Forum Moderators: coopster
Over the past few days my guestbook has been hit by a spammer. I don't know if it's an individual or a bot. On the first attack the poster left three comments, but for the past few days he's left one per day. (This is after I changed the flood time from 90s to 180s).
I don't know how to find this person's ip address as it keeps on changing. I have ip addresses that the form recorded when the spammer left his comment, but I also have addresses from my site's bbclone stats.
The latest attack brought these results; The form logged one ip address. While the stats logged a different ip address, and the same IP as the one logged in the form was logged for the proxy server. This is the first time a proxy server has been logged.
(The stats IP address that was logged) leads back to an address and it's similar to the address that was logged during the initial attack, (just a different client number at the end of the IP address and I created a .htaccess file to ban it). After having googled both address it appears this person has left a trail of spam in his wake.
The stats also show that this person uses a specific user agent, -- Mozilla/4.0 (compatible; MSIE 5.5; Windows NT) -- and only loads the guestbook form page.
How can I deal with this problem? It's so annoying, any advice/help is much appreciated.
My security so far is some vaildation code, (I have two required fields, name and comment), flood control, trim and htmlspecialchars.
I would like to use eregi() to prevent the submission of comments containing certain words, "<a href" etc. I've tried to implement it but so far all it does it prevent links from displaying.
if (eregi('<a href', $message)) {
$errmsg = 'Oops! No Links';
}
Thanks
Chambers
[edited by: coopster at 12:35 pm (utc) on Feb. 22, 2007]
[edit reason] removed specifics [/edit]
1. Add a requirement that the post is coming from your page:
on the form write:
form.php:
<?php
if(!isset($_SESSION)) session_start();...
?>
<form action="guestbook.php" method="POST" name="guestbook">
....
<input type="hidden" name="rnd" value="<?php $_SESSION['rnd'] = md5(time().rand()); echo $_SESSION['rnd'];?>">
<input type="submit" name="action" value="Submit">
</form>
...
and in the receiving end
if(isset($_SESSION['rnd']) && $_SESSION['rnd'] == $_POST['rnd'])
{
//the var are posted from your form
}
to disable bots add CAPTCHA [captcha.net]
To disable personal spamming add personal validation - you will need to approve of the comment, but this will make your life hard.
Hope this helps
Michal
Also, this section below, what's the receiving end? Where should I put it?
and in the receiving end
if(isset($_SESSION['rnd']) && $_SESSION['rnd'] == $_POST['rnd'])
{
//the var are posted from your form [b](what's meant to go here?)[/b]
}
Thanks for the CAPTCHA link.
and in the receiving end
if(isset($_SESSION['rnd']) && $_SESSION['rnd'] == $_POST['rnd'])
{
//the var are posted from your form (what's meant to go here?)
}
there goes processing of the form, I'll rephrase that for you:
if(!isset($_SESSION['rnd']) ¦¦ $_SESSION['rnd']!= $_POST['rnd'])
{
echo "Please use the original form to post the data";//
exit;
}
//here process the form
But that won't stop most bots. Use CAPTCHA, even simple one.
Michal
I'll definitely use a CAPTCHA also.
There is also a great thread in our library on the topic. I suggest you take a peak: Combatting Webform Hijack [webmasterworld.com].
Good luck! :)
Anyway, I used image validation code along with a bunch of cross matching numbers that expire with time. For example, for each unique profile's guess book, I generated a few unique numbers for that particular user and that particular time block. So in order for the script to allow message to that user's guestbook, the image validation has to go through AND the unique numbers have to match for that user and that time block. And if I detect somebody trying to send too many messages in a certain time period, I would put that IP in a 'watch list' database and if it reaches a certain threshold, that IP will be banned. It stopped the spammers so far.
