Problems with SPAM and bots Problems with SPAM and bots
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Problems with SPAM and bots

Started by ukcbajr, June 25, 2007, 05:01:08 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

ukcbajr

June 25, 2007, 05:01:08 AM
I noticed a few topics posted on this, but haven't seen any mention of this technique I use in my scripts (and which I added myself to coppermine.php scripts.)

For spam sent by robots (automated scripts), the bots essentially send form information to the ecard or comment scripts. It's as if the ecard form is on another webpage, but your webpage is doing the sending.

I add a filter at the start of my scripts to ensure all form information has been sent by my website. There's an environmental variable 'HTTP_REFERER' that contains this information. Here's the script (ok could be better written, but this is clear)

Quote
$eref = $_SERVER['HTTP_REFERER'];

$ecmatch=0;

if (stristr($eref, "http://www.mywebsite.com")) { $ecmatch=1; }
if (stristr($eref, "http://mywebsite.com")) { $ecmatch=1; }

if (!$ecmatch) {
   cpg_die(ERROR, $lang_ecard_php['error_no_data'], __FILE__, __LINE__);
}


For example, given that ecard.php can only be called from another .php script, I added this just before the line

Quote
pageheader($lang_ecard_php['title']);

Of course this won't stop the human spammer, but I hope this helps some...

Tranz

#1
June 25, 2007, 06:01:41 AM
Unfortunately, there is a flaw in depending on referer info since some users (knowingly or otherwise) have blocked or altered referer info for privacy purposes.
Print
Go Up Pages1
User actions