Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 6 Support
  4. Official Core Support - 6
  5. Guestbook spam

Guestbook spam

Asked Modified Viewed 12,102 times
Back to Forum Index Previous Topic Next Topic
Print
W
wijkkie
W
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
  • Started this discussions
asked
Junior Member

Hi,

I'm running Fusion v6.01.10 now. There is a validation into the guestbook, but still having spam on the guestbook.
The validation is an image. I don't know how they do it, but they can read the code!

somebody have a solution? or am i the only one with the problem?

Thanks
0 replies

16 posts

Y
Yoda
Y
Yoda 10
  • Member, joined since
  • Contributed 57 posts on the community forums.
  • Started 2 threads in the forums
answered
Member

Try changing the guestbook.php to guestbook1.php and link it only for members
0 replies
K
Ken
K
Ken 10
No Support by PM. Please use the forum.
  • Senior Member, joined since
  • Contributed 713 posts on the community forums.
  • Started 43 threads in the forums
answered
Senior Member

Believe me, changing the filename and changing the link will not work.
0 replies
D
doperwt
D
  • Junior Member, joined since
  • Contributed 11 posts on the community forums.
  • Started 1 thread in the forums
answered
Junior Member

I use the attached guestbook and so far no spam...
Edited by doperwt on 11-06-2007 15:29,
0 replies
J
jumpin
J
jumpin 10
  • Newbie, joined since
  • Contributed 8 posts on the community forums.
  • Started 5 threads in the forums
answered
Newbie

My solution was to use a 3rd party online guestbook, & integrate it into my site using wrapper infusion. PM me if you want details of the guestbook site.

John
0 replies
W
wijkkie
W
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
  • Started this discussions
answered
Junior Member

I use the guestbook of doperwt. Hope this works!

Thanks
Bedankt doperwt
0 replies
W
wijkkie
W
  • Junior Member, joined since
  • Contributed 37 posts on the community forums.
  • Started 15 threads in the forums
  • Started this discussions
answered
Junior Member

Didn't work for me.
Had spam in the guestbook again!!

The validation is a picture. Do the read the signs?

0 replies
M
muscapaul
M
Paul

Time flies like an arrow, fruit flies like banana (Groucho Marx)

Sites: Diptera.info (site owner); Online-Keys.net (site owner); Sciomyzidae.info (site co-owner); muscapaul.com (defunct; site owner)
  • Veteran Member, joined since
  • Contributed 1,075 posts on the community forums.
  • Started 8 threads in the forums
answered
Veteran Member

I got rid of spam in the guestbook by renaming the file and adjusting the link in the navigation panel accordingly. Moreover, just to be ceratin, I also changed the links name from Guestbook to Guest's Book. No spam since even though I sometimes had more than 10 spam messages before the change.
0 replies
Y
Yoda
Y
Yoda 10
  • Member, joined since
  • Contributed 57 posts on the community forums.
  • Started 2 threads in the forums
answered
Member

Like muscapaul said and that's what I was referring to in my post works perfectly for us, believe me :)
0 replies
X
Xessive
X
I am not always right, but I'm never wrong.
http://www.xessive.nl
  • Senior Member, joined since
  • Contributed 327 posts on the community forums.
  • Started 4 threads in the forums
answered
Senior Member

Download this infusion (security system).
It works great for me!

http://www.bs-fusion.de/infusions/pro....php?did=1
0 replies
L
lelebart
L
I don't know! I don't know why I did it, I don't know why I enjoyed it, and I don't know why I'll do it again! Bart Simpson
  • Member, joined since
  • Contributed 133 posts on the community forums.
  • Started 21 threads in the forums
answered
Member

Quote

Ken wrote:
Believe me, changing the filename and changing the link will not work.

yes i belive you, and i belive in it.
- i've changed the captcha with the powerfull amra's one (as i've successfully done for the contact.php),
- i've changed the name of the link (but i've didn't renamed the php file), {and yes, link only for members? it is a guestbook!! isn't it?}

so, if the new captcha is safer, and it is, it works propelly at http://siesciopai.altervista.org/contact.php (see the previous link) and at http://siesciopai.altervista.org/register.php, and, even if i'll add more validation systems the guestbook is still hacked, i think that the problem is the guestbook we've done!

