View Full Version : OT HTML verification box

Chuck Wintle
07-05-2009, 8:46 AM
A question for those knowledgeable in HTML on this forum. On a friends website the guest book is being spammed with ads for meds and other stuff. :mad: What is the best way to prevent this from happening? :confused: I thought if I could add something like a verification box like they have when you register for forums etc? :)

Scott Shepherd
07-05-2009, 9:06 AM
Charles, I'm no HTML guru, just someone who's played around with this stuff on and off over the years. I can honestly say I've never seen a guestbook that worked. Not saying their aren't any, because I'm sure there are some, but in all my years of looking at sites and messing around, I've never seen one that worked.

I've installed PHP versions of them for people, and eventually, they were all trashed as well. It's just so tough. The verification boxes are crackable for the most part. The bots have figured out a way to read them for the most part, so even those stupid letters that we can't read as humans to fill the thing out, are being read by bots that are autofilling them in.

Only thing I've seen working fairly well is forcing them to answer a question, a real question. It's human verification, and even then, that only means the bot can't get to it. There are actually rooms of people around the world where people go every day and their job is to get past that and fill in spam related stuff. So no matter what you do with a guestbook, someone, somewhere is going to get past it.

Wish I could be more optimistic, but those people are ruthless.

Chuck Wintle
07-05-2009, 9:11 AM

I may try the human question as it seems like the best option. Thanks.:)

Kevin Arceneaux
07-05-2009, 10:52 AM
The blog owner may be able to block certain IP's.

Chuck Wintle
07-05-2009, 1:03 PM
The blog owner may be able to block certain IP's.

I don't know how to do that?:confused: The website is on tripod so maybe there is an option of that.

Scott Shepherd
07-05-2009, 1:20 PM
Blocking IP's is a lot of work. You can block IP's every day and you'll find your full of spam the next day. It's too many of them coming from too many places and you don't know the IP until they have already sent you stuff. It's like having a bucket size hole in your boat and a 6 oz cup to scoop the water out.

Frank Hagan
07-06-2009, 1:04 AM
Its the typical arms race. You can get past the bots by having a unique question that no one else has that the readers would be expected to know ... such as "What hobby do most people on SMC talk about?" with the answer "Woodworking".

The other technique is to have a field that is hidden from humans through CSS or HTML colors (white on white, for instance) that the bot will autofill. You could have a "City" field that doesn't appear to humans and test to see if there's anything in the field. Typical bot behavior is to put something in every field, and bots don't read colors well yet.

If you have access to install a program that keeps up to date in the "arms race", you have a better chance. Adapting Wordpress to work like a guest book would be the best one I can think of; there are some very good anti-spam plug ins for "comment spam" now. But that's a lot of program to add for that single function (and I doubt you can add it on a Tripod account). If it is a blog only, I would point him to Blogspot or Wordpress' free accounts instead of Tripod's.

Jerome Hanby
07-06-2009, 7:52 AM
If you have the source code for the guest book, it's not that hard to Incorporate a little imagemagik to generate graphic on the fly that has a passcode of somekind in it. Make the user type that passcode as part of the data they type in to make an entry. Check what they type vs what you generated and bounce them if it doesn't match.

If teh guestbook is some kind of canned application, you don't have much to work with except limiting access in some fashion. That or swap to another guestbook app that incorporates some kind of challenge like I described above.

For what it's worth, I ran into similar problems and geneerated the challenge stuff in perl...