Hey.

So in just the past 2 days, my website has just recently experienced a tsunami of spam. It's a simple site where people anonymously post their confessions for others to read or submit themselves.

But last night when I checked, there was around 20 posts of someone advertising their website. I took action by deleting everyone of them, but then today it happened again. So I took further action by setting up a human intelligence question and adding a hidden form field to submit the users ip.

But since the spam contained links, I want to know how I can make it so that form doesn't submit anything if the perpetrator sets their bot to answer my question. My pages strip html tags anyway, but how can I cancel their post all together?

<form id="form1" name="form1" method="POST" action="<?php echo $editFormAction; ?>">
          <p><label for="confess">
              <textarea name="confess" id="confess" cols="60" rows="8"></textarea>
              </label><br>
              <img src="Images/giraffe.jpg" alt="hii" style="float:left;"><p>What is the name of the animal in the picture?</p>
              <input type="text" name="hii" />
          </p>
          <input type="hidden" name="ip" value="<?php echo $_SERVER['REMOTE_ADDR']; ?>">
          <br>
          <p>
                   <input type="submit" name="confess2" id="confess2" value="Confess" />
          </p>
          <input type="hidden" name="MM_insert" value="form1" />
        </form>
Member Avatar
diafol

How many comments do you allow per user per day? If only 1, you could be OK, if whatever somebody wants, that's a bit more difficult.

You could use a preg_match() to check for links as opposed to simply stripping them. If a link is in the post, reject it. Do these posts have unusual phrases in common (OK maybe an oxymoron)? Search for them and reject them.

I've never heard of this preg_match(). How would I use this?

Definitely check out this link for extra info on usage and syntax: http://php.net/manual/en/function.preg-match.php

Using this will require a bit of knowledge of regex (REGular EXpressions), which can be a pain and confusing at first, but definitely good to be familiar with, as regex can be used in many languages.

Essentially, using preg_match() will allow you to check a string for a matching pattern. For instance, you can search comments that people submit for a pattern that would be common to links, such as 'http://', 'www', '.com', etc. Then you can search for the pattern in the comment being posted and if it finds a match for something like 'http://somesite.com' or 'http://www.somesite.org' or anything like that (it depends on the regex you are searching for), you can either reject the post or replace the matching substring with some text like 'LINK REMOVED'.

Here are some good examples and resources to help you:


http://RegExLib.com is a great place to find already-written regular expressions that you can use in your code.

^[a-zA-Z0-9\-\.]+\.(com|org|net|mil|edu|COM|ORG|NET|MIL|EDU)$
This is a regex pattern that will match valid URLs in a string. I found it here: http://regexlib.com/REDetails.aspx?regexp_id=25

Also, you may want to read the thread at http://stackoverflow.com/questions/1141848/regex-to-match-url. People have posted some good regex patterns to match what you are trying to do.

Hope that helps! Regex can be tough, but knowing it and/or knowing where to find examples are well worth it in the end.