so.. maybe we've to re-write it down..
0 replies
L
lelebart
L
I don't know! I don't know why I did it, I don't know why I enjoyed it, and I don't know why I'll do it again! Bart Simpson
  • Member, joined since
  • Contributed 133 posts on the community forums.
  • Started 21 threads in the forums
answered
Member

up: i've also re-write a bit of code, as TammyK suggested:

Quote

TammyK wrote:
I've tested this on my local install, and it works. Open register.php and go to line 159. Replace:

Code Download source


      $vcode_2 = md5($vcode_1);
      unset($temp_num);


With:

Code Download source


      $temp_num2 = md5(rand(0,9999)); 
      $vcode_fake = substr($temp_num2, 17, 5);
      $vcode_2 = md5($vcode_fake);
      unset($temp_num, $temp_num2);


That way the md5 that's passed via $_GET isn't related at all to the string in the image. The script uses vcode_2 to pull vcode_1 from the database when building the image, so there's no reason that vcode_2 can't be completely different from vcode_1. Now the bots don't have anything to check against their database of md5 values.

:@ but the guestbook is still spammed! :(
0 replies
L
lelebart
L
I don't know! I don't know why I did it, I don't know why I enjoyed it, and I don't know why I'll do it again! Bart Simpson
  • Member, joined since
  • Contributed 133 posts on the community forums.
  • Started 21 threads in the forums
answered
Member

yep (your code works greatly!), but my spam problem is only the guestbook.. :o
0 replies
C
cubbin
C
cubbin 10
Yours Cubbin
  • Junior Member, joined since
  • Contributed 19 posts on the community forums.
  • Started 3 threads in the forums
answered
Junior Member

Hi to all
I have the same problem whit my guestbook sometimes 5 to 10 spamming a day, even when i change the guestbook, to only users, it help.
Ii read a post in a forum whit some code to put in the guestbook, I tryed it and in the last mont and a half i only have 2 spamming post in my guestbook.
My Guestbook in the code window, change the red code to you site, if annyone spam my guestbook 99 % are redirected to my spamside that tell them find another site to spam.
Code:

Code Download source
<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright © 2002 - 2005 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
require_once "../../maincore.php";
require_once BASEDIR."subheader.php";
require_once BASEDIR."side_left.php";

if (file_exists(INFUSIONS."guestbook/locale/".$settings['locale'].".php")) {
   include INFUSIONS."guestbook/locale/".$settings['locale'].".php";
} else {
   include INFUSIONS."guestbook/locale/Danish.php";
}

if (!isset($action)) $action = "";

if ($action == "delete") {
   if (iADMIN) {
      $result = dbquery("DELETE FROM ".$db_prefix."guestbook WHERE guestbook_id='$guestbook_id'");
      redirect(FUSION_SELF);
   }
} elseif (isset($_POST['guest_submit'])) {
   $error = false;
   $guest_code = stripinput($_POST['guest_code']);
   $result = dbquery("SELECT * FROM ".$db_prefix."vcode WHERE vcode_1='$guest_code'");
   if (dbrows($result) == 0) {
      $error = true;
   } else {
      $result = dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_1='$guest_code'");
   }
   if (!$error && $_POST['guest_name'] != "" && $_POST['guest_email'] != "" && $_POST['guest_message'] != "") {
      $guest_name = trim(stripinput($_POST['guest_name']));
      $guest_email = trim(stripinput($_POST['guest_email']));
      $guest_weburl = trim(stripinput($_POST['guest_weburl']));
      $guest_webtitle = trim(stripinput($_POST['guest_webtitle']));
      $guest_message = trim(stripinput($_POST['guest_message']));
      [b][color=maroon]if (eregi("http://www",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("sex",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("porn",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("porno",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("viagra",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("free",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("ANAL",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("TEEN",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("ASS",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("blowjob",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("ASIAN",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("chat",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("gay",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }
      if (eregi("clip",$_POST['guest_message'])){ header("Location:http://www.c-holdets-oproer.dk/viewpage.php?page_id=11"); exit; }[/color][/b]
      if ($guest_name != "" && $guest_message != "") {
         if ($action == "edit") {
            if (iADMIN) {
               $result = dbquery("UPDATE ".$db_prefix."guestbook SET guestbook_name='$guest_name', guestbook_email='$guest_email', guestbook_weburl='$guest_weburl', guestbook_webtitle='$guest_webtitle', guestbook_message='$guest_message' WHERE guestbook_id='$guestbook_id'");
            }
         } else {
               $result = dbquery("INSERT INTO ".$db_prefix."guestbook VALUES('', '$guest_name', '$guest_email', '$guest_weburl', '$guest_webtitle', '$guest_message', '".time()."', '".USER_IP."')");
         }
      }
      redirect(FUSION_SELF);
   } else {
      opentable($locale['gb400']);
      echo "<div align='center'><b>".$locale['gb430']."</b><br>\n<span class='small'>";
      if ($error) { echo $locale['gb431']."<br>\n"; }   echo $locale['gb432']."</span></div>\n";
      closetable();
      tablebreak();
   }
} elseif ($action == "edit" && iADMIN) {
      $result = dbquery("SELECT * FROM ".$db_prefix."guestbook WHERE guestbook_id='$guestbook_id'");
      $data = dbarray($result);
      $guestbook_name = $data['guestbook_name'];
      $guestbook_email = $data['guestbook_email'];
      $guestbook_weburl = $data['guestbook_weburl'];
      $guestbook_webtitle = $data['guestbook_webtitle'];
      $guestbook_message = $data['guestbook_message'];
      $formaction = FUSION_SELF."?action=edit&guestbook_id=$guestbook_id";
} else {
   $guestbook_name = "";
   $guestbook_email = "";
   $guestbook_weburl = "";
   $guestbook_webtitle = "";
   $guestbook_message = "";
   $formaction = FUSION_SELF;
}
if ((!isset($rowstart) || $rowstart == 0)) {
   srand((double)microtime()*1000000); 
   $temp_num = md5(rand(0,9999)); 
   $vcode_1 = substr($temp_num, 17, 5); 
   $vcode_2 = md5($vcode_1);
   unset($temp_num);
   $result = dbquery("INSERT INTO ".$db_prefix."vcode VALUES('".time()."', '$vcode_1', '$vcode_2')");
   opentable($locale['gb400']);
   echo "<form name='inputform' method='post' action=$formaction>
<table align='center' cellpadding='0' cellspacing='0'>
<tr>
<td align='right' class='tbl'>".$locale['gb401']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='guest_name' value='$guestbook_name' class='textbox' style='width:200px'></td>
</tr>
<tr>
<td align='right' class='tbl'>".$locale['gb402']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='guest_email' value='$guestbook_email' class='textbox' style='width:200px'></td>
</tr>
<tr>
<td align='right' class='tbl'>".$locale['gb403']."</td>
<td class='tbl'><input type='text' name='guest_weburl' value='$guestbook_weburl' class='textbox' style='width:200px'></td>
</tr>
<tr>
<td align='right' class='tbl'>".$locale['gb404']."</td>
<td class='tbl'><input type='text' name='guest_webtitle' value='$guestbook_webtitle' class='textbox' style='width:200px'></td>
</tr>
<tr>
<td class='tbl'>".$locale['gb407']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'>";
   if ($settings['validation_method'] == "image") {
      echo "<img src='".INFUSIONS."guestbook/validate.php?gbvimage=$vcode_2'>\n";
   } else {
      echo "<b>$vcode_1</b>\n";
   }
   unset($vcode_1,$vcode_2);
   echo "</td>
</tr>
<tr>
<td class='tbl'>".$locale['gb408']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='guest_code' class='textbox' style='width:100px'></td>
</tr>
<tr>
<td align='right' valign='top' class='tbl'>".$locale['gb405']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><textarea name='guest_message' rows='5' class='textbox' style='width:250px'>$guestbook_message</textarea><br><br>
".displaysmileys("guest_message")."
</td>
</tr>
<tr>
<td class='tbl'></td>
<td class='tbl'><input type='submit' name='guest_submit' value='".$locale['gb406']."' class='button'></td>
</tr>
</table>
</form>\n";
   closetable();
   tablebreak();
}
opentable($locale['gb420']);
$result = dbquery("SELECT * FROM ".$db_prefix."guestbook");
$rows = dbrows($result);
if (!isset($rowstart) || !isNum($rowstart)) $rowstart = 0;
if ($rows != 0) {
   tablebreak();
   $i = 1;
   $result = dbquery("SELECT * FROM ".$db_prefix."guestbook ORDER BY guestbook_datestamp DESC LIMIT $rowstart,10");
   $numrows = dbrows($result);
   while ($data = dbarray($result)) {
      if ($data['guestbook_weburl']) {
         $weburl = str_replace("http://", "", $data['guestbook_weburl']);
         $web = "\n | <a href='http://$weburl' target='_blank'>";
         if ($data['guestbook_webtitle']) { 
            $web .= $data['guestbook_webtitle']."</a>\n";
         } else {
            $web .= $weburl."</a>\n";
         }
      } else {
         $web = "";
      }
      echo "<table align='center' cellpadding='0' cellspacing='1' width='80%' class='tbl-border'>
<tr>
<td class='tbl2'>
<table cellpadding='0' cellspacing='0' width='100%'>
<tr>
<td class='small'><b><a href='mailto:".$data['guestbook_email']."'>".$data['guestbook_name']."</a></b>$web</td>\n";
      if (iADMIN && $data['guestbook_ip'] != "0.0.0.0") echo "<td align='right' class='small'>IP: ".$data['guestbook_ip']."</td>\n";
      echo "</tr>
</table>
</td>
</tr>
<tr>
<td class='tbl1'>".parsesmileys(parseubb($data['guestbook_message']))."</td>
</tr>
<tr>
<td class='tbl2'>
<table cellpadding='0' cellspacing='0' width='100%'>
<tr>
<td class='small'>
".showdate("longdate", $data['guestbook_datestamp'])."</td>\n";
      if (iADMIN) {
         echo "<td align='right' class='small'><a href='".FUSION_SELF."?action=edit&guestbook_id=".$data['guestbook_id']."'>".$locale['gb421']."</a> |
<a href='".FUSION_SELF."?action=delete&guestbook_id=".$data['guestbook_id']."' onClick='return DeleteMessage();'>".$locale['gb422']."</a></td>\n";
      }
      echo "</tr>
</table>
</td>
</tr>
</table>\n";
      if ($i != $numrows) echo "<br>\n";
      $i++;
   }
   tablebreak();
} else {
   echo "<center><br>\n".$locale['gb423']."\n<br><br></center>\n";
}
closetable();

if ($rows != 0) echo "<div align='center' style='margin-top:5px;'>\n".makePageNav($rowstart,10,$rows,3,FUSION_SELF."?")."\n</div>\n";

echo "<script>
function DeleteMessage() {
   return confirm(\"".$locale['gb424']."\");
}
</script>\n";

require_once BASEDIR."side_right.php";
require_once BASEDIR."footer.php";
?>


So until spammer find another way i am happy
0 replies
A
AlBundyJr
A
  • Newbie, joined since
  • Contributed 1 post on the community forums.
answered
Newbie

cubbin: Seems like your solution is working:D

thanks
0 replies
B
Basti
B
Basti 10
[PHP-Fusion Crew Member & Admin from June 2008 - December 2010]

http://basti2web.de - Support Site for my infusions
  • Veteran Member, joined since
  • Contributed 1,099 posts on the community forums.
  • Started 32 threads in the forums
answered
Veteran Member

I'd take this Guestbook v3.1:
http://basti2web.de/infusions/pro_dow...p?catid=13

Tomorrow there will be a new version v3.2 ;)
0 replies
C
cubbin
C
cubbin 10
Yours Cubbin
  • Junior Member, joined since
  • Contributed 19 posts on the community forums.
  • Started 3 threads in the forums
answered
Junior Member

To AlBundyJr ;)

I can not take credit for somthing i read and share whit others,
but it is good if i can help, like i have get help when i had some trobles
0 replies

Category Forum

Official Core Support - 6

Labels

None yet

Statistics

  • Views 0 views
  • Posts 16 posts
  • Votes 0 votes
  • Topic users 11 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet