Anti-SPAM

Hello,

I noticed version 2.4.1. supports captcha. This is a nice feature to fight spam. I personally hate to fill in captcha so I hacked in a different validation:

In templates/form.php I added a hidden input (did the same for the preview ):

And then at the end of the file:

Then in add.class.php I added a property $gb_jscheck just like $gb_captcha, and do the following:

Now a spambot has to interpret Javascript before posting the form. This example is still quite easy to parse of course, or if this would become the default it wouldn’t even have to parse it at all. But if instead of TRUE and FALSE a random token is generated per session, or if more clientside difficulty is added this would work fine.

The latter being some kind of crypt operation over the generated token before it will be accepted by the server. Or the function that flags the input box is hidden somewhere, or can be renamed/placed somewhere else by the user…

This would make creating a spambot for Advanced Guestbook a bitch and will probably prevent a lot of people from doing so.

Anyways just wanted to share this alternative solution

Greetings,
Ray

1 - Not everybody has javascript turned on or uses a browser that supports it
2 - Some spammers use api to actually make the posts via a real browser such as IE.
3 - A token would be better as the spammers would just start sending the extra field with it set to true.

Both AG and Lazarus already use an extra field. In Lazarus's case it's an encrypted timestamp so posts can only be made x number of seconds after the forms generation and have a life of x number of seconds. the defaults being 20 and 360.