\">", $text);
 $text = ereg_replace(" ", " <img src=\"images/sm04.gif\" width=\"15\" height=\"15\" alt=\";)\" border=\"0\">", $text);
 $text = ereg_replace(" ", " <img src=\"images/sm05.gif\" width=\"15\" height=\"15\" alt=\":P\" border=\"0\">", $text);
 $text = ereg_replace(" ", " <img src=\"images/sm06.gif\" width=\"15\" height=\"15\" alt=\":o\" border=\"0\">", $text);
 $text = ereg_replace(" :\(", " <img src=\"images/sm07.gif\" width=\"15\" height=\"15\" alt=\":(\" border=\"0\">", $text);
 return $text;
}

function test_lngwrd ($text, $lng){
 $test = explode(" ", $text);
 foreach ($test as $word){
 if (strlen($word) > $lng){$tmp = true;}}
 if ($tmp){return $tmp;}
}

function test_lngmsg ($text, $lng){
 if (strlen($text) > $lng){$tmp = true;}
 if ($tmp){return $tmp;}
}

function test_email($email){
 if (eregi("^([a-z]|[0-9]|\.|-|_)+@([a-z]|[0-9]|\.|-|_)+\.([a-z]|[0-9]){2,3}$", $email, $arr_vars) &&
 !eregi("(@.*@)|(\.\.)|(@\.)|(\.@)|(^\.)", $email, $arr_vars)){
 return true;}
 else {return false;}
}

############################################################
# Main code

if($action == "msgnew"){
 if ($spam && $gb_fltspam){$msg_txt = $lgerr[4]; $msg_cap = $lgerr[0]; $id="message";} else {
 if($name & $message){
  $name = flt_tags ($name,1);
  $email = flt_tags ($email,1);
  $page = flt_tags ($page,1);
  $message = flt_tags ($message,$gb_flthtml);
  $index = date("YmdHis",time());
  $day = date("d.m.Y",time());
  $time = date("H:i",time());
  if (test_lngwrd($message,$gb_lngwrd)){$msg_txt = $lgerr[1]; $msg_cap = $lgerr[0]; $id="message";}
  elseif (test_lngmsg($message,$gb_lngmsg)){$msg_txt = $lgerr[2]; $msg_cap = $lgerr[0]; $id="message";}
  elseif ($private) {
    $mail_msg =
    "---------------------------------------------------------------\n".
    "The folowning information was submitted on\n".
    "$day $time\n".
    "---------------------------------------------------------------\n".
    "Name:    $name\n".
    "Email:   $email\n".
    "URL:     $page\n".
    "Message: $message.\n".
    "---------------------------------------------------------------\n".
    "Remote host: $REMOTE_HOST \n".
    "Remote address: $REMOTE_ADDR \n".
    "User Agent: $HTTP_USER_AGENT \n".
    "---------------------------------------------------------------\n";
    mail($gb_mail, "Private guestbook message", $mail_msg, "From: $name <$email>");
    $msg_txt = $lgpri[1]; $msg_cap = $lgpri[0]; $id="message";
    session_register("spam");
    $spam = true;
    }
  else {
  $data = fopen($gb_data, "a");
  fwrite($data, "$index|$day|$time|$REMOTE_ADDR|$HTTP_USER_AGENT|$name|$email|$page|$message|||\r\n");
  fclose($data);
  session_register("spam");
  $spam = true;
  }
 }
 else{$msg_txt = $lgerr[3]; $msg_cap = $lgerr[0]; $id = "message";}
 }
}

if($action == "logon"){
 if ($password == $gb_psswd){
 session_register("psswd");
 $psswd = $password;
 }
 else {$msg_txt = $lgerr[5]; $msg_cap = $lgerr[0]; $id="message";}
}

if($msgdelete || $msgdelete == "0" ){
 if ($psswd == $gb_psswd){
 $data = file($gb_data);
 rsort ($data);
 unset($data[$msgdelete]);
 $fp = fopen($gb_data,"w");
 foreach ($data as $row){fputs($fp, $row);}
 fclose($fp);
 }
 else{$msg_txt = $lgerr[6]; $msg_cap = $lgerr[0]; $id="message";}
}

if($msgedit || $msgedit == "0" ){
 if ($psswd == $gb_psswd){
 $id = "edit";
 }
 else{$msg_txt = $lgerr[7]; $msg_cap = $lgerr[0]; $id="message";}
}

if($msgreplace){
 if ($psswd == $gb_psswd){
 $data = file($gb_data);
 rsort ($data);
 $message = flt_tags ($message,$gb_flthtml);
 $comment = flt_tags ($comment,0);
 $data[$num] = "$index|$day|$time|$ip|$browser|$name|$email|$page|$message|$comment|0\r\n";
 $fp = fopen($gb_data,"w");
 foreach ($data as $row){fputs($fp, $row);}
 fclose($fp);
 }
 else{$msg_txt = $lgerr[6]; $msg_cap = $lgerr[0]; $id="message";}
}

############################################################
# HTML code
?>
Please, add the code and show the whole file again in total!

Of course if you want to help me out. I can understand you have better things to do than helping some sucker that isn't capable of doing it himself. :P
I'm just lost here...

John...

Posted: Wed Nov 02, 2005 10:04 am
by pickle
Captcha is the best method I can think of. One library I use is Freecap: http://www.puremango.co.uk/cm_freecap_113.php