code needed to exclude a guestbook spammer

B

bb

Hi,

We have a guestbook on our website (catcam.com) and for the past few months
some jerk has been filling it up with links to his advertising sites. He
does it every week and I'm getting tired of deleting the records so I'd like
to include some code to exclude any attempted entries that include a domain
common to all his postings on our site. Every time I've excluded the IP
range that the posts were made from but now it changes every week so that
won't work.

Does anyone know what to insert (and where) in the below code so that exits
or abends if "MSCAR" is entered anywhere in the "URL field"?

Thanks in advance
Curt

<% EMAIL = CStr(Replace(Request.Form("EMAIL"),"'","")) %>
<% EMAIL = CStr(Replace(EMAIL,"<","")) %>
<% EMAIL = CStr(Replace(EMAIL,">","")) %>

<% URL = CStr(Replace(Request.Form("URL"),"'","")) %>
<% URL = CStr(Replace(URL,"<","")) %>
<% URL = CStr(Replace(URL,">","")) %>

<% NAME = CStr(Replace(Request.Form("NAME"),"'","")) %>
<% NAME = CStr(Replace(NAME,"<","")) %>
<% NAME = CStr(Replace(NAME,">","")) %>

<% MESSAGE = CStr(Replace(Request.Form("MESSAGE"),"'","")) %>
<% MESSAGE = CStr(Replace(MESSAGE,"<","")) %>
<% MESSAGE = CStr(Replace(MESSAGE,">","")) %>
<% MESSAGE = CStr(Replace(MESSAGE,str,"<br>")) %>
<% MESSAGE = CStr(Replace(MESSAGE,vbCr,"<br>")) %>


<!--METADATA TYPE="DesignerControl" startspan
<OBJECT ID="CmdDeleteBlankEntries" WIDTH=151 HEIGHT=24
CLASSID="CLSID:7FAEED80-9D58-11CF-8F68-00AA006D27C2">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_ExtentX" VALUE="3986">
<PARAM NAME="_ExtentY" VALUE="635">
<PARAM NAME="_StockProps" VALUE="0">
<PARAM NAME="DataConnection" VALUE="ConnGuestBook">
<PARAM NAME="CommandText" VALUE="DELETE FROM BOOK1 WHERE (NAME IS
NULL) AND (EMAIL IS NULL) AND (MESSAGE IS NULL)">
</OBJECT>
-->
<%
Set ConnGuestBook = Server.CreateObject("ADODB.Connection")
ConnGuestBook.ConnectionTimeout = Session("ConnGuestBook_ConnectionTimeout")
ConnGuestBook.CommandTimeout = Session("ConnGuestBook_CommandTimeout")
ConnGuestBook.Open Session("ConnGuestBook_ConnectionString"),
Session("ConnGuestBook_RuntimeUserName"),
Session("ConnGuestBook_RuntimePassword")
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdDeleteBlankEntries = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "DELETE FROM BOOK1 WHERE (NAME IS NULL) AND (EMAIL IS
NULL) AND (MESSAGE IS NULL)"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGuestBook
CmdDeleteBlankEntries.Open cmdTemp, , 0, 1
%>
<!--METADATA TYPE="DesignerControl" endspan-->



<!--METADATA TYPE="DesignerControl" startspan
<OBJECT ID="CmdCheckForDuplicate" WIDTH=151 HEIGHT=24
CLASSID="CLSID:7FAEED80-9D58-11CF-8F68-00AA006D27C2">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_ExtentX" VALUE="3969">
<PARAM NAME="_ExtentY" VALUE="635">
<PARAM NAME="_StockProps" VALUE="0">
<PARAM NAME="DataConnection" VALUE="ConnGuestBook">
<PARAM NAME="CommandText" VALUE="SELECT COUNT(ID) AS MESSAGECOUNT
FROM BOOK1 WHERE (NAME = '[NAME]') AND (EMAIL = '') AND (MESSAGE =
'[MESSAGE]') AND (URL = '[URL]')">
</OBJECT>
-->
<%
Set ConnGuestBook = Server.CreateObject("ADODB.Connection")
ConnGuestBook.ConnectionTimeout = Session("ConnGuestBook_ConnectionTimeout")
ConnGuestBook.CommandTimeout = Session("ConnGuestBook_CommandTimeout")
ConnGuestBook.Open Session("ConnGuestBook_ConnectionString"),
Session("ConnGuestBook_RuntimeUserName"),
Session("ConnGuestBook_RuntimePassword")
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdCheckForDuplicate = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT COUNT(ID) AS MESSAGECOUNT FROM BOOK1 WHERE
(NAME = '" & NAME & "') AND (EMAIL = '" & EMAIL & "') AND (MESSAGE = '" &
MESSAGE & "') AND (URL = '" & URL & "')"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGuestBook
CmdCheckForDuplicate.Open cmdTemp, , 0, 1
%>
<!--METADATA TYPE="DesignerControl" endspan-->

