# Frontpage Guestbook Spam



## batnip

Hello, I created a guestbook using FrontPage 2002, but in the last month Ive been getting about 5 entries a day that is totaly spam.

http://www.atnipfamily.com/guestbook.htm

Im not gonna post the guest book results so to protect the thousands of entrys that people have signed.

Is there a way to block IPs? cause I noticed that they are all the same "Remote Name" Whatever that means..

Remote Name: 
38.117.195.30
Remote User: 
HTTP User Agent: 
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

I would really appreciate any help, Ben


----------



## cwwozniak

A quick Google search for your problem turned up one possible solution:

http://forums.webworkshop.org/showthread.php?t=2910

It uses a validation field that requires that the submitter to put in a specific text string that you have listed on the form. This will not stop an live person from spamming the guestbook but should prevent spambots from automatically finding the form and submitting entries.


----------



## covert215

do you know php?


PHP:


<?
$domain = GetHostByName($REMOTE_ADDR);
if($domain == 38.117.195.30)

?>

change the url to a page that you want the visitor redirected to if it is their ip address


----------



## batnip

No I dont know PHP, Do I just copy that code into the guestbook page?
Also the guestbook file is a htm file, not a php file, will that make any difference?
Thanks


----------



## covert215

the guest book must post to a php file or another non-html file

there should be the html:

open the php file in that line of code and put the code i gave you near the top


----------



## batnip

covert215 said:


> the guest book must post to a php file or another non-html file
> 
> there should be the html:
> 
> open the php file in that line of code and put the code i gave you near the top


Umm... This is greek to me. Im totaly lost, note that Im pretty dum when it comes to webpages


----------



## covert215

i can tell

do you know how to check the source code in frontpage?


----------



## batnip

covert215 said:


> i can tell
> 
> do you know how to check the source code in frontpage?


Yes, I can do that.

Here it is.

Guest Book

*[FrontPage Save Results Component]*



Home 
| Guest Book | 
Schedule | 
Tapes and CD's | 
Murphy Method |
Your Story Hour | Photo 
Album | Biography

*Guest Book*

*Back 
to Home Page*

Required ***


Name ***
Street 
City 
State 
Zip Code 
Phone 
E-Mail

What is your favorite type of Gospel music? CHOOSE ONEBluegrassSouthern GospelContemporaryRockWesternCountryAcapellaOther

Besides Gospel music, What other music do you like?

Would you like us to send you info Yes No

Who Is Your Favorite Group Or Singers?

How did you find this site?

Comments 



*How Do You Rate This Web Site 
Bad 
Poor 
Fair 
Good 
Excellent

*


----------



## Rockn

WHy are you assuming their web host supports PHP?


----------



## thecoalman

Trying to ban IP's to stop spamming is like trying to plug a leak in the hoover dam with a band-aid. Short of banning entire blocks it's useless and even then is not practical since they will post from all the place. You need to employ methods such as verification from an image or other means.

The first I would do is remove the heading GuestBook and the text link Guestbook. 99% of spam posts are from bots and if they can't find it they won't post to it. I'd also suggest moving it form it's current location as the ones that have already found it won't be able to find it there. You can also deny the indexing of it in search engines using robots.txt.

Lastly if you have php and mysql look into replacing your current one with this: http://carbonize.co.uk/Lazarus/ It has many preventive measures for spam.

Trust me your fighting a tidal wave that has just begun. A guestbook such as that is your only choice if you want to prevent spam posts.


----------



## covert215

however, if all the spam is coming from 1 ip, why wouldn't you block it?


----------



## batnip

thecoalman said:


> Trying to ban IP's to stop spamming is like trying to plug a leak in the hoover dam with a band-aid. Short of banning entire blocks it's useless and even then is not practical since they will post from all the place. You need to employ methods such as verification from an image or other means.


Id rather not use verification numbers if I have to, and I had this guestbook for years, and never had a problem till now, And its all coming from the same IP address.


----------



## thecoalman

covert215 said:


> however, if all the spam is coming from 1 ip, why wouldn't you block it?


Because it doesn't. You can even get multiple messages with the same content from different IP's. You ban one and five more pop up. Generally they are either proxy servers or zombie machines so banning the IP is really fruitless. Even the image verificztion isn't 100% as they have programs that can read them as well.


----------



## batnip

cwwozniak said:


> A quick Google search for your problem turned up one possible solution:
> 
> http://forums.webworkshop.org/showthread.php?t=2910
> 
> It uses a validation field that requires that the submitter to put in a specific text string that you have listed on the form. This will not stop an live person from spamming the guestbook but should prevent spambots from automatically finding the form and submitting entries.


I gonna try to implent this into the guestbook, at least I can understand the directions. Thanks


----------



## thecoalman

batnip said:


> And its all coming from the same IP address.


BTW you can ban IP's with htacces if you have an apache server. Add this to your htaccess file:



> order allow,deny
> deny from <ip number>
> deny from <ip number>
> allow from all


But trust me, I've been down this road. It starts as a trickle and the next thing you know you're buried in it.


----------



## thecoalman

Here's an example: http://www.google.com/search?source...rls=GGLG,GGLG:2005-22,GGLG:en&q=PetPetitChina

12,500 returns in Google for that user name, all on forums. that was one that got through layers of spam prevention I have.


----------



## batnip

thecoalman said:


> BTW you can ban IP's with htacces if you have an apache server. Add this to your htaccess file:
> 
> But trust me, I've been down this road. It starts as a trickle and the next thing you know you're buried in it.


Oh cool, I think that might work, btw, I just added a validation feild, ( www.atnipfamily.com/guestbook.htm) How affective is that? its not a picture like you suggested so Im not sure its gonna be affective.


----------



## thecoalman

batnip said:


> its not a picture like you suggested so Im not sure its gonna be affective.


Depends on the complexity of the bot and how wide spread the code you are using is implemented. The trouble with that is the value is within the code of the page. I'll assume that is pretty common script for your guestbook and the validation is too, in that case the bots will look for that code and know exactly what to put there. The images that I'm referring too are randomly generated by the server with a different code each time...

anyhow...

If you change it slightly and impplement a picture it will work better, matter of fact you may be better protected that a lot of more popular forums or guestbooks because one of the reasons many bots are so sucessful is because they are all the same.

Change the 1234 here to something else:



Code:


S-Validation-Value="1234"

Cahnge the 1234 here to whatever you have used above:



Code:


Please enter &quot;1234&quot; in the box to validate your entry.&nbsp; (We had to add this to get rid of spammer bots)

Personally i'd just make it an image instead of the text.


----------

