SitePoint Sponsor

User Tag List

Results 1 to 20 of 20
  1. #1
    SitePoint Addict
    Join Date
    Jun 2007
    Location
    Plymouth uk
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help needed to stop rubbish being entered

    ok i am trying to run a simple web site that allows peeps who have lost there pets or found a pet
    to put it on my web site the addy is lostpetsplymouth.com
    but i have been getting some rubbish posted
    i am using formtoemailpro.php which is i thought suppose to stop this kind of thing
    or do i need some thing else
    please feel free to try and enter some rubbish to see what i mean
    cheers
    Doug
    an old man of 60 trying to keep up with the youngsters he he
    http://lostpetsplymouth.net16.net

  2. #2
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try ReCaptcha
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  3. #3
    SitePoint Addict
    Join Date
    Jun 2007
    Location
    Plymouth uk
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks but i cant see how that would really help yes it stops bots
    but it wouldnt stop humans
    cheers
    Doug
    an old man of 60 trying to keep up with the youngsters he he
    http://lostpetsplymouth.net16.net

  4. #4
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So you want stop people from entering data? Kinda defeats the purpose of having a website that allows people to enter data... The best that you can do is properly validate the data that people input. Other than that there's nothing that you can do.
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  5. #5
    SitePoint Addict
    Join Date
    Jun 2007
    Location
    Plymouth uk
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no i dont want to stop peeps entering data it is validateing the data
    where and how do i start to do that
    cheers
    Doug
    an old man of 60 trying to keep up with the youngsters he he
    http://lostpetsplymouth.net16.net

  6. #6
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First you need to know what type of data you want for field to accept.
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  7. #7
    ::==:: Bonzo_CS's Avatar
    Join Date
    Dec 2003
    Location
    (Cardiff Wales)
    Posts
    747
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Without a member list and account screening how would it be possible to establish whether a human posting is sincere ? This is one of the reasons Mod's exists on forums so they can determine if the terms of use have been broken and monitor abuse etc. There is no script that can detect human intention out there to automatically do the work for you as such.

    The only thing I would recommend is create a filter that would block what you would determine to be bad posts such as post containing bad words or urls. You could also use some of the tools like you see in Wordpress such as http://akismet.com/ to monitor spam abuse.

  8. #8
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Bonzo_CS View Post
    Without a member list and account screening how would it be possible to establish whether a human posting is sincere ? This is one of the reasons Mod's exists on forums so they can determine if the terms of use have been broken and monitor abuse etc. There is no script that can detect human intention out there to automatically do the work for you as such.

    The only thing I would recommend is create a filter that would block what you would determine to be bad posts such as post containing bad words or urls. You could also use some of the tools like you see in Wordpress such as http://akismet.com/ to monitor spam abuse.
    I don't think the purpose is to ascertain human sincerity, but data validity. Realistically, you cannot ascertain human sincerity without accessing human thought which is far beyond the scope of what dougvcd is looking for... >.>

    Doug, I took a look at the form and I see the problem.

    First you need to figure out which fields are required ergo which fields must be filled in by a user.

    PHP Code:
    // Check if a field is empty
    if(empty($_POST['field_name']))
       echo 
    "field_name is a required field."
    You will need a series of branching statements to suffice each required field. Next you need a more fine grained validation for E-mail Address and for Phone numbers. Both of which can be can be validated using regular expression.

    PHP Code:
    // Check if email address is valid
    if (!preg_match("/^( [a-zA-Z0-9] )+( [a-zA-Z0-9\._-] )*@( [a-zA-Z0-9_-] )+( [a-zA-Z0-9\._-] +)+$/" $_POST['field_name']))
        echo 
    "field_name is not a valid email address."
    PHP Code:
    // Check if phone is valid
    if (!preg_match("/^(\d{3}-){2}(-\d{4})$/" $_POST['field_name']))
        echo 
    "field_name is not a valid phone number."
    That should give you enough to play with for now.
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  9. #9
    ::==:: Bonzo_CS's Avatar
    Join Date
    Dec 2003
    Location
    (Cardiff Wales)
    Posts
    747
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think the purpose is to ascertain human sincerity, but data validity. Realistically, you cannot ascertain human sincerity without accessing human thought which is far beyond the scope of what dougvcd is looking for... >.>
    That's sort of the point I was trying to make when I made my statement.

    I think the solution your proposing is form validation and not necessarily going to prevent misuse of the form itself. Although form validation should be the first thought, preventing poor content from being submitted is not going to get caught at this level if the problem sits within the content and not the data type. A bot can easily by pass form validation and a human even easier. This is why I stated my example where Mods are required for forums. You can't prevent humans posting as such if thats the primary purpose of the form. The form will be valid each time. The solution would therefore to be to analyse the content and use some automation to decide what is acceptable or not according to your policies of use.

