Hello

I have a guestbook where I get spams, The image code verification has no effect, not even if I disable so that you enter a valid code it returns an error. The spams seem to go directly to the .dat file where all the messages are.

anyways by changing the name of the folder I got rid of them and I can see on my previously named folder copy I still get spams.

So I felt like experimenting a little on the sitting duck guestbook while my real guestbook is free from spams.

I have two fields that has to be filled, and the homepage field and email field is checking for character validation. So far so good.
But I would like to add some words that will not pass the validation if matched.

In the email field I do not want any mails containing @mail.com to be valid and in the homepage field I do not want anything containing xoomer to be valid.
And I would like to be able to add more words if neccessary

Here is the current code:

if ($vemail != "" && !preg_match("/([\w\.\-]+)(\@[\w\.\-]+)(\.[a-z]{2,4})+/i", $vemail)) {
input_err("Unvalid email address.");
}

if ($vurl != "" && strtolower($vurl) != "http://") {
if (!preg_match ("#^http://[_a-z0-9-]+\\.[_a-z0-9-]+#i", $vurl)) {
input_err("Unvalid URL format.");
}
}

You could setup a function with an array with 'bad words'. If the function returns false those bad words are not in the string. Here's an example:

/**
* Check presence of 'bad strings'.
*/
function contains_badwords($string) {
$bad_words = array(
"content-type:" ,
"mime-version:" ,
"multipart/mixed",
"Content-Transfer-Encoding:",
"bcc:",
"cc:",
"to:",
"@mail.com"
);
foreach($bad_words as $bad_word) {
if(eregi($bad_word, strtolower($string))) {
return true;
}
}
return false;
}


Ronald :cool:

ok that sounds great

hehe but how do I connect that to the form, or to the named inputs... ?

Well, you could add it at the end of your existing checking code (I assume that your input_error() routine issues a message and reload the form or dies).

if (contains_badwords($vemail) || contains_bad_words($vurl) )
input_err("Input contains invalid data.");
Ronald :cool:

super great!
I was confused without that last code to connect it to the form :)

Now I will see if the spammers even enter the forms at all or if they go straight to the data file

btw:

Have all these words below a purpose or are they just made up...?

"content-type:" ,
"mime-version:" ,
"multipart/mixed",
"Content-Transfer-Encoding:",
"bcc:",
"cc:",
"to:",

These words are part of HTTP headers that could be hidden in the input
fields.

Ronald :cool:

yes ok, alltho it is just a guestbook but it does send me a mail whenever someone has signed. But this could be useful on my mailform in otherhands .

And sorry to bother you again but... what is its function when the script is already assigned to one or two named input fields... ¿

What is the problem with the captcha? Is it working? What does the spam look like? Is it always the same? Does it contain keywords?

Hey bokeh

Your captcha is very fine but I have no idea how the spams get through. I sure cannot add any entry without entering the correct code.

I was trying once to delete a row in the captcha script so that nothing validates, not even the correct code. And still the spams got through.
The guestbook I have is one single index.php page with a .dat file where it keeps all the entries.

Otherwise with the word verification it blocked the same spammers effeciently

yes ok, alltho it is just a guestbook but it does send me a mail whenever someone has signed. But this could be useful on my mailform in otherhands .

And sorry to bother you again but... what is its function when the script is already assigned to one or two named input fields... ¿
The bad word blocker has nothing to do with usage in a specific kind of script.
Hackers could use that in any form they want to interrupt, not just emails!
So keep those words in.

Ronald :cool:

And still the spams got through.How? There must be a big hole.

The bad word blocker has nothing to do with usage in a specific kind of script.
Hackers could use that in any form they want to interrupt, not just emails!
So keep those words in.
QUOTE]
Alright, that is good to know, thanks again :)

[QUOTE=bokeh]How? There must be a big hole.

Yea well it is something alright. I can give you the link to the original script so you can investigate it sometime when you are bored, hehe
Alltho I am not on my work computer so I cannot check it from here so I´ll do it tomorrow