If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Guestbook spam  XML
Forum Index » General Discussion
Author Message
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

Is anyone else having big problems with people from france and germany spamming the guestbook with bad English?

I have to delete several entries per week. When I was using bravenet, I had NO spam whatsoever.

???

Mark.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

I do have an image verification mod for the guestbook to stop this but I never got round to installing it. SO I cam eup with a simple quick fix. I assume they are using a program or script to send the data straight to the addentry page. Simply add the following to the start of the addentry.php code before everything else.
<?php
$url = getenv('HTTP_REFERER');
$url = parse_url($url);
$domain = strtolower($url['host']);
if (($domain != 'www.carbonize.co.uk') && ($domain != 'carbonize.co.uk')) Header('Location: http://www.carbonize.co.uk/');
?>

Changing the carbonize.co.uk to the domain of your site. The Location part is the page they get sent to if they didn't get to the addentry page from your site.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

Great, thanks
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

i messed up original post but have editted it. It should start <?php and not </php

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

Hmm I just got spammed again so maybe they are spoofing the refer header. I'll see if I can't dig up the image verfication script

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

Let me guess... By "John....Hallo nice site"... TWICE!!!!!
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

Thats the one. A quick fix would be to rename the directory your guestbook is in or change the name of the addentry.php page but this would require editting the links as well.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

Wish I hadn't deleted them now. I wanted to make a list of the posting IP's, the website url's, the user agent etc. ALso wantd to visit the sites and see if I couldn't return the favour.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

Sometimes they don't actually show an IP though do they? It's just a name...

The one mistake I made, when this was v2.2.1 you could advertise your link on this site I think.... that could be where they get the addresses to spam from. I'm not using a standard directory name.

These IPs are spammers

213.36.26.101
209.10.133.67
212.202.173.248

and this one, who told me I had "great soaps" - strange for a music site.

dyn-212-129-32-144.ppp.tiscali.fr

That's all I have atm.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

They could just use google and do a search for a phrase that only appears on the advanced guestbook. This is one of the reasons I removed the proxy2 link from the bottom of mine. Search for this exact text including quotes on google "Fill out the blanks below to sign the guestbook" to see what i mean. You will notice that every result is the add entry page for advanced guestbook even if they have renamed the file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

fair enough.. now where's my delete button
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

213.36.26.101 this one leads back to an ISP in france. http://www.tiscali.fr/


209.10.133.67 This one someone is useing a proxy and hiding. No info. But it does lead back to NY state.


212.202.173.248 this one leads back to this addy in germany. http://www.dynamic.de/

But thank you I will be adding them to my .htaccess file.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4290
Location: Bristol, UK
Offline

I've uploaded the image verification script to http://www.carbonize.co.uk/verification.zip

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

OK cool... If you enter the code incorrectly... it says hit back, and enter the code correctly..

However, the submit button does not work when you hit back...
madfiddler
Beginner

Joined: 04/07/2004 02:43:36
Messages: 12
Location: Brighton, UK
Offline

another spammers ip

61.235.103.2
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum