On Wed, Mar 29, 2006 at 02:52:39PM -0500, Rahul S. Johari wrote:
>
> Ave,
>
> I�ve run into a slight problem. We maintain a Guestbook for our company�s
> website. Lately we have been getting a lot of �Spam� entries into the
> Guestbook.
Is this a common guestbook, like a 3rd party tool you got and added
to the web site? If so, do they already have a solution in place
with an add-on or such.
>
> I added a snippet into the PHP Script & a field in the mySQL database to
> record the IP Address of posters. However, for the SPAM posts, it records
> �Null� instead of an IP Address. I�m using $REMOTE_ADDR to records the IP.
> It records IP Addresses of any genuine poster... But NULL for the spam
> poster.
You really want to use $_SERVER['REMOTE_ADDR'];
>
> What else can I do to block the SPAM entry? Is there some other Unique
> Identifier that I can record of the Spam poster and then block him?
Well, i'll try to keep this short without going into a big rant
about SPAM...
A common method (now adays) is have the form that is being posted
provide a challange/response method (like CAPTCHA) to verify that
someone is actually sitting there filling out the form instead of a
script doing the work.
One of the problems with this method is well it limits your
"visually" impared audience from being able to add to the
guestbook, since it requires a visual response to the challenge.
Another method is to require javascript for a challenge response
method, this of course limits your audience to those who have
javascript enabled, and I'm not sure if it really 'visually
impared' friendly.
Even with those two methods, all we are doing is securing the form
from spam by obscurity. Even if it sounds like these ideas are good
because it will remove the un-needed spam i get. Consider this:
Email gets prbably the worst spam, and there are several
applications that go out and harvest emails for spamming
purposes. So we all think hey they are looking form:
user@xxxxxxxxxx
... so thus we think, lets not write it that way but
make it so a person can read it. So now we enter this so it isn't
harvested:
user [at] domain [dot] com
now, if you think about this for a moment, if everyone used the
latter format to write their emails on the web, would it not be
easy for a email harvester to come up with a little regex to read
either or?
Ok, i promised not to rant to much about spam, so yeah, this is a
tuff thing to get around and very hard to find a realistic
solution for.
Curt.
--
cat .signature: No such file or directory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
