Preventing spammers adding to my guest book?

[cooldude750]

Dear Web Professional,

I have a guest book in my web site built with ASP.

From time to time spammers add lot's of guest book record to our web site.

It seems that like the are running a script that adds many records to my SQL Server Database.

How can I make sure that the web site visitor had clicked the submit button instead running a script?

Do you have any idea of fixing this problem?

[cyanide]

What about getting rid of the guestbook?
I know this doesn't answer your question, but guestbooks are really outdated and don't really add anything credible or professional to a website

[carbonize]

Again I hate to bring up an old thread but you're wrong their Cyanide. The amount of people who have downloaded and use my own guestbook script in the three years I have been working on it shows that guestbooks are far from outdated.

[MursPlace]

Quote:

Originally Posted by cooldude750

How can I make sure that the web site visitor had clicked the submit button instead running a script?

Do you have any idea of fixing this problem?

We have many ways of stopping scripts.

1. CAPTCHA (those funky little hard to read characters.) (Search CAPTCHA ASP Classic get the ones that are distorted) Depending on your ASP knowledge pick something simple that you can work. Then change only if the scripts seem to be entering again.

2. Flood control: Session Time work ok limited rapid reposts. But after the session drop they are back sometimes. Not what I would do but it's a quick easy fix while you're making your morning coffee.
Search Flood control Sessions Classic ASP. But we all know 20 minutes they are back.

3. If you really think it's script and not a script kiddies then Check to see if it's human.
Simple code search for isHuman ASP Classic.

4. Along the same lines as isHuman you can just place a cookie and be done with it after one upload. If no cookie Response.Redirect("SendThemHome.Asp") or to a friendly page explaining cookies are needed. If you use Cookies be nice with what you do. SHA1 anything you place on their computer and don't push it past 30 days.

5. My favorite is IP to Post. New SQL table IPCheck Float 8 NULL.
When your guest signs your book record the IP (converted format Less Dot) Then you can stop repeated posts on a single connection.

Search for IPConvert( ASP Classic Modify things so you can.. work with it. Make it easy on yourself. Don't over do things.

I'm sure you'll find many other things once you start looking. CAPTCHA seems to be the most popular but I personally like cookies and IP's. Without either I don't think they are looking to do business anyway.

As for your question about Clicking the Submit button that would be a java script or something which I don't do but I'm sure some javascript ( onsubmit(CheckThis) ) or OnClick(CheckThis) type of event handler function would help.

I don't know what level you are at but with all this you can ASP fix it instead of Java fixing it.
I bet a simple CAPTCHA will do the trick and if not even a little.


Have fun!

[globaljobstrading]

Also, another option that you can use is to create a hidden field named like "last_name", and when the page is postedback to the server you check if that field has any values. If it does, that post came for sure from a boot, since a human will not be able to see you hidden field.

Hide the field using a CSS from an external file, not with codes inside the page.

This is a simple trick, but it works 99.99% of the time.