  10. #10
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Bonzo_CS View Post
    That's sort of the point I was trying to make when I made my statement.

    I think the solution your proposing is form validation and not necessarily going to prevent misuse of the form itself. Although form validation should be the first thought, preventing poor content from being submitted is not going to get caught at this level if the problem sits within the content and not the data type. A bot can easily by pass form validation and a human even easier. This is why I stated my example where Mods are required for forums. You can't prevent humans posting as such if thats the primary purpose of the form. The form will be valid each time. The solution would therefore to be to analyse the content and use some automation to decide what is acceptable or not according to your policies of use.
    If you take a look at the form he current has. He has no validation or filtering at all. Judging by this, I deduced that he is looking for some form of validation. The form validation plus use of recaptcha is sufficient enough validate the data being entered. A bot cannot pass recaptcha, atleast not yet, so bots are out of the question.

    Your not going to stop users from entering data. And you're right that Moderators or some sort, whether human or electronic, would be required to truly validate the data submitted. But I don't think Doug was looking for that ^_^.

    Sorry if my previous post came of a little snappy :3... That wasn't my intent.
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  11. #11
    ::==:: Bonzo_CS's Avatar
    Join Date
    Dec 2003
    Location
    (Cardiff Wales)
    Posts
    747
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No problem imaginethis, I didn't take as being snappy

    I didn't realise that he wasn't validating the form at all. In that case that's definitely a good place to start in that case as you suggested.

    Cheers

  12. #12
    SitePoint Addict
    Join Date
    Jun 2007
    Location
    Plymouth uk
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok thanks
    i am using formtoemailpro.php
    i would like to post it here for you to see but i am not allowed to it says in the prog
    that is for sorting what has to be filled in
    cheers
    Doug
    an old man of 60 trying to keep up with the youngsters he he
    http://lostpetsplymouth.net16.net

  13. #13
    SitePoint Addict
    Join Date
    Jun 2007
    Location
    Plymouth uk
    Posts
    313
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok so would you say that the easiest for me would be to have the form email me the data
    then i would transfer data to database for viewing
    cheers
    Doug
    an old man of 60 trying to keep up with the youngsters he he
    http://lostpetsplymouth.net16.net

  14. #14
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    As you filter out the worst rubbish store and make sure there is nothing evil in the strings ( sql injection etc ) stick it in your database with a flag set to 0.

    When you have read the post and are satisfied it looks genuine enough, set that flag to 1.

    Then, if flag==1 display.

    The problem with emailing yourself all the time is that any DOS attack will also block up your email inbox - self spamming I coined it. Did it once, never again.

    Say you get 3 entries in an hour, you don't want 3 emails, you just want one.

    If you can set up something whereby it only emails you an alert "someone added something" once, and then stops alerting till you actually log in and deal with the backlog.

    Good luck with it.
    Last edited by Cups; Nov 21, 2008 at 10:18. Reason: altered last sentence

  15. #15
    SitePoint Wizard lorenw's Avatar
    Join Date
    Feb 2005
    Location
    was rainy Oregon now sunny Florida
    Posts
    1,098
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    My guess is that a bot is posting directly to your mailer script and I would bet ten virtual beers that your junk would stop if you used a captcha.

    or better yet

    If the junk contains http:// as in a link you should be safe in exiting the script before it emails.

    Instruct visitors to enter domains as www.mysite.com so they can still come through.

    I have killed form spam using this on many sites.

    Spammers are lazy and will not go to sites and hit submit buttons, they set up bots to hit thousands of mailing scripts.
    What I lack in acuracy I make up for in misteaks

  16. #16
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    Good point, I stopped troublesome spambots by simply detecting square brackets.

    Detect [ or ] and delete that post.

    I am still amazed it worked, after I tried everything (except capchas and turing tests).

  17. #17
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would be an interesting experiment to implement a neural network with a training algorithm to detect web form spam, but that might just be a little overkill ._. ... But it would be fun to try
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  18. #18
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    This might be a job for a FSM.

    I would have thought there are enough algorithms already out there though.

  19. #19
    SitePoint Guru
    Join Date
    Jan 2005
    Location
    heaven
    Posts
    953
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yay Toys! :d
    Creativity knows no other restraint than the
    confines of a small mind.
    - Me
    Geekly Humor
    Oh baby! Check out the design patterns on that framework!

  20. #20
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wonder if existing Bayesian spam filtering implementations such as spamassassin could be used to detect form spam...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •