Full Version: [Resolved] Build a Blog
I used the Build a Blog Tutorial to build my blog. I've had it for quite a while with no problems. Now today, I look at my site and I have a bunch on new comments... All of it was spam. Is there any way that I can prevent that and still keep my blog as is? Or do I need to look into other blogging options?
Try implementing Jem's JavaScript spam protection. That tutorial is for BellaBook, but you should be able to tweak it for use in your comments form.
In your individual entries page, put this just after the comment box, but before the submit button:
Change SPAMWORD to something random as directed in the tutorial.
Then, in process.php, add this at the top:
Again, replace SPAMWORD with the word you used earlier.
In your individual entries page, put this just after the comment box, but before the submit button:
CODE
<script type="text/javascript">
<!--
document.write('<input type="hidden" name="spamtest" id="spamtest" value="SPAMWORD" />');
//-->
</script>
<!--
document.write('<input type="hidden" name="spamtest" id="spamtest" value="SPAMWORD" />');
//-->
</script>
Change SPAMWORD to something random as directed in the tutorial.
Then, in process.php, add this at the top:
CODE
if (!isset($_POST['spamtest']) || $_POST['spamtest'] != "SPAMWORD") {
echo "<p>JavaScript must be enabled to comment here due to spam restrictions in place.</p>";
exit;
}
echo "<p>JavaScript must be enabled to comment here due to spam restrictions in place.</p>";
exit;
}
Again, replace SPAMWORD with the word you used earlier.
Thanks so much! 
I was looking for the exact same thing for my blog and I'm glad it was already answered. The javascript is working correctly so hopefully this will keep the spammers away. Yay!
I was looking for the exact same thing for my blog and I'm glad it was already answered. The javascript is working correctly so hopefully this will keep the spammers away. Yay!
It keeps them away from a couple of guestbooks I have the code in - my logs show that by now I should have received 950 spam entries in the last month! 
I'm confident it will work for your blog too. 
I'm confident it will work for your blog too.
I've tried implementing this, but it refuses to work for me, for some reason.
I'm thinking of doing a simple verification field (5-2=). This would look similar to the mail field in that a character would be required, no? I'm not sure how to go about doing that, so a few pointers would be helpful if anyone has the time =)
I'm thinking after the comment box, I could make another field:
5-2= |___|
Then for the sql, I should type the following?:
Does this look right?
I'm thinking of doing a simple verification field (5-2=). This would look similar to the mail field in that a character would be required, no? I'm not sure how to go about doing that, so a few pointers would be helpful if anyone has the time =)
I'm thinking after the comment box, I could make another field:
5-2= |___|
Then for the sql, I should type the following?:
CODE
if (!eregi("3", $answer)) {
echo "Sorry, spamming isn't allowed"
exit;
}
echo "Sorry, spamming isn't allowed"
exit;
}
Does this look right?
Ahh!! My way works! I'm so excited, lol. XD
There was a step or two more than what I'd posted, but <3
I just seriously hope spambots don't try every single number again and again and again and again. =/ I really don't know the details of how those infuriating things work. >.<
I'm so excited, lol. XDThere was a step or two more than what I'd posted, but <3
I just seriously hope spambots don't try every single number again and again and again and again. =/ I really don't know the details of how those infuriating things work. >.<
FWIW: eregi() is far too complex a function for what you want to do - if ($answer == 3) would be much more appropriate
Oh yea? Hmm...will make it a point to test that later on.
Is it bad to use something "too complex" even if it achieves the end?
Is it bad to use something "too complex" even if it achieves the end?
Yes, it is. If a spammer answers anything that has 3 in it, that will get through your system. They could put in "free music viagra 3 spam spam spam" and that would get through.
Ugh, will change that pronto then!
Thanks for telling me, I didn't realize it could do that...so it doesn't matter which field has a three in it? Because the field for the answer I limited to one character only. Regardless, I will use the if = 3 way mentioned before.
Thanks for telling me, I didn't realize it could do that...so it doesn't matter which field has a three in it? Because the field for the answer I limited to one character only. Regardless, I will use the if = 3 way mentioned before.
Limiting a field's character length does absolutely nothing for spammers. They don't actually use your form, they spam your comment processing script directly - bypassing your character limit.
And no, the 3 thing will only happen with the protection field, no other fields.
And no, the 3 thing will only happen with the protection field, no other fields.
QUOTE(Sairah @ Jun 9 2008, 06:43 PM) 
Is it bad to use something "too complex" even if it achieves the end?
Depends entirely on the context, but in this instance you're ignoring pretty basic PHP functionality and it's not gaining you anything. (Not to mention the whopping great bug Amelie point out.)
Look into Comparison Operators - http://www.jemjabella.co.uk/beginners-guid...-php-part-three
you could make this alot better if you did something like
$digitOne = rand(1,99);
$digitTwo = rand(1,99);
$answer = $digitOne + $digitTwo;
//filteredpost being sanatised $_POST array
if(is_numeric($filteredPost['answer'])){
if(intval($filteredPost['answer']) == $answer){
//let em through
} else {
//invalid answer but was numeric.
}
//not even numeric...could be a spam attempt, however dont assume.
}
If you find bots still coming through then you can easily ramp it up a little by making your calculation operator be something other than addition. so for instance
$digitOne = rand(1,99);
$digitTwo = rand(1,99);
$operators = array('+','-','/','^');
$pickedOp = $operators[rand(0, count($operators))];
//need to use eval as we are turning a string into arithmetic
eval("\$answer=".$digitOne.$pickedOp.$digitTwo.";");
//$answer will hold the real answer.
CODE
$digitOne = rand(1,99);
$digitTwo = rand(1,99);
$answer = $digitOne + $digitTwo;
//filteredpost being sanatised $_POST array
if(is_numeric($filteredPost['answer'])){
if(intval($filteredPost['answer']) == $answer){
//let em through
} else {
//invalid answer but was numeric.
}
//not even numeric...could be a spam attempt, however dont assume.
}
If you find bots still coming through then you can easily ramp it up a little by making your calculation operator be something other than addition. so for instance
CODE
$digitOne = rand(1,99);
$digitTwo = rand(1,99);
$operators = array('+','-','/','^');
$pickedOp = $operators[rand(0, count($operators))];
//need to use eval as we are turning a string into arithmetic
eval("\$answer=".$digitOne.$pickedOp.$digitTwo.";");
//$answer will hold the real answer.
My noobidity strikes again! x_x
I'm going to have to devote an afternoon, roughly, to actually understanding these functions and such. o_o But I really like the $DigitOne, $DigitTwo deal. =)
My noobidity strikes again! x_x
I'm going to have to devote an afternoon, roughly, to actually understanding these functions and such. o_o But I really like the $DigitOne, $DigitTwo deal. =)
I'm going to have to devote an afternoon, roughly, to actually understanding these functions and such. o_o But I really like the $DigitOne, $DigitTwo deal. =)
My noobidity strikes again! x_x
I'm going to have to devote an afternoon, roughly, to actually understanding these functions and such. o_o But I really like the $DigitOne, $DigitTwo deal. =)
QUOTE(Sairah @ Jun 10 2008, 07:02 PM)
I'm going to have to devote an afternoon, roughly, to actually understanding these functions and such.
Best way to do it
The php manual is your friend!
This is super late since I was abroad for 3 months, but I'm so confused right now about where to type what. I'm also unsure about how to write the actual digitone + digittwo under the comment box. Any pointers?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.