Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

ASP guestbook and SPAM

  • 20-07-2006 11:17am
    #1
    Registered Users, Registered Users 2 Posts: 7,113 ✭✭✭


    Hi all,

    I scripted a nice and easy asp guestbook...only one problem now is that, it is getting spammed to pieces...

    What I want to do is generate a 4 digit random number (which I've done) and get the guestbook signer to enter the number and if its the same then let the signer's post get inserted in the DB....

    I dont want to go the CAPCHA (sp?) route, I just want quick and simple way of doing this...

    do I need to use a session variable or a cookie to hold the generated number ??

    just looking for a bit of help on this...
    Thanks in advance,

    I'll post my code when I get in from work! should be simple enough but I'm only getting back in asp!


Comments

  • Registered Users, Registered Users 2 Posts: 7,113 ✭✭✭mada999


    Bump??! :)


  • Registered Users, Registered Users 2 Posts: 706 ✭✭✭DJB


    Dunno if this is what you are looking for but here's a function to create a random code:
    FUNCTION GetRandomCode(sCode,nLength)
    
    	'Number of characters in the array below
    	nCharacters = 35
    
    	'Array of characters being used for the random code
    	aCodeArray = Array("a","b","c","d","e","f","g","h","i","j","k","l", _
    	"m","n","o","p","q","r","s","t","u","v","w","x", _
    	"y","z","1","2","3","4","5","6","7","8","9")
    
    	'Generates one random character until it reaches code length
    	FOR x = 1 TO nLength
    	RANDOMIZE
    
    	'Gets a random number based on the value in the nCharacters variable
    	sElement = (Int(((nCharacters - 1) * Rnd) + 1))
    
    	'builds the code on top of itself until complete by selecting the
    	'character from the array based on the random number generated above
    	sCode = sCode & aCodeArray(sElement)
    
    	NEXT
    
    	'Random code that is returned after codelength has been fulfilled
    	randomcode = sCode
    
    END FUNCTION
    

    A simple approach... put this code into a hidden field in the form. Display the code to the user and ask them to retype it into the textbox provided. When the user submits the form, check that the entered code matches the one in the hidden field. If it does, add to the db but if it doesn't, send them back to the form for resubmission.

    I'm sure the spam bots can get around this and that's why you see the image with the code in it on a lot of websites. That's the more advanced and time consuming to set up root but the above should get you started.

    Rgds,

    Dave


  • Registered Users, Registered Users 2 Posts: 21,263 ✭✭✭✭Eoin


    Have a look at the Request.ServerVariables collection, there are probably a few you could use to tighten the page a little. None are fool-proof, but may stop the casual attempts.

    This checks that the request was a POST, rather than a "get". This stops people being able to submit a request like this:
    page.asp?txtName=Eoin&txtComments=spam%20goes%20here&cmdSubmit=send
    If Request.ServerVariables["HTTP_METHOD"] = "POST" Then
    
    End If
    

    Checks that the script is the same
    If Request.ServerVariables["SCRIPT_NAME"] = "/stuff/page.asp" Then
    
    End If
    

    For all the server variables, create an ASP page with the following code. This will print out all the variables in a table.
    <html>
    	<head>
    		<title>ASP Server Variables</title>
    		<style type="text/css">
    			body
    			{
    				font-family: arial;
    				font-size: 10pt;
    			}
    			table, td
    			{
    				border-style: solid;
    				border-width: 1px;
    				border-color: silver;
    			}
    		</style>
    	</head>
    	<body>
    		<h1>ASP Server Variables</h1>
    		<table>
    			<tr>
    				<th>Server Variable Name</th>
    				<th>Server Variable Value</th>
    			</tr>
    			<% For each varName in Request.ServerVariables %>
    				<tr>
    					<td><%=varName%></td>
    					<td><%=Request.ServerVariables(varName)%>&nbsp;</td>
    				</tr>
    			<% Next %>
    		</table>
    	</body>
    </html>
    


  • Registered Users, Registered Users 2 Posts: 5,517 ✭✭✭axer


    mada999 wrote:
    Hi all,

    I scripted a nice and easy asp guestbook...only one problem now is that, it is getting spammed to pieces...

    What I want to do is generate a 4 digit random number (which I've done) and get the guestbook signer to enter the number and if its the same then let the signer's post get inserted in the DB....

    I dont want to go the CAPCHA (sp?) route, I just want quick and simple way of doing this...

    do I need to use a session variable or a cookie to hold the generated number ??

    just looking for a bit of help on this...
    Thanks in advance,

    I'll post my code when I get in from work! should be simple enough but I'm only getting back in asp!
    The best way to is definitely the captcha way - all the rest can be fooled. I guess even captcha can be fooled but it is alot harder. Here are links to captcha projects if you are interested:
    http://www.u229.no/stuff/Captcha/
    http://www.motobit.com/util/captcha/
    http://sourceforge.net/projects/asp-captcha

    Here is an interesting implementation of captcha:
    http://www.hotcaptcha.com/

    (I know you are not looking for a captcha solution but just in case you change your mind)


Advertisement