Private Password
I have a question, on one of my websites I am running a guestbook, I have made many modifications to the script, and can not get people from spamming, my question is, I want to make a private password and add it to the script, so that only people who know the password can actually post, I have that option for one portion of the website, but not the main guestbook portion, and tried to move it over to the regular part of the posting area, but it didnt work.
I have emailed the people that wrote the script, and they said they were aware of the unwanted posts problem, they told me to add the folder that the guestbook is in to my htaccess, that isnt an option, because I get a lot of visitors to that page from search engines, and have no problem with that, but I have so many ip's banned on the script that it is ridiculous, I added another form of "protection" via captcha to the site, but it didnt work either.
So anyone have any suggestions on what I can add or to make a private password so I can get rid of this problem?
the url to the page I am wanting to protect is below
cow-wrestling .com / cowstand/ cowboard.php
(there are no spaces in there, I diliberatly put them in there on this post)
kb posted this at 01:43 — 16th May 2007.
He has: 1,380 posts
Joined: Feb 2002
Could you post some code? Linking us to the PHP file doesn't work, seeing as how the PHP is compiled at runtime.
Also, did you consider a CAPTCHA?
demonhale posted this at 04:00 — 16th May 2007.
He has: 3,278 posts
Joined: May 2005
I suggest using a CAPTCHA too...
jennbell posted this at 09:47 — 16th May 2007.
They have: 23 posts
Joined: May 2007
There is already two forms of captcha on the page, I have a regular captcha in php which I can not modify, and then I have one in java, which doesnt allow you to post unless you type in the correct code.
But I am still getting unwated posts.
Edit: the entire script is in php, so the link I posted is directly to the page I am wanting to protect, I wouldnt begin to know where to get the code, because there are so many php files, If I just copied the code from that php file it wouldnt show everything.
Professional Link Management System
demonhale posted this at 10:43 — 16th May 2007.
He has: 3,278 posts
Joined: May 2005
I think theres something wrong with your captcha, try and delete the Javascript one, and show us the php captcha version...
If you want a better captcha, go to my site and go to the credits page, you'll see a link there for the captcha I used that never failed me,
or try this link, although I dont guarantee this one... http://www.white-hat-web-design.co.uk/articles/php-captcha.php
or this
http://www.it-guru.co.uk/showthread.php?t=171
jennbell posted this at 10:52 — 16th May 2007.
They have: 23 posts
Joined: May 2007
I can not modify the captcha already on the script, I have tried, and it doesnt work, the captcha will not come up. I have tried using another captcha and that too did not work. because the gbtoken is all over, and when I try to change it, it doesnt work.
this is the code in the captcha.php file
I have a captcha script that I got off of another site, that I modified so I could use it on my contact forms, which I also tried to put on the guestbook, but it didnt work, because it wouldnt call up properly.
Professional Link Management System
jennbell posted this at 10:55 — 16th May 2007.
They have: 23 posts
Joined: May 2007
"If you are on your site everyday, you could rewrite the script so it submits the entry but needs you to confirm before it is visible on the site (add a note in big letters though as people will repost over and over before they realise - people are dumb)"
I am having to be on the site every day because I get so many spam a day on that board, I have tried to rewrite it as well so that I have to approve the posts, but I only got so far, because it didnt work either.
I have been asked by the people who regularly use that board to use a forum instead, but I can not find a script I like. the ones that I have seen dont offer the features I want. So for now, the guestbook is the best option if I could stop the spam
Professional Link Management System
jennbell posted this at 10:57 — 16th May 2007.
They have: 23 posts
Joined: May 2007
And I want to thank you guys for your help. I really apprecaite it.
Busy posted this at 10:41 — 16th May 2007.
He has: 6,151 posts
Joined: May 2001
I had an issue with my email being spammed, so I just disallowed the use of links (blocked http:// ) and they have since given up, looking at the logs it looked like a very stupid person or a badly written bot.
