I have a cakephp recipe website at http://www.projectpotluck.com I've been getting spam recipe submissions from a non-registered user. How is it possible to submit a recipe when not registered or logged in and how can I prevent it?
The problem was that I wasn't using the auth component for my recipes controller but I've fixed that now.
I believe your site was built on WordPress platform, am I right? Then it will be better if you install an antispam plugin. Here's a recommended plugin for you to combat heavy spam. http://wordpress.org/extend/plugins/keycaptcha/ All the best.
It was built with CakePHP. The problem with spam recipe submission was fixed when I added authentication to the recipes controller. Thanks.
Put an IP list of the spammer's email after catching it with $_SERVER['REMOTE_ADDR']; when a spammer email is detected , it will send them to a clone page with the text-area for their recipe. use an <IFRAME> to align the CIA or FBI submission form in the <IFRAME> when the spammer writes his message and hits the Submit button, they will have just spammed the CIA/FBI with a seemingly taunting message and be put under surveillance. They will start to wonder why black sedans follow them. But in the mean time they're still having tons of fun sending you spam mail. Watch the news for who gets arrested in the area for sending hate mail to CIA/FBI. That's the recipe I would prescribe for your spammer sickness.
For the comments submission I do use $_SERVER['REMOTE_ADDR']; to collect IP addresses but the spammers change their IPs constantly so it doesn't really work. Thanks anyway.
If you goto a whois or networksolutions.com/whois and search the IP it will tell you if they're using a proxy account at Ripe Coordination Center, or a proxy from UK or AsiaPacific. and you can block the code blocks by writing to Ripe etc and asking for the codeblock or having them terminate their usage of their IPs as they're not meant to be used by saboteur groups. Tell them the IPs and if they're being rented in block-range, they can terminate the users account. Usually they're doing something like that since daily free proxy IPs are usually garbage.