Comments spambot attack

[JHoover]

Being able to add "comments" is a great part of my site, and I hate to turn it off the feature, however, the comments of three photos are now getting hit about once every 3 minutes my some spambot. Life was so good until now... Now I have to clear out the spam from the database frequently.

Any ideas on dealing with it? I really would rather not disable the comment feature and there does not seem to be away to authenticate users.

See spam in action:
http://www.geomyidae.com/index.php?RollID=pxhamlinemidway&FrameID=hamlinemidway095
http://www.geomyidae.com/index.php?RollID=pxhamlinemidway&FrameID=hamlinemidway096
http://www.geomyidae.com/index.php?RollID=pxhamlinemidway&FrameID=hamlinemidway097

[Julian Pedley]

Consider using www.protectwebform.com to generate the "real person test" images. See http://halifax.arterian.co.uk/gBook/guestBook.php for example. You would need to put the code in the same function that displays the comments form.

Regards

Jules

[JHoover]

Thanks! Great Idea, Sadly I cannot get it to work with Slooze.
I have tried several variations of adding the code in the slooze.php file. I can get the captcha to show up but when I enter the code all I get is "The image code you have provided does not match the actual one." *SIGH*

Here is the way I currently have the captcha code configured at www.geomyidae.com

Any ideas? Thanks again.

<SNIP>
  function showFormElementComment($comment = ""){

////////////////////////////////////////////////////////////
// Code provided by http://www.protectwebform.com

if($_GLOBALS['REQUEST_METHOD'] == 'POST' || count($_POST) > 0) {
$pwf_message = "The image code you have provided does not match the
actual one. Hit the 'back' button of your browser and input the correct code please.";

if(strlen($_POST['protectwebformcode']) > 30) {
        die($pwf_message);
}

$protectwebformresult =
    @file_get_contents( "http://protectwebform.com/verify01?vui=5427&vp=hfwc9zjrd8n7&ri=" .
    urlencode($_SERVER['REMOTE_ADDR']) . "&vs=" .
    urlencode($_POST['protectwebformcode']));
if(preg_match("|<authorization status=\&quot;0\&quot;|", $protectwebformresult)) {
    echo "Warning. You are not authorithed to use image protection provided by
        http://www.protectwebform.com. Read http://www.protectwebform.com
        FAQ for more information";
} elseif(!preg_match("|<verification result=\&quot;yes\&quot;/>|", $protectwebformresult)) {
    die($pwf_message);
}
}                                                                           
// End of code provided by http://www.protectwebform.com
//////////////////////////////////////////////////////////// 

 
    $this->show(SLZ_STR_COMMENT . ":<br>");
    $this->show("<textarea rows=\&quot;3\&quot; cols=\&quot;40\&quot; " . "name=\&quot;Comment\&quot;>" .
        $comment . "</textarea><br><div id=\&quot;captcha\&quot;><a href=\&quot;http://www.protectwebform.com/\&quot; title=\&quot;Captcha service - protectwebform.com!\&quot;><img src=\&quot;http://www.protectwebform.com/images/ssl_lock.gif\&quot; border=\&quot;0\&quot;></a> Enter the code shown in the image:<br /><input type=\&quot;text\&quot; style=\&quot;vertical-align:top;\&quot;  name=\&quot;protectwebformcode\&quot; value=\&quot;\&quot;> <img src=\&quot;http://protectwebform.com/image/5427/\&quot;></div>");
       
  }

<ENDSNIP>

[Julian Pedley]

Hi

Here is my code

$protectwebformresult =
    @file_get_contents(
"http://protectwebform.com/verify01?vui=<test>&vp=hfwc9zjrd8n7&ri=" .
    urlencode($_SERVER['REMOTE_ADDR']) . "&vs=" .
    urlencode($_POST['protectwebformcode']));
if(preg_match("|<authorization status=\&quot;0\&quot;|", $protectwebformresult)) {
    echo "Warning. You are not authorithed to use.

Suggest you get the code working in a simple test form outside slooze then build it in when its working.

That's my code - not from slooze - may be inspiration, but this is off-topic.

Regard