If you are on your site everyday, you could rewrite the script so it submits the entry but needs you to confirm before it is visible on the site (add a note in big letters though as people will repost over and over before they realise - people are dumb)
Another option is to loose the guestbook and use a forum, lots more power on admin side from blocking of ip's to limiting who, where, when etc, down side to that is they'd have to register.
Busy posted this at 21:39 — 16th May 2007.
He has: 6,151 posts
Joined: May 2001
phpbb is a free forum, has lots of skins and addons, and I believe it has option to choose which parts of it you actually use, you could use this as a temporary measure until you find one you like and in doing so may stop the spammers
demonhale posted this at 04:23 — 17th May 2007.
He has: 3,278 posts
Joined: May 2005
Actually, if you could hire a coder to better implement your captcha as the simplicity of the guestbook maybe whats attracting your visitors.
But if you need to update to a forum, I also suggest phpbb and SMF...
jennbell posted this at 10:25 — 17th May 2007.
They have: 23 posts
Joined: May 2007
I just figured out how to get the other captcha to come up, but now, I can not figure out how to get the guestbook to recognize it. It keeps telling me one of the fields in not valid. (it has been switched back to the original version temporarily)
has anyone ever used the guestbook called "Advanced Guestbook" and successfully changed the captcha?
Professional Link Management System
jennbell posted this at 10:45 — 17th May 2007.
They have: 23 posts
Joined: May 2007
I have used phpbb on a different site up until about a year ago, but never had much luck with that, because it kept getting errors, and wiping my database clean.
My only problem with using a fourm, is that many people that post on the board, use different names each time they post or have several different aliases, so they would have to have several different accounts in order to post, that is the main reason for not wanting to put a fourm up instead of a guestbook
Professional Link Management System
Busy posted this at 05:27 — 18th May 2007.
He has: 6,151 posts
Joined: May 2001
It sounds like a spammers heaven
maybe look around places like hotscripts.com etc for another guestbook
jennbell posted this at 10:00 — 18th May 2007.
They have: 23 posts
Joined: May 2007
Thanks!
I have looked at hotscripts, and that is where I found this guestbook, but none of the other guestbooks have the features I need, or spam protection.
Is there anyway I can force a password screen to pop up before people are allowed to post, like when they hit submit a screen pops up and then they have to type in the valid password in order for the post to be accepted?
I can not figure out how to do it, and the people who wrote the script are not too helpful.
There is another version of that script adapted but I dont see how it is any more secure.
And the author of the script just told me he was aware of the problem.
So I guess my options are to find a way to force a password, or to find a new guestbook or fourm even.
Professional Link Management System
Busy posted this at 11:10 — 18th May 2007.
He has: 6,151 posts
Joined: May 2001
you'd be better off just adding it into the reply/post box option page, but you have to remember these aren't bot proof.
Is your spam repeative? same junk ? if so then it's probably a bot not a person spamming your guestbook.
What these spammers do is download free scripts etc and adapt spam bots to spam them, the only way around it is a forum based (but even these can be effected) or some major rewriting of the script, changing variable names and values as well as validation ... which can be very time consuming
jennbell posted this at 11:17 — 18th May 2007.
They have: 23 posts
Joined: May 2007
Well I dont think it is the same websites, but it is the same type of junk, and the email addresses are usually similar, like something dot hotpop dot com or something dot ru
Those are usually who they are from.
I have realized that they arent bot proof, by the amount times I have renamed the folder and the php file and still get the spam.
I guess it looks like I have to go to a forum, which I dont really want to do, but looks like have to, since I dont know how to rewrite scripts, but do know how to modify them.
Well thanks for your help though.
Professional Link Management System
jennbell posted this at 11:26 — 18th May 2007.
They have: 23 posts
Joined: May 2007
Is there anyway for me to block that in my htaccess or robots.txt from bots reading that php page?
I know that bots dont always follow directions, and stuff, but I wonder if that would work if there is a way to block bots from reading it, thereby keeping them from spamming?
Professional Link Management System
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.