SPAM

[shawoody]

Hi,

I'm starting to get spam entries like everyday saying "Hi, great site." And then they leave a link to some business selling kitchen appliances, etc. I even had someone leave a link that dropped a trojan on my PC when I clicked it.

What is the next level up in terms of Anti-Spam for the G-book?

I had one idea, which was to add a registration component that requested email and password to sign in.

Please help!

[Klemen]

Hello,

Those entries must have been made manually since the SPAM filter prevents attempts to enter messages automatically (I would say at leas 90% of guestbook spam is posted like this).

I don't like the idea of username/password for a guestbook since people usually submit it one time only. And because your SPAM posts were obviously made manually by people having username/password wouldn't stop them.

Regards

[Guest]

So what's your solution? I mean, the fact that they were done manually exempts them in some way??

[shawoody]

I had an idea. Perhaps you could help me figure out how to construct this.

What if their Gbook entry were to be "nulled" if it lacked certain key words. For example, if my site were about movies and thier entry lacked the words "movie", "film", "actor", "actress", etc, then they would get an errror message saying that their post could not go through. You wouldn't have to say what the key words were, but the error message could say something like:" For Members Only" or "Please Try Again Later", or something like that. Because, anyone really familiar with the content of the site is bound to mention something in relation to the subject matter, at least that's been the case with my Gbook...they always mention certain things, AlWAYS.

This couldn't be too hard to configure. Wouldn't it be somewhat similar to the mandatory name entry? Suggestions please!?

[shawoody]

Okay. I found a solution. I created another sub-variable (my term) in the settings.php file which desigtanes a certain "key word". This actually worked because when I tried to leave a post without the key word, it wouldn't accpept the post. The only problem is that it ONLY allows that keyword and nothing else. I got the idea from the "apass" admin login entry, which gives you an error message if you type the wrong word (because, $settings['apass']="yourword" ). What would be the way to clearly state that if the comments field has "yourkeyword" in it, that it will then approve the message, without exclusively isolating the key word, but rather it looking for one or more key words in the entire entry, not just the keyword itself.

Please help. I'm almost there. I've been a loyal supporter of PHPJY. Don't leave me hangin' now folks.
... when you add this to the next update, I want credit. ; )
........

[Klemen]

So what's your solution? I mean, the fact that they were done manually exempts them in some way??

I don't think there really is one. You can't really block someone who wants to post something in your guestbook and actually visits it. GBook can prevent automated signups (majority of spam) and from the feedback I received it helped many people eliminate spam problems they had with their old guestbooks.

@shawoody:

I don't like that idea. Does really every honest person who submits your guestbook use those words (movie, film, ...)? What about other sites who use guestbook who are not themed so narrow, how would they choose keywords?

I don't think this will ever be added to the original release as it, in my opinion, brings more problems and complications then it solves.

Feel free to edit it yourself though. The message might be something like "Unfortunately your message could not be added at the moment because your comments don't seem to be relevant to the content of our website". A polite way of saying "what the heck are you posting?"

But if I was a honest person trying to sign your guestbook and got that message I might change my opinion about your site.

[shawoody]

Yeah, I hear what you're saying. I guess if a person's site wasn't very specific in the nature of it's content, this would not work. But in my case, the content is extremely specific. There are several, very primary factors involved which characterize the focus of the site. In other words, if people are not interested in these particular things, they will not be visiting my site, period!

All I am trying to do now is to define an "or" attribute somehow. As I told you, I figured out how to designate a keyword by applying the $settings[apass]="keyword" principal to the $comments field. What I need to know now is how to have several keywords instead of just one, so if it finds just one of these words, it will aceept the entry, and if it doesn't find at least one, they will get an error message.

I don't think this is too complex. I just don't have the knowledge at the tip of my fingers yet. I ask for your help. I'm an avid supporter of your gbooks and use them on multiple sites. I am a professional web designer and do not wish to play games or create nuisances for people. In fact, my goal is to minimize the number of tedious obstacles users will have to encounter (like clicking on a url and getting a trojan ). And for content-specific websites, I think this is a good solution for the gbook. Not that you should add it to the latest update, but just that you should help me figure out how to do it for my own...


I await your response and hope you'll help me figure out how to do this one last little thing....If $comments = "movie, film, actor, robert deniro"
....or something along these lines.

[Klemen]

but just that you should help me figure out how to do it for my own...

