If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Anti-SPAM  XML
Forum Index » Advanced Guestbook Modifications
Author Message
Ray Burgemeestre
Newbie

Joined: 06/10/2006 23:50:15
Messages: 1
Offline

Hello,

I noticed version 2.4.1. supports captcha. This is a nice feature to fight spam. I personally hate to fill in captcha so I hacked in a different validation:

In templates/form.php I added a hidden input (did the same for the preview ):


And then at the end of the file:



Then in add.class.php I added a property $gb_jscheck just like $gb_captcha, and do the following:



Now a spambot has to interpret Javascript before posting the form. This example is still quite easy to parse of course, or if this would become the default it wouldn’t even have to parse it at all. But if instead of TRUE and FALSE a random token is generated per session, or if more clientside difficulty is added this would work fine.

The latter being some kind of crypt operation over the generated token before it will be accepted by the server. Or the function that flags the input box is hidden somewhere, or can be renamed/placed somewhere else by the user… This would make creating a spambot for Advanced Guestbook a bitch and will probably prevent a lot of people from doing so.

Anyways just wanted to share this alternative solution

Greetings,
Ray
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

1 - Not everybody has javascript turned on or uses a browser that supports it
2 - Some spammers use api to actually make the posts via a real browser such as IE.
3 - A token would be better as the spammers would just start sending the extra field with it set to true.

Both AG and Lazarus already use an extra field. In Lazarus's case it's an encrypted timestamp so posts can only be made x number of seconds after the forms generation and have a life of x number of seconds. the defaults being 20 and 360.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Advanced Guestbook Modifications
Go to:   
Based on the open source JForum