Trying to stop people spamming my guestbook >.< Any suggestions?

[maryadav]

Ok, I've been with a free solution for my guestbook for a while now. The only problem is the only ones that seem to sign it are SPAMMERS.

Wordpress could be a solution I've read but I can't seem to get that to install from Softlicious. Is there anything else I can do? I'm getting a little tired of having to delete posts every day b/c they're from spammers.

 

[nkranx10]

i'm not sure with wordpress or your third party guestbook, but basically spammers just want to post links to web sites so if you use code thats picks up on
http
://
www

you can stop them posting . I use a simple script of my own that has an array of "bad words" and web protocol runs through text put in by user -try posting a web link here on my feedback page here!
http://www.nkran.x10host.com/index.php/pages/page/feedback
One member on this site says my site is coming up as malicious, it doesn't for me but i'm running linux; have a look if you wish let me know if you also get malicious

I am using third party software CodeIgniter but its easy to integrate your own code by putting it in the library folder. not sure how to integrate on others third party.

 

[garrettroyce]

As with most problems, you have 2 broad categories of solutions: use one that someone came up with already, or create your own.

The problem with creating your own is that the work involved is usually much larger than it initially appears. In this case, you have to do a pretty significant amount of checking:

1) Undesirable HTML tags such as <script>, <embed>, <a>, etc., but possibly allow for something like <span style="color: red;">red text</span>
2) Unescaped HTML reserved characters such as &, <, >, and ".
3) Spam links
4) Character replacements that will result in spam links (such as \/\/ \/\/ \/\/.EXAMPLE.COM, ᎳᎳᎳ.EXAMPLE.COM [that's actually not a "W"!], and etc.)
5) Encoded characters such as &#88 (which will turn into a "W" when the user sees it in the browser) and make sure they're not part of a link
6) ASCII art text
7) Text that refers to a link (go to example dot com!)
8) Spaces or other characters in the link (w w w . example . com)
9) Links to bad sites that are obfuscated http://x10hosting.com:test@example.com:80 (this would go to example.com)
10) Problems with your software that could allow hackers to compromise your site (such as programming mistakes)
11) Possibly more I didn't think of

Or, you could find software that has already done this for you. I would recommend finding software that has this all taken care of already. I use http://akismet.com/ which blocks known spam users, known spam comments, and also checks for unknown spam as well.

 

[essellar]

There's also the "no guestbook" option. (Guestbooks are something I haven't seen a lot of since GeoCities was a big deal. I take it as read that the website owner is stuck in 1998 whenever I see a link to a guestbook. Or when I see a hit counter.) The various social site "like" buttons serve the same sort of function that guestbooks used to serve, and they have the added benefit of signalling the users' contacts/friends.

 

[maryadav]

I'll see what I can do; the thing is my guestbook is hosted elsewhere so I need to fix that. (I was wondering if a more local solution might help can the spammers.)

And yes, there's always the "get rid of it" option since the service I'm using can't seem to keep spammers off their system at all. I'm getting royally sick of it. But yeah, in my case; I've had a website since Geocities actually. (Tho the one currently up is not the geocities site; I kept it and it IS up on my page but it's just a archive and I'm not updating Elizara's Lighthouse anymore)

But I'll think about getting rid of the guestbook all together if I can't find a good solution to the problem.

 

[iSean]

You could add a security Captcha to the form, to stop robots spamming your chat, and if it's normal people spamming maybe impliment an IP limiter, to allow say only 2 posts per IP in a certain amount of time.

 

[wodongax]

Have a look at www.projecthoneypot.org
Although I haven't had to use it, I will implement it if or when I need it.

 

[shadowl3]

Hmm.. I m kinda beginner myself also but any ways you could have something taking control over IP adress.. Like something that denies same IP adress send new messages before count down or then just keeping track of IP-adressess and banning those who send spam.

But all I can say now is give a big hug and wish that you can do something. :3

 

[navhaxsx]

Catchpa's are really good - you should investigate into something like areyouhuman. In terms of anti-spam databases, there's also another one called stopforumspam