hey people, i have a simple website. It has a HTML form where users can add data to my guestbook. This is done in the following order: - users fill out HTML form - once they submit the information the data is checked by an external PHP page to see if all the fields of the form have been filled out. - if all the fields are filled out then the PHP script connects to the database and enters the data. The problem is i have been getting loads of spam. Seeing that my script allows data to be added to the database if all fields of the form are filled out, spammers are just filling the fields with junk and crap and entering it to the database. It would be ideal if i could add some kind of PHP function that checks if the data sent from the HTML form is valid first. Can this be done? If so does anyone have a PHP function that i can test out? Its got so bad that i have taken parts of my site down due to the spam, so any help will be appreciated. Regards J
Add a simple image verification script (you must have seen them on some of the big sites) so your users have to type a few letters into a box by copying them from an image. Alternatively make the users confirm their submission by clickling a button on the second page.
Add some code that checks for website links/code and then do nothing or report error, I do the same for my web based email forms. Ian
yeah the image validation seems the best bet. on most sites though they have a random image - I can only think of a way to do this by having only one image and by giving a variable the same number as in the image e.g. $valid = G76FH for example. Then just run a script to check if the form field passed is the same as the value for the $valid variable. If it is then enter the data, if not then dont. Would that do the trick or can bots detect if you only have the same image every time for validation? If the bots can detect that, then i need something that creates a random image and a script to check if the form field is the same as the number in the random image - but i cant think of a way to do that?
The technical term for what you're looking for is "captcha". try a Google search for some free captchas out there - many places offer totally free captchas which will take care of doing exactly what you're talking about, i.e. generating a random image and validating the text variable. VG
I have a simple solution at my website. The URL is: PHP Real-time Check Spam Function This will help a bit. I will work on an expanded version to call an external rule-set and look at making that rule set available for download -- so that you can update it from time to time.
Not sure if this helps, but there's a pretty good free service for checking whether URLs submitted in forms are pointing to spam web sites. http://www.surbl.org All you have to do is extract the "example.com" part of the submitted URL, then check whether that domain exists as a subdomain of surbl.org. If it does, it's a spamvertized domain. It can be implemented in about five or six lines of PHP. It's really cool.