Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

guestbook trashing 2

Status
Not open for further replies.

loganswell

Programmer
Dec 28, 2000
111
GB
Hi,

I have a couple of web sites that have simple little guestbooks. They're coded using ASP in its simplest form reading / writing from / to an Access database.

I have recently been getting a huge number of spurious entries that are just "gobbledegook" and seem to serve no purpose even to the anonymous perpetrator. Although I can delete the entries easily enough, this is still very irritating and wonder if anyone has any ideas as to A. Why do people do this? B. How do they do it? and perhaps most importantly - C. How do I prevent it?

Any input would be much appreciated! :eek:)
 
If you do a search in this forum for guestbook you may find some help from other people's problems along this line.

Lee
 
Hi,

Me again... I am still having the same bother with my ASP guestbook only now it's worse. Do you think that if I introduced a system whereby an image file is displayed with a number or letters (like you get when joining Yahoo groups) would make a difference? The person who is making the genuine guestbook entry has to type the number into a text box and only if it's correct will the entry be submitted.

I also thought of password protecting the Access database and then hard-coding the password as part of the connection string.

Any ideas folks? :eek:)

Thanks, Jim
 
What does the setup of your access DB look like? Meaning how many columns and what data type are they?

I have one more question. What type of "gobbledegook" is being posted in your guestbook?

If you share these things, it may help us on the forum better answer your question.




[small]"Mom........MEATLOAF!!!! F***!!!!"[/small]
<.
 
The numbers as an image security is called CAPTCHA, and you can either do a search here, or try Google for information on it.

Lee
 
Hi monksnake,

Yes, I agree I was a bit vague but didn't want to go into too much detail at the outset.

You can see first-hand the nature of the problem if you are willing to have a look at the guestbook itself on the following web link:


I just "cleaned" it up last night and already there's a dozen or so new bogus entries.

There are 5 columns. The data types are just text fields with the exception of a date/time field that records when the entry was made.

I'd be happy to supply any more information that you may need. Thank you again for looking at this on my behalf.

Jim
 
Thank you trollacious. I shall look at this.

This is however only one option and I don't even know if it's what I need to solve my problem. For example this would be ineffective if the method of access to my database on the web server was direct ie by-passing my own ASP code.

Best wishes, Jim :eek:)
 
Hmm, an idea that comes to my mind is first off:

Data validation (make sure that fields contain valid data before it's allowed to submit)
Examples:
If a value is entered into the email address, make sure there is a '@' and a '.' in the string.
To make it easy, name should only allow letters and possibly single quotes and hypens.

Add a column to you table in Access that saves the IP addresses. If you get bogus info, have another table made that contains all these IP addresses of the bogus entry creators. Do a check against that table when a guestbook entry is submitted and don't allow those particular IP addresses to enter anything.

At first this make take some time manually putting these IP addresses in a table, but after you've gotten most the "problem" IP's in the table, a bogus entry won't happen that often.

That's just my idea.


[small]"Mom........MEATLOAF!!!! F***!!!!"[/small]
<.
 
Hi monksnake,

Thank you for your reply. Yes, the field validation idea is good but unfortunately most bogus entries are actually valid!
I already have some validation in that if you attempt to include the string "URL" or the string "http" then the message will be rejected. God knows how many bogus entries I'd have were it not for this validation!

I like the IP address catcher idea as at least that would exclude the persistent offenders.

Thank you!

Jim :eek:)
 
You're welcome. [afro]

[small]"Mom........MEATLOAF!!!! F***!!!!"[/small]
<.
 
Can you give an example of the trash data?

Depending on the nature of the data, you might be able to trap bogus input with rules like no single character appearing 3 times in a row or maybe not more than 10 characters without a vowel?
 
At the time I viewed the guestbook page, the only invalid guestbook entry had a non-email address for the email address. You could try some simple email address validation, which has also been covered here in the past with some excellent scripts provided.

It appears you could also filter out duplicate posts from the same email address.

Lee
 
Well I'm assuming many 'valid' entries are just slanderous garbage. He wants a way so that those type of entries aren't allowed to get posted. That's what I understood from his post.

[small]"Mom........MEATLOAF!!!! F***!!!!"[/small]
<.
 
Hi and thank you all for taking an interest. The entries aren't really slanderous or even offensive. It's all just stupid inane stuff like "Very nice site - your work is appreciated" and often you can easily tell that it's written by someone whose first language is not English. It wouldn't be so bad but the same message is repeated sometimes hundereds of times. I've never understood the point of doing it other than just the sheer fun of vandalism. At least spam e-mail however irritating has a point to it.

I have picked up some very good ideas by reading the various postings and thank you all once again for your thoughts.

Jim :eek:)
 
I think a combination of ideas may be the answer...

If the IP address contained in the guestbook submission is the same as the previous one and a period of say 48 hours has not elapsed, then reject submission.

That would surely eliminate the bulk entries but still allow a genuine human to make more than one entry if he / she waits a while.

Thanks, Jim :eek:)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top