the last days I have been thinking about another idea on how to stop spam posts, since I do not think Captcha would be the beast idea for a project like this (because Captcha blocks disabled users as well, and flatPHPbook is too small to include a Captcha-image-to-wav reader as e.g. Google Mail does).
I though about opening a new PHP session everytime the guestbook is called, and only allowing posts from users with a valid session, so that spam machines that simply fire off a POST event from their machine without really opening the page in a browser will not get through.
Any idea on whether this could work? I would have a hard time testing this (since I do not know if spammers really operate this way), but it sounded like a nice try.
Thomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
according to log files from server, first "get" function wil be started and short time later "post" message. Therefore your idea wouldn't work better. I'm thinking, that with this "get" request session variable is created already in exitsing version and with this post message is sent.
I'm using since few weeks guestbook with Captcha from other thread in this discussion and it works up to now.
Matthias
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
After making a few changes and adding a Captcha, I have a running version on a friends website. Because it is not my webspace, I cannot publish a link to this. Interesting fact: I left the old guestbook without a link to it on the webspace and put the flapPHPbook and Captcha in a new directory. The spammers still attack the old guestbook and nothing so far on the new one.
That gives me a different idea:
Becaue the guestbook is called directly, wouldnt it help to check where the guestbook is called from (if this is possible)? It would be something like "validateCallingPath || adminmode" just before "fwrite". That means, it would appear completely the same if called from outside your own webspace, but just doesnt write the file.
PS: If you're interested in the other changes I made (see "spam" thread) I could send you the files. Even if you dont like the idea of a captcha, simply take out the few lines calling it and keep the rest of the changes( i.e. mailnotification with full message, bugfix for customfields...).
rgds.
Andy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi everybody,
the last days I have been thinking about another idea on how to stop spam posts, since I do not think Captcha would be the beast idea for a project like this (because Captcha blocks disabled users as well, and flatPHPbook is too small to include a Captcha-image-to-wav reader as e.g. Google Mail does).
I though about opening a new PHP session everytime the guestbook is called, and only allowing posts from users with a valid session, so that spam machines that simply fire off a POST event from their machine without really opening the page in a browser will not get through.
Any idea on whether this could work? I would have a hard time testing this (since I do not know if spammers really operate this way), but it sounded like a nice try.
Thomas
Hallo Thomas,
according to log files from server, first "get" function wil be started and short time later "post" message. Therefore your idea wouldn't work better. I'm thinking, that with this "get" request session variable is created already in exitsing version and with this post message is sent.
I'm using since few weeks guestbook with Captcha from other thread in this discussion and it works up to now.
Matthias
Hallo Thomas
After making a few changes and adding a Captcha, I have a running version on a friends website. Because it is not my webspace, I cannot publish a link to this. Interesting fact: I left the old guestbook without a link to it on the webspace and put the flapPHPbook and Captcha in a new directory. The spammers still attack the old guestbook and nothing so far on the new one.
That gives me a different idea:
Becaue the guestbook is called directly, wouldnt it help to check where the guestbook is called from (if this is possible)? It would be something like "validateCallingPath || adminmode" just before "fwrite". That means, it would appear completely the same if called from outside your own webspace, but just doesnt write the file.
PS: If you're interested in the other changes I made (see "spam" thread) I could send you the files. Even if you dont like the idea of a captcha, simply take out the few lines calling it and keep the rest of the changes( i.e. mailnotification with full message, bugfix for customfields...).
rgds.
Andy