On Wed, Mar 29, 2006 at 02:52:39PM -0500, Rahul S. Johari wrote: > > Ave, > > I�ve run into a slight problem. We maintain a Guestbook for our company�s > website. Lately we have been getting a lot of �Spam� entries into the > Guestbook. Is this a common guestbook, like a 3rd party tool you got and added to the web site? If so, do they already have a solution in place with an add-on or such. > > I added a snippet into the PHP Script & a field in the mySQL database to > record the IP Address of posters. However, for the SPAM posts, it records > �Null� instead of an IP Address. I�m using $REMOTE_ADDR to records the IP. > It records IP Addresses of any genuine poster... But NULL for the spam > poster. You really want to use $_SERVER['REMOTE_ADDR']; > > What else can I do to block the SPAM entry? Is there some other Unique > Identifier that I can record of the Spam poster and then block him? Well, i'll try to keep this short without going into a big rant about SPAM... A common method (now adays) is have the form that is being posted provide a challange/response method (like CAPTCHA) to verify that someone is actually sitting there filling out the form instead of a script doing the work. One of the problems with this method is well it limits your "visually" impared audience from being able to add to the guestbook, since it requires a visual response to the challenge. Another method is to require javascript for a challenge response method, this of course limits your audience to those who have javascript enabled, and I'm not sure if it really 'visually impared' friendly. Even with those two methods, all we are doing is securing the form from spam by obscurity. Even if it sounds like these ideas are good because it will remove the un-needed spam i get. Consider this: Email gets prbably the worst spam, and there are several applications that go out and harvest emails for spamming purposes. So we all think hey they are looking form: user@xxxxxxxxxx ... so thus we think, lets not write it that way but make it so a person can read it. So now we enter this so it isn't harvested: user [at] domain [dot] com now, if you think about this for a moment, if everyone used the latter format to write their emails on the web, would it not be easy for a email harvester to come up with a little regex to read either or? Ok, i promised not to rant to much about spam, so yeah, this is a tuff thing to get around and very hard to find a realistic solution for. Curt. -- cat .signature: No such file or directory -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php