I don't want to sound rude or anything, but people tend to forget that just because I'm offering free scripts doesn't mean I'm a free programmer or something. You wouldn't believe how many requests I receive daily from people who need help fixing this, doing that, ... Hey, I've got other things to do and a living to make people

Anyway (had to let that out) I am going to give you *some* help here because this *could* be useful for others with themed sites, I hate SPAM and it's really not that much work.

First of all you don't want to mess with $settings[apass] as this variable is used for other purposes (admin password). You should use an array like this:

Code: Select all

$settings['keywords']=array('film','music','song');

Add as many valies as you wish (in quotes separated by a comma).

Then you should loop through the array and compare each value to the $comments:

Code: Select all

// Set $found to 0 by default ("not found")
$found=0;

// Loop through the array and compare values
foreach ($settings['keywords'] as $mykeyword)
{
  if (preg_match("/$mykeyword/i",$comments))
  {
    // found, change $found to 1 and exit loop
    $found=1;
    break;
  }
}

// If it wasn't found throw an error
if (!$found)
{
 problem('Your message is not relevant bla bla bla...');
}

That's it, you just need to paste it to the right place. Note I used the preg_match function to do case-insensitive maches (the "s" modifier).

Oh well, there went another 10 minutes of my free time I guess I will never have peace, I'm a too helpful guy


Off the subject: some pretty nice sites you designed. Are you mostly designing for Jazz artists?

[Guest]

Thank you very much for your time. I hear you. I guess you kind of spoiled me a little with your very professional and helpful support system. I won't push it like this again, I promise. It's just that several times people have left posts and when I clicked on their URL, I got a trojan dropped on my computer.

What you gave me is perfect. I didn't really mess with $settings[apass]. I just used the same principal to create another variable. 'Array' was exactly what I was thinking of but couldn't remember.

Believe me, I do appreicate your help, and it is this kind of consistency, dediaction, and generosity that ultimately leads to success....I wish you plenty.

Take care.

shawoody

[gbookerx]

I'd like to try that where would I paste it thanks

[Klemen]

This should go somewhere in the settings.php file

Code: Select all

$settings['keywords']=array('film','music','song');

And this should go in gbook.php for example to line 426, just below this code:
$comments = wordwrap($comments,$settings['max_word'],'<br>',1);

paste this:

Code: Select all

// Set $found to 0 by default ("not found")
$found=0;

// Loop through the array and compare values
foreach ($settings['keywords'] as $mykeyword)
{
  if (preg_match("/$mykeyword/i",$comments))
  {
    // found, change $found to 1 and exit loop
    $found=1;
    break;
  }
}

// If it wasn't found throw an error
if (!$found)
{
 problem('Your message is not relevant bla bla bla...');
}

Regards,

[Ninja1]

If you allow me...
I have very little knowledge about PHP so forgive me if this makes no sense.
I do know some C++ and judging from that it should be possible.

If this keywords array allows you to check for valid words wouldn't it be likely to work the other way round as well?

I mean, if the words Viagra and Pheromine (I think it was that) are in the eg badwords-array and there's a check for it being found instead of !found.

You could use both the found and the !found if wanted.
In that case both the automatic spamming and manual spamming would be stopped... a little bit anyway.

[Ninja1]

To elaborate a little...

Something like:

In settings.php file

Code: Select all

$settings['badkeywords']=array('viagra','pheromine','pr0n');

Then in gbook.php

Code: Select all

// Set $badfound to 0 by default ("not found") 
$badfound=0; 

// Loop through the array and compare values 
foreach ($settings['badkeywords'] as $mybadkeyword) 
{ 
  if (preg_match("/$mybadkeyword/i",$comments)) 
  { 
    // found, change $found to 1 and exit loop 
    $badfound=1; 
    break; 
  } 
} 

// If it was found throw an error 
if ($badfound) 
{ 
 problem('My wood is already long and hard enough bla bla bla...'); 
}

[Ninja1]

Me again... sorry

It seems to work okay.
Just have to be carefull which words to put in the array.

Adding a new check for "cialist" (another SPAM message) would stop the use of words like "specialist" as well.
Hopefully the check for "1cialist" (part of URL inside comment of SPAM message) will work better.

[Klemen]

Hi,

Yep, that would work. But the bad words array would have to be large with many words as SPAMMERS use any variation you could imagine. For example a few synonymes for "cialis" I just received in my daily SPAM dose:

Ciralis
Ciialis
Ciaalis
Ciyalis
Cibalis
C!al!s

And the list could go on and on for each spammy word...

Regards,