Topic: Tinychan's anti-spam code
+Anonymous A — 7 years ago #53,091
Tinychan is able to block all the spam that gets posted here without using CAPTCHA ( https://tinychan.org/failed_postings ).
I keep getting spam through the contact form on my website and don't want to add CAPTCHA because it's annoying. I've cut out around 90% of the spam by blocking messages which contain URLs. But I can't copy the more advanced features used by TC and other websites.
For example "Lurk for at least 120 seconds before posting" or "Wait a few seconds between starting to compose a post and actually submitting it.". I can't find examples of code which checks these things using Google.
Is there some code that does this which I can copy paste?
I keep getting spam through the contact form on my website and don't want to add CAPTCHA because it's annoying. I've cut out around 90% of the spam by blocking messages which contain URLs. But I can't copy the more advanced features used by TC and other websites.
For example "Lurk for at least 120 seconds before posting" or "Wait a few seconds between starting to compose a post and actually submitting it.". I can't find examples of code which checks these things using Google.
Is there some code that does this which I can copy paste?
(Edited 8 minutes later.)
+Symtax — 7 years ago, 52 minutes later[T] [B] #563,301
@OP
Yo OP - You basically need a database the store when a user first visits the page then check w/ when they press the submit button to see how long it took them
buuuuuuut a much easier way would be to create many fields in the form named stuff like "url and name" that you dont use and then check serverside to see if any changed then discard as spam - this is known as honeypot field and EXTREMELY effective
if you want another way of doing it like tinychan - if you're using php or so to make the form page then add a field of the current epoch second in php. after someone submits you can check the difference and block if it's quick
Yo OP - You basically need a database the store when a user first visits the page then check w/ when they press the submit button to see how long it took them
buuuuuuut a much easier way would be to create many fields in the form named stuff like "url and name" that you dont use and then check serverside to see if any changed then discard as spam - this is known as honeypot field and EXTREMELY effective
if you want another way of doing it like tinychan - if you're using php or so to make the form page then add a field of the current epoch second in php. after someone submits you can check the difference and block if it's quick
·Anonymous A (OP) — 7 years ago, 1 hour later, 2 hours after the original post[T] [B] #563,305
@previous (Symtax)
> if you want another way of doing it like tinychan - if you're using php or so to make the form page then add a field of the current epoch second in php. after someone submits you can check the difference and block if it's quick
Yeah, right. I want to do that but I don't know how, I suck at PHP. What do I need to search on Google to find a tutorial for something like that? It would probably block the rest of the spam I'm getting.
> if you want another way of doing it like tinychan - if you're using php or so to make the form page then add a field of the current epoch second in php. after someone submits you can check the difference and block if it's quick
Yeah, right. I want to do that but I don't know how, I suck at PHP. What do I need to search on Google to find a tutorial for something like that? It would probably block the rest of the spam I'm getting.
·Symtax — 7 years ago, 1 hour later, 3 hours after the original post[T] [B] #563,306
@previous (A)
it's a very easy thing 2 do and by posting the code 4U you wouldn't learn anything
I help those who help themselves
it's a very easy thing 2 do and by posting the code 4U you wouldn't learn anything
I help those who help themselves
+Anonymous C — 7 years ago, 8 minutes later, 4 hours after the original post[T] [B] #563,307
@563,301 (Symtax)
> the form named stuff like "url and name" that you dont use and then check serverside to see if any changed then discard as spam - this is known as honeypot field and EXTREMELY effective
This isn't very effective anymore. Spammers know that hidden fields should remain empty. They just ignore them.
> the form named stuff like "url and name" that you dont use and then check serverside to see if any changed then discard as spam - this is known as honeypot field and EXTREMELY effective
This isn't very effective anymore. Spammers know that hidden fields should remain empty. They just ignore them.
·Symtax — 7 years ago, 4 minutes later, 4 hours after the original post[T] [B] #563,308
@previous (C)
this works against 90% of spammers and for PROOF you can check failed postings in OP's link - most have BOT DETECTED which is 100% the honeypot detection
not saying U R wrong that this won't work against smart spammers - but even the method OP wants won't work either.
this works against 90% of spammers and for PROOF you can check failed postings in OP's link - most have BOT DETECTED which is 100% the honeypot detection
not saying U R wrong that this won't work against smart spammers - but even the method OP wants won't work either.
·Anonymous C — 7 years ago, 26 minutes later, 4 hours after the original post[T] [B] #563,309
·Anonymous A (OP) — 7 years ago, 1 hour later, 5 hours after the original post[T] [B] #563,312
@563,306 (Symtax)
Ok. I tried to make what you said here is my attempt: https://pastebin.com/pu5Du5rm
How is that?
Ok. I tried to make what you said here is my attempt: https://pastebin.com/pu5Du5rm
How is that?
(Edited 3 minutes later.)
+Dr. Chattanooga !!SlFawOoKvd — 7 years ago, 12 minutes later, 5 hours after the original post[T] [B] #563,313
@563,305 (A)Syntax doesn't know how to do it because the only things he has ever used a computer for are stalking Matt, Googling Wikipedia articles, and trying to impress younger men by pretending to know about computers.
