Hi, I have experienced recent attacks to my websites guestbook. I would like to know how to block certain domains from my site or from posting to guestbook. Also I need to block HTML code from being posted in guestbook as well as certain 4 letter words. The guestbook is the basic one from Earthlink. You click a button and it adds the guestbook. The code that actually runs the guestbook is in Perl. I D/Led a free Perl editor. How can I go about blocking HTML code, foul words, and or certain domains from the guestbook? Thanks in advance!

Dennis

You can block IP's by checking them against a list of bad ones you make. You might want to log the IP's so you can get a list of baddies going. The IP addy is in the environment variable "REMOTE_ADDR" so that would be: $ENV{"REMOTE_ADDR"}

You can also make an array of inappropriate words, then loop through with a regex to swap them out or remove them. http://www.perl.com/doc/FAQs/cgi/perl-cgi-faq.html Has a good regex for pulling out HTML tags.

Have you considered just finding a different guestbook? One that has these features built in?

http://bignosebird.com/carchive/bnbbook.shtml

Thanks. I will try to log the domain the next time they post. I am new to HTML and REALLY new to PERL. I guess I could use a more secure guestbook. I just used the "Click here to add a guestbook" feature in the Earthlink website tools. I did the rest of the site with Dreamweaver MX.

Cool, good luck, and keep on coding!

It worked, it logged my domain in the test.

Ok, now I have the suspect domain. What is the code to prevent it from posting?

I'm not sure how perl is gonna behave on that one, I'd assume it'll treat the ip addy as a string (maybe?) Anyway, in the area before it places the info into storage (I'm guessing flatfile) put one of these:
$okayIPFlag = true;
@badIPAddys = ('192.168.0.1', '192.168.0.2', '192.168.1.5');
foreach(@badIPAddys)
{
if ($_ eq $ENV{"REMOTE_ADDR"})
{
$okayIPFlag = false;
}
}
if(! $okayIPFlag)
{
print "You have a bad ip and I don't like you.";
exit();
}I'd proofread my code, I don't have Perl on my work machine, so I can't guarantee it's all right :)

Thank you very much :) , but what I have learned form logging the IPs, is they have a different IP each time they post. So either they have a special program or I think AOL assigns IPs as you sign on. I did figure out a way to show the poster that I am logging their IP, so maybe that will work. Thanks though.

No problem. If you want more info on the IP thing google "DHCP" You could probably figure out what block of IP's they are getting assigned to, but then again maybe not. Anyway, good luck!

Oh yeah, one last suggestion, if all else fails you should try http://www.dreambook.com/ It's made by a great hosting company, DreamHost.com and is really slick. :)