Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

ASP guestbook and SPAM

Options
  • 20-07-2006 12:17pm
    #1
    mada999
    Registered Users Posts: 7,097 ✭✭✭


    Hi all,

    I scripted a nice and easy asp guestbook...only one problem now is that, it is getting spammed to pieces...

    What I want to do is generate a 4 digit random number (which I've done) and get the guestbook signer to enter the number and if its the same then let the signer's post get inserted in the DB....

    I dont want to go the CAPCHA (sp?) route, I just want quick and simple way of doing this...

    do I need to use a session variable or a cookie to hold the generated number ??

    just looking for a bit of help on this...
    Thanks in advance,

    I'll post my code when I get in from work! should be simple enough but I'm only getting back in asp!


Comments

  • Options
    #2
    mada999
    Registered Users Posts: 7,097 ✭✭✭mada999


    Bump??! :)


  • Options
    #3
    DJB
    Registered Users Posts: 706 ✭✭✭DJB


    Dunno if this is what you are looking for but here's a function to create a random code:
    FUNCTION GetRandomCode(sCode,nLength)

	'Number of characters in the array below
	nCharacters = 35

	'Array of characters being used for the random code
	aCodeArray = Array("a","b","c","d","e","f","g","h","i","j","k","l", _
	"m","n","o","p","q","r","s","t","u","v","w","x", _
	"y","z","1","2","3","4","5","6","7","8","9")

	'Generates one random character until it reaches code length
	FOR x = 1 TO nLength
	RANDOMIZE

	'Gets a random number based on the value in the nCharacters variable
	sElement = (Int(((nCharacters - 1) * Rnd) + 1))

	'builds the code on top of itself until complete by selecting the
	'character from the array based on the random number generated above
	sCode = sCode & aCodeArray(sElement)

	NEXT

	'Random code that is returned after codelength has been fulfilled
	randomcode = sCode

END FUNCTION

    A simple approach... put this code into a hidden field in the form. Display the code to the user and ask them to retype it into the textbox provided. When the user submits the form, check that the entered code matches the one in the hidden field. If it does, add to the db but if it doesn't, send them back to the form for resubmission.

    I'm sure the spam bots can get around this and that's why you see the image with the code in it on a lot of websites. That's the more advanced and time consuming to set up root but the above should get you started.

    Rgds,

    Dave


  • Options
    #4
    Eoin
    Registered Users Posts: 21,257 ✭✭✭✭Eoin


    Have a look at the Request.ServerVariables collection, there are probably a few you could use to tighten the page a little. None are fool-proof, but may stop the casual attempts.

    This checks that the request was a POST, rather than a "get". This stops people being able to submit a request like this:
    page.asp?txtName=Eoin&txtComments=spam%20goes%20here&cmdSubmit=send
    If Request.ServerVariables["HTTP_METHOD"] = "POST" Then

End If

    Checks that the script is the same 
    If Request.ServerVariables["SCRIPT_NAME"] = "/stuff/page.asp" Then

End If

    For all the server variables, create an ASP page with the following code. This will print out all the variables in a table. 
    <html>
	<head>
		<title>ASP Server Variables</title>
		<style type="text/css">
			body
			{
				font-family: arial;
				font-size: 10pt;
			}
			table, td
			{
				border-style: solid;
				border-width: 1px;
				border-color: silver;
			}
		</style>
	</head>
	<body>
		<h1>ASP Server Variables</h1>
		<table>
			<tr>
				<th>Server Variable Name</th>
				<th>Server Variable Value</th>
			</tr>
			<% For each varName in Request.ServerVariables %>
				<tr>
					<td><%=varName%></td>
					<td><%=Request.ServerVariables(varName)%>&nbsp;</td>
				</tr>
			<% Next %>
		</table>
	</body>
</html>


  • Options
    #5
    axer
    Registered Users Posts: 5,517 ✭✭✭axer


    mada999 wrote:
    Hi all,

    I scripted a nice and easy asp guestbook...only one problem now is that, it is getting spammed to pieces...

    What I want to do is generate a 4 digit random number (which I've done) and get the guestbook signer to enter the number and if its the same then let the signer's post get inserted in the DB....

    I dont want to go the CAPCHA (sp?) route, I just want quick and simple way of doing this...

    do I need to use a session variable or a cookie to hold the generated number ??

    just looking for a bit of help on this...
    Thanks in advance,

    I'll post my code when I get in from work! should be simple enough but I'm only getting back in asp!
    The best way to is definitely the captcha way - all the rest can be fooled. I guess even captcha can be fooled but it is alot harder. Here are links to captcha projects if you are interested:
    http://www.u229.no/stuff/Captcha/
    http://www.motobit.com/util/captcha/
    http://sourceforge.net/projects/asp-captcha

    Here is an interesting implementation of captcha:
    http://www.hotcaptcha.com/

    (I know you are not looking for a captcha solution but just in case you change your mind)


Advertisement