·Symtax — 7 years ago, 3 minutes later, 5 hours after the original post[T] [B] #563,315
@563,312 (A)
yup looks about right except for the $timenow + 10
I don't know if you can assign variables like that, but other than that and the messed if statement which I think is a mistake
have to get my morning cup o joe and I'll look later after my many many meetings
yup looks about right except for the $timenow + 10
I don't know if you can assign variables like that, but other than that and the messed if statement which I think is a mistake
have to get my morning cup o joe and I'll look later after my many many meetings
+Anonymous E — 7 years ago, 37 minutes later, 6 hours after the original post[T] [B] #563,316
·Dr. Chattanooga !!SlFawOoKvd — 7 years ago, 14 minutes later, 6 hours after the original post[T] [B] #563,317
+Anonymous F — 7 years ago, 1 hour later, 8 hours after the original post[T] [B] #563,319
+Jim !a9Y4fazouc — 7 years ago, 34 minutes later, 9 hours after the original post[T] [B] #563,320
+Anonymous H — 7 years ago, 12 hours later, 21 hours after the original post[T] [B] #563,325
+Anonymous I — 7 years ago, 1 hour later, 22 hours after the original post[T] [B] #563,326
·Anonymous F — 7 years ago, 1 hour later, 1 day after the original post[T] [B] #563,327
+Anonymous J — 7 years ago, 5 hours later, 1 day after the original post[T] [B] #563,328
spam my anus
·Anonymous A (OP) — 7 years ago, 22 hours later, 2 days after the original post[T] [B] #563,333
@563,308 (Symtax)
I can't find any hidden text fields on Tinychan's new topic page with a new UID. Where are they?
I can't find any hidden text fields on Tinychan's new topic page with a new UID. Where are they?
·Symtax — 7 years ago, 7 minutes later, 2 days after the original post[T] [B] #563,334
@previous (A)
> <input name="form_sent" type="hidden" value="1">
> <input name="e-mail" type="hidden">
this is what eye C
> <input name="form_sent" type="hidden" value="1">
> <input name="e-mail" type="hidden">
this is what eye C
+Anonymous K — 7 years ago, 1 hour later, 2 days after the original post[T] [B] #563,336
·Jim !a9Y4fazouc — 7 years ago, 6 hours later, 2 days after the original post[T] [B] #563,343
+Eternal God Emperor Obama — 7 years ago, 3 hours later, 2 days after the original post[T] [B] #563,344
Just ask me to pass an executive order to make it publishable by death to spam your form and that will stop it
·Anonymous A (OP) — 7 years ago, 2 hours later, 2 days after the original post[T] [B] #563,345
@563,334 (Symtax)
Why would a bot change hidden fields? I don't think the "bot detected" error corresponds with that at all
Why would a bot change hidden fields? I don't think the "bot detected" error corresponds with that at all
·Anonymous B — 7 years ago, 23 hours later, 3 days after the original post[T] [B] #563,374
+Anonymous M — 7 years ago, 1 hour later, 3 days after the original post[T] [B] #563,375
·Anonymous C — 7 years ago, 38 minutes later, 3 days after the original post[T] [B] #563,376
·Symtax — 7 years ago, 3 hours later, 3 days after the original post[T] [B] #563,383
+Anonymous N — 7 years ago, 2 hours later, 4 days after the original post[T] [B] #563,385
What does the "Buh-bye!" or "Goodbye." signify? Are they getting banned for triggering filters?
·Symtax — 7 years ago, 6 days later, 1 week after the original post[T] [B] #563,494
+Anonymous O — 7 years ago, 2 days later, 1 week after the original post[T] [B] #563,577
+Anonymous P — 7 years ago, 5 days later, 2 weeks after the original post[T] [B] #563,689
The original source code (version 0.3) already had this check in place - have a look at this code snippet which starts on line 394 (of post.php):
Also...
else { // or a topic...
check_length($headline, 'headline', MIN_LENGTH_HEADLINE, MAX_LENGTH_HEADLINE);
if( ! $editing)
{
//Lurk more?
if($_SERVER['REQUEST_TIME'] - $_SESSION['first_seen'] < REQUIRED_LURK_TIME_TOPIC)
{
add_error('Lurk for at least ' . REQUIRED_LURK_TIME_TOPIC . ' seconds before posting your first topic.');
}
// Flood control.
$too_early = $_SERVER['REQUEST_TIME'] - FLOOD_CONTROL_TOPIC;
$stmt = $link->prepare('SELECT 1 FROM topics WHERE author_ip = ? AND time > ?');
$stmt->bind_param('si', $_SERVER['REMOTE_ADDR'], $too_early);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0)
{
add_error('Wait at least ' . FLOOD_CONTROL_TOPIC . ' seconds before creating another topic. ');
}
$stmt->close();Also...
if( ! $editing && $_SERVER['REQUEST_TIME'] - $_POST['start_time'] < 3 )
{
add_error('Wait a few seconds between starting to compose a post and actually submitting it.');
}(Edited 4 minutes later.)
·Anonymous P — 7 years ago, 3 minutes later, 2 weeks after the original post[T] [B] #563,690
@563,374 (B)
The "Bot detected." error corresponds with the hidden "e-mail" field:
The "Bot detected." error corresponds with the hidden "e-mail" field:
if( ! empty($_POST['e-mail']))
{
add_error('Bot detected.');
}·Anonymous A (OP) — 7 years ago, 17 hours later, 2 weeks after the original post[T] [B] #563,741
@previous (P)
That's interesting, thanks. The code you posted is probably overkill for a contact form. I'm checking the time it takes them to fill in the form, seems like that will catch most spam.
That's interesting, thanks. The code you posted is probably overkill for a contact form. I'm checking the time it takes them to fill in the form, seems like that will catch most spam.
Start a new topic to continue this conversation.
Or browse the latest topics.