If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Guestbook spam  XML
Forum Index » General Discussion
Author Message
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

madfiddler wrote:OK cool... If you enter the code incorrectly... it says hit back, and enter the code correctly..

However, the submit button does not work when you hit back...


Hmm it worked fine when I tested it. I'll have another play.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

I'm prolly being crap.. It was also displaying the same number each time.... I'll experiement... Not a programmer you see, so could have done something stupid.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Ok I've overhauled the image verification script. It now takes them back to the addentry form with an error message at the top if they get the code wrong. I have also rewrote the instructions to make then clearer, I hope, and included iinstructions for people using 2.2. Finally I have also changed how it appears in the form so it makes more sense to the user.

You can get it from http://www.carbonize.co.uk/verification.zip

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline

Carbonize wrote:They could just use google and do a search for a phrase that only appears on the advanced guestbook. This is one of the reasons I removed the proxy2 link from the bottom of mine. Search for this exact text including quotes on google "Fill out the blanks below to sign the guestbook" to see what i mean. You will notice that every result is the add entry page for advanced guestbook even if they have renamed the file.


Carbonize, I did the google search and, yep, found everyone's guestbook. Would you advise changing the wording to say something other than "Fill out the blanks..." Wouldn't this help?

Carbonize wrote: I have just set my guestbook up to post a nice message if anyone tries to use the exploit password it also logs their details.


Can you tell me how to do this? Thanks.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

If you look at my guestbook http://www.carbonize.co.uk/Guestbook/ you will see I have altered the layout of the entries. I recommend customising your guestbook to better fit in with your website and this includes the text it uses. A lot of the text an be found in the language file.

As to how I log the entries I simply added some code to the password checking function in lib/session.class.php. I mentioned the basic start of the code somwhere else in this forum. Basically I hard coded the password in and made it write the time, password used, browser used, and IP of anyone putting in the wrong password. Please do not attempt to test it as I email the ISP of all reported IP's.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
arcticphoto
Newbie

Joined: 26/07/2004 03:59:55
Messages: 1
Offline

I, too, am getting constant spam from people with French and German domains. Here's the worst offender, who I delete multiple entires a week from:

HOST: dyn-83-154-65-134.ppp.tiscali.fr
URL: http://monsite.wanadoo.fr/voyante
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Yes spam is why I had the image verification script made.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
lmf33
Beginner

Joined: 18/01/2004 23:18:34
Messages: 12
Offline

How does this script stop spammers?

Can it be used in Guestbook 1.5?

Thanks
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

sorry as far as I am aware it is 2.2 and 2.3.1 only as I have never seen the script for 1.5. It works by using image verification where the poster has to type in the characters that appear in an image before the post will be accepted.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

Here are some IP addresses from spammers that have hit mine.

213.36.26.101
209.10.133.67
212.202.173.248
61.235.103.2
83.155.70.14
213.36.158.150
83.156.198.96
213.8.52.84
61.218.242.229

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

It would be a waste of time blocking IP's that have been used by spammers as they will rarely, if ever, use the same IP again. Odd's are they use a dial up connection and so get a new IP each time they connect. You could ban an entire IP block but then you will prevent legitimate visitors. My image verification script is the only practical solution I have come across apart from changing the names used by the inputs.

Hmmmm now thats an idea for those that cannot get my script to work correctly. I'm sure it wont be that hard to add a section to the admin section allowing users to define there one start string to go before the input names. This would stop the spammers as they just send the add entry packet straight to your server.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
SimonTuffGuy
Beginner

Joined: 08/11/2004 14:53:49
Messages: 5
Location: Central PA
Offline

Wow! This is EXACTLY what I was looking for in my guestbook! I've been receiving spam for the past few weeks and just been deleting it like normal!

Thanks for the help!

Simon

Simon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

We are here to help. I have finished making an updated version of Advanced Guestbook 2.3.1. It is in alpha testing right now but will be beta soon.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
SimonTuffGuy
Beginner

Joined: 08/11/2004 14:53:49
Messages: 5
Location: Central PA
Offline

Actually... Is there a way make this so it does a popup-box on the entry form if the code is invalid? If the code is invalid when the person submits it, all the info they put in is lost when it goes back...

More consistency than anything... Or maybe I'm just being picky?

Simon

Simon
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Popups are great but not everyone allows them. I know I dont.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum