Little Antispam function (8 posts)

  1. Lucky1
    Posted 11 years ago #

    Today I have many commentspam. The spambot used ascii in the author field. I think it would be important to control if it use in that field and when its true the comment shouldn't insert into the database. What would you say?

    // Insert to stop spambots which use ASCII
    if(ereg("&#", $author)) die( "Stop spamming my Blog!" );

    The spambot used that: &# 111;nl&# 105;n&# 101; pok&# 101;r Normally its whitout a space between # and the number.

    I have make a little check for that, and if &# in the field I stop with a die().
    I insert it in funtions-post.php at line 456 before
    if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) )

    What do you think about a check like that?

    I hope that you understand my english. :|

    - bjoern

  2. akc
    Posted 11 years ago #

    There are legitimate uses of numeric entities, so I think the above code is a bit too strong. There was some code in the CVS (comments-functions.php?) that treated encoded *low* ASCII as a spam signature. Higher entities are left alone, as they should be.

  3. James Huff
    Support Representative
    Posted 11 years ago #

    Agreed. I know quite a few legitimate users (myself included) who enter their email addresses as ASCII, in order to avoid the email-harvesting bots.

  4. Lucky1
    Posted 11 years ago #

    My little function looks only in the author field not in the email. Its against the spambots which write there nicknames in ascii. ;( And the emailadress isn't shown, or not?

    And I think its works. No spam since I have added it.

  5. akc
    Posted 11 years ago #

    bjoern, you are right. Sorry I didn't look more closely.

  6. Tudor
    Posted 11 years ago #

    This works great, thank you!

  7. kyte
    Posted 11 years ago #

    so this piece of code will cause the comment to never be posted at all? just... "die"?

  8. Lucky1
    Posted 11 years ago #

    Yes it will cause. But I think in the latest nightly built I have tested(23.01.2005) there is a function in there which convert that ascii letters into "normal".

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.