How to create a script that will block unwanted spam on guestbook?

Hi all
I have a guestbook script, that I found laying around. But I have a problem. I keep getting spam messages on my guestbook, from sites containing adult material and other advertisement. How can I create a script that can log IP's and then block them, in the future?

Or a script that will allow me to input words that are not allowed to be in the "name" "email" or "web" form?

I have this script so far:

<?php
// Set these to get the guestbook more personal.
// ========================================
$gbfile = "guestbook.txt"; // The file that all guestbook entrys should be saved in.
$thisfile = "guestbook.php"; // The name of this file.
$dateshow = "Y-m-d - H:i:s"; // Decides how the date should be shown. http://www.w3schools.com/php/func_date_date.asp
$username = "ADMIN"; // Admin username.
$password = "ADMIN"; // Admin password.
$wrongpass = "Not logged in!"; // Text to show when the wrong password has been entered.
$wrongname = "Not logged in!"; // Text to show when the wrong username has been entered.
$thankstxt = "<meta http-equiv='refresh' content='3;URL=$thisfile'><p>Thank you for writing in my guestbook!<br>You will be sent back in 3 seconds. If not click <a href='$thisfile'>here</a></p>"; // The text that the user will see after entering something in the guestbook.
$errornoname = "<meta http-equiv='refresh' content='3;URL=$thisfile'><p>You have to enter a name!<br>You will be sent back in 3 seconds. If not click <a href='$thisfile'>here</a></p>"; // Text to print out when no name has been entered in the entry.
$errornomsg = "<meta http-equiv='refresh' content='3;URL=$thisfile'><p>You have to enter a message!<br>You will be sent back in 3 seconds. If not click <a href='$thisfile'>here</a></p>"; // Text to print out when no message has been entered in the entry.
$gbedited = "<meta http-equiv='refresh' content='3;URL=$thisfile'><p>Guestbook has been edited!<br>You will be sent back in 3 seconds. If not click <a href='$thisfile'>here</a></p>"; // Text to print out when guestbook has been edited.
// ========================================

// Do not change under here
// ========================================
$gbpage = "$_SERVER[PHP_SELF]";
$date = date("$dateshow");
$name = htmlentities(strip_tags($_POST['name']));
$email = htmlentities(strip_tags($_POST['email']));
$homepage = htmlentities(strip_tags($_POST['homepage']));
$message = nl2br(htmlentities(strip_tags($_POST['message'])));
$message = str_replace(array("\r", "\n"), '', $message);
$message = wordwrap($message, 75, "<br />", true);
$printfull = "<table width=\"400\" border=\"0\" align=\"center\" bordercolor=\"#CCCCCC\"><tr><td width=\"80\"><strong>Date:</strong></td><td width=\"320\">$date</td></tr><tr><td><strong>Name:</strong></td><td>$name</td></tr><tr><td><strong>Email:</strong></td><td><a href=%22mailto:$email/%22>$email</a></td></tr><tr><td><strong>Homepage:</strong></td><td><a href=%22$homepage/%22 target=\"_blank\">$homepage</a></td></tr><tr><td><strong>Message:</strong></td><td>$message</td></tr></table><br> \n";
$printnoemail = "<table width=\"400\" border=\"0\" align=\"center\" bordercolor=\"#CCCCCC\"><tr><td width=\"80\"><strong>Date:</strong></td><td width=\"320\">$date</td></tr><tr><td><strong>Name:</strong></td><td>$name</td></tr><td><strong>Homepage:</strong></td><td>
<a href=%22$homepage/%22 target=\"_blank\">$homepage</a></td></tr><tr><td><strong>Message:</strong></td><td>$message</td></tr></table><br> \n";
$printnopage = "<table width=\"400\" border=\"0\" align=\"center\" bordercolor=\"#CCCCCC\"><tr><td width=\"80\"><strong>Date:</strong></td><td width=\"320\">$date</td></tr><tr><td><strong>Name:</strong></td><td>$name</td></tr><tr><td><strong>Email:</strong></td><td>
<a href=%22mailto:$email/%22>$email</a></td></tr><tr><td><strong>Message:</strong></td><td>$message</td></tr></table><br> \n";
$printnoemailpage = "<table width=\"400\" border=\"0\" align=\"center\" bordercolor=\"#CCCCCC\"><tr><td width=\"80\"><strong>Date:</strong></td><td width=\"320\">$date</td></tr><tr><td><strong>Name:</strong></td><td>$name</td></tr><tr><td><strong>Message:</strong></td><td>$message</td></tr></table><br> \n";
// ========================================

// SCRIPT START !!!
// ========================================
switch($_GET['id'])
{
default:
?>
<p align="left"><a href="<?php echo $gbpage; ?>?id=2">Admin</a></p>
<table align="center"><form action="<?php echo $gbpage; ?>?id=1" method="post" name="submitform">
<tr><td><font color="#87B16D"><strong>Name:</strong></font></td><td>
<input type="text" name="name" size="40" maxlength="50" style="color: #87B16D; border: 1px solid #FFFFFF"></td></tr>
<tr><td><font color="#87B16D"><strong>Email:</strong></font></td><td>
<input type="text" name="email" size="40" maxlength="50" style="color: #87B16D; border: 1px solid #FFFFFF"></td></tr>
<tr><td><font color="#87B16D"><strong>Homepage:</strong></font></td><td>
<input type="text" name="homepage" size="40" maxlength="50" value="http://" style="color: #87B16D; border: 1px solid #FFFFFF"></td></tr>
<tr><td valign="top"><font color="#87B16D"><strong>Message:</strong></font></td><td>
<textarea name="message" cols="30" rows="7" style="color: #87B16D; border: 1px solid #FFFFFF"></textarea></td></tr>
<tr><td></td><td>
<p align="center">
<input type="submit" name="Submit" value="TAG!" style="border: 1px solid #87B16D"></td></tr>
</form></table><br>
<?php
$gb = file($gbfile);
$gb = array_reverse($gb);
foreach ($gb as $guestbook) { echo stripslashes($guestbook); }
break;

case 1:
if($name == "")
{ echo $errornoname; }
elseif($message == "")
{ echo $errornomsg; }
elseif($email == "")
{
if($homepage == "" || $homepage == "http://")
{
$writeinfo = $printnoemailpage;
$printer = fopen($gbfile,"a");
fwrite($printer,$writeinfo);
fclose($printer);
echo $thankstxt;
}
else
{
$writeinfo = $printnoemail;
$printer = fopen($gbfile, 'a');
fwrite($printer,$writeinfo);
fclose($printer);
echo $thankstxt;
}
}
elseif($homepage == "" || $homepage == "http://")
{
$writeinfo = $printnopage;
$printer = fopen($gbfile, 'a');
fwrite($printer,$writeinfo);
fclose($printer);
echo $thankstxt;
}
else
{
$writeinfo = $printfull;
$printer = fopen($gbfile, 'a');
fwrite($printer,$writeinfo);
fclose($printer);
echo $thankstxt;
}
break;
case 2:
?>
<table align="center"><form action="<?php echo $gbpage; ?>?id=3" method="post" name="submitform">
<tr><td><strong>Username:</strong></td><td><input type="text" name="adminname" size="20"></td></tr>
<tr><td><strong>Password:</strong></td><td><input type="password" name="adminpass" size="20"></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Login"></td></tr>
</form></table>
<?php
break;
case 3:
if($_POST["adminname"] == $username) { if($_POST["adminpass"] == $password) {
?>
<table align="center"><form name="guestbookedit" method="post" action="<?php echo $gbpage; ?>?id=4">
<tr><td><textarea name="gbedit" cols="65" rows="30" wrap="off">
<?php
$gb = file("$gbfile");
$gb = array_values($gb);
foreach ($gb as $guestbook) { echo stripslashes($guestbook); }
?>
</textarea></td></tr>
<tr><td>Enter admin password to edit entrys: <input type="password" name="psw" size="20"></td></tr>
<tr><td><input type="submit" name="Submit" value="Save"><input type="reset" name="Reset" value="Reset"></td></tr>
</form></table>
<?php
} else { echo "$wrongpass"; } }
else { echo "$wrongname"; }
break;
case 4:
if($_POST["psw"] == $password)
{
$writeinfo = $_POST['gbedit'];
$writeinfo = stripslashes($writeinfo);
$printer = fopen($gbfile, 'w');
fwrite($printer,$writeinfo);
fclose($printer);
echo $gbedited;
}
else { echo "$wrongpass"; }
break;
}
// ========================================
// SCRIPT END !!!
?>


Please help... I get like 20 spam msg's a day...

//XuN (View the guestbook on xun.dk)

 

I created a easy ip-ban-script a while ago:

Introduction
Sometimes it can be usefull to ban people of your site. They maybe spam the shoutbox or anything. But how can you protect your site from those people? If you know their IP it's rather easy.

Save this script as 'ban.php'. The IP's you want to have banned you must fill in at: '$banned'.

<?php
$banned = array("aaa.aaa.aaa.aaa","bbb.bbb.bbb.bbb","ccc.ccc.ccc.ccc");
if(in_array($_SERVER['REMOTE_ADDR'], $banned))
   die("You are banned.");
?>

PHP:

Then we must 'include' that file, which is very easy to do. (The best place to place this 'include' is at the top of your page, even before the <HTML> tag!

<?php
include("ban.php");
?>

PHP:

For the ip-log script:

create a file called log.php and add the following code:

<? 
$ip = $_SERVER['REMOTE_ADDR']; 
$page = $_SERVER['REQUEST_URI'];   
$date = date("d-m / H:i:s"); 
$insert = $date . " - " . $ip . " - " . $page . "n"; 
$fopen = fopen("log.txt", "a"); 
fwrite($fopen, $insert); 
fclose($fopen); 
?> 

PHP:

Next create a file called log.txt and chmod it to 777

Now you can see what every ip has done on your site
just acces it by www.yoursite.com/log.txt

Hope this could help you out!

- Robert

 

May the above ipban script not work here is another one:

<?php // Allows you to ban people from viewing your website. 
$getip = $_SERVER["REMOTE_ADDR"]; 
$getdate = date( "l dS of F Y" ); 
$gettime = date( "h:i:sa (@B" ); 

$banned_ip = array(); 
$banned_ip[] = '111.111.111.110'; 
$banned_ip[] = '111.111.111.111'; 
$banned_ip[] = '111.111.111.112'; 
$banned_ip[] = '111.111.111.113'; 
$banned_ip[] = '111.111.111.114'; 

foreach($banned_ip as $banned) { 
$ip = $_SERVER['REMOTE_ADDR']; 
if($ip == $banned){ 
echo "It seems you have been banned from viewing this website."; 
echo "<br />"; 
echo "If you think you have been banned in error please contact me."; 
$fp = fopen("code/data/ip_data.dat",  "a");   
fputs($fp, "**BANNED** Visit logged on $getdate at $gettime internet time) for IP: $getip 
"); 
fputs($fp, ""); 
fclose($fp); 
exit(); 
} 
} 
echo "<b><font size=3 color=#000000>Update in progress.</font></b>"; 
echo "<br />"; 
echo "'<b><font color=#007700>Authorized Visit</font></b>' detected and logged on $getdate at $gettime internet time) for IP: $getip"; 

$fp = fopen("code/data/ip_data.dat",  "a");   
fputs($fp, "Authorized Visit logged on $getdate at $gettime internet time) for IP: $getip 
"); 
fputs($fp, ""); 
fclose($fp); 
?> 

PHP:

- Robert

 

Thank you for your help. The script works fine, but I now realize that the IPban will not stop the spam. Woke up this morning and had 100 spam msg's on my guestbook.

Now what i'm thinkin, is, can I change my script, so that if there's any "URL" in the "message", "Name" or "Mail"-Field? That would stop at least some of it, since its mostly messages containing URLS...

Thank you in advance

 

The first thing you can do to reduce the amount of spam in your guest book is implement a captcha verification system. Secondly, you can use a spam check routine in PHP to review the contents of the title and message for offending material.

In simple terms:

if( isSpam($message_body) )
   { die( "There is a problem with our database!"); }

 
 
function isSpam($checkThis)
{
if( preg_match("/spammers.com/", $checkThis) ) { return 1; }
if( preg_match("/(cialis|viagra)/", $checkThis) ) { return 1; }

return 0;
}

PHP:

You can do the same thing with the subject. You should also be verifying data to make sure it is safe! Older scripts do not have captcha and often ignore some user input checks.

 

hmm, nothing happens when I use it. I tried replacing "/spammers.com" with "url", but when I sign my guestbook and use "url" in the $message field, it still allows me to write...
??