<% If CmdCheckForDuplicate("MESSAGECOUNT") = 0 Then %>

<!--METADATA TYPE="DesignerControl" startspan
<OBJECT ID="CmdAddMessage" WIDTH=151 HEIGHT=24
CLASSID="CLSID:7FAEED80-9D58-11CF-8F68-00AA006D27C2">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_Version" VALUE="65536">
<PARAM NAME="_ExtentX" VALUE="3986">
<PARAM NAME="_ExtentY" VALUE="635">
<PARAM NAME="_StockProps" VALUE="0">
<PARAM NAME="DataConnection" VALUE="ConnGuestBook">
<PARAM NAME="CommandText" VALUE="SELECT BOOK1.* FROM BOOK1 WHERE (ID
IS NULL)">
<PARAM NAME="CursorType" VALUE="1">
<PARAM NAME="LockType" VALUE="3">
</OBJECT>
-->
<%
Set ConnGuestBook = Server.CreateObject("ADODB.Connection")
ConnGuestBook.ConnectionTimeout = Session("ConnGuestBook_ConnectionTimeout")
ConnGuestBook.CommandTimeout = Session("ConnGuestBook_CommandTimeout")
ConnGuestBook.Open Session("ConnGuestBook_ConnectionString"),
Session("ConnGuestBook_RuntimeUserName"),
Session("ConnGuestBook_RuntimePassword")
Set cmdTemp = Server.CreateObject("ADODB.Command")
Set CmdAddMessage = Server.CreateObject("ADODB.Recordset")
cmdTemp.CommandText = "SELECT BOOK1.* FROM BOOK1 WHERE (ID IS NULL)"
cmdTemp.CommandType = 1
Set cmdTemp.ActiveConnection = ConnGuestBook
CmdAddMessage.Open cmdTemp, , 1, 3
%>
<!--METADATA TYPE="DesignerControl" endspan-->

<%
CmdAddMessage.AddNew
%>


<%
CmdAddMessage.Fields("DATE_ENTERED") = NOW
%>

<!----------------------------------------------------->

<%
if EMAIL="" THEN
CmdAddMessage.Fields("EMAIL") = NULL
Else
CmdAddMessage.Fields("EMAIL") = EMAIL
END IF
%>
<!----------------------------------------------------->

<%
if URL="" THEN
CmdAddMessage.Fields("URL") = NULL
Else
CmdAddMessage.Fields("URL") = URL
END IF
%>
<!----------------------------------------------------->

<%
if MESSAGE="" THEN
CmdAddMessage.Fields("MESSAGE") = NULL
Else
CmdAddMessage.Fields("MESSAGE") = MESSAGE
END IF
%>
<!----------------------------------------------------->

<%
if NAME="" THEN
CmdAddMessage.Fields("NAME") = NULL
Else
CmdAddMessage.Fields("NAME") = NAME
END IF
%>
<!----------------------------------------------------->

<%
IP_ADDRESS = Request.ServerVariables("REMOTE_ADDR")
CmdAddMessage.Fields("IP_ADDRESS") = IP_ADDRESS
%>
<!----------------------------------------------------->


<%
CmdAddMessage.Update
CmdAddMessage.Close
%>

<% End If %>

<%
Sub TLdelaySec(DelaySeconds)
SecCount = 0
Sec2 = 0
While SecCount < DelaySeconds + 1
Sec1 = Second(Time())
If Sec1 <> Sec2 Then
Sec2 = Second(Time())
SecCount = SecCount + 1
End If
Wend
End Sub
%>


<% TLdelaySec(4) %>
 
J

John Bokma

bb said:
Does anyone know what to insert (and where) in the below code so that
exits or abends if "MSCAR" is entered anywhere in the "URL field"?
Click to expand...

And your JavaScript question is?
 
R

RobG

bb said:
Hi,

We have a guestbook on our website (catcam.com) and for the past few months
some jerk has been filling it up with links to his advertising sites. He
does it every week and I'm getting tired of deleting the records so I'd like
to include some code to exclude any attempted entries that include a domain
common to all his postings on our site. Every time I've excluded the IP
range that the posts were made from but now it changes every week so that
won't work.

Does anyone know what to insert (and where) in the below code so that exits
or abends if "MSCAR" is entered anywhere in the "URL field"?
Click to expand...

Posting a large slab of server code to a news group dedicated to a
client-side technology is inappropriate.

It is extremely likely that your spammer is using an program that uses
a spoofed URL to post to your guest book (which seems to have been
removed from your site). The spammer's program almost certainly doesn't
execute any script in your page, nor even visit your site, so attempting
to stop it using client-side script is doomed from the start. :-(

Fix it at the server.

[...]
 
J

Jim

Your code looks to be ASP in origin, which usually indicates a Windows
web server; but a review of the header specs coming from your site
indicates use of Apache web server. If your host provides you
permissions to use .htaccess files, they can be one server-side method
of controlling I.P. access to your site.
Here's a great tutorial which explains it and offers examples:
http://www.javascriptkit.com/howto/htaccess.shtml
-Jim
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Converting CDONTS to CDO to send mail from a guestbook to me.... 6
encapsulate into javascript function 0
Passing a value from jscript to html 5
Delay loading of control? 4
Problems with FlexGrid Control 3
ActiveX component does not work in new server machine 1
How to color a cell in a JTable 0
How to color a cell in a JTable 2

Members online

No members online now.
Total: 48 (members: 1, guests: 47)
Robots: 292

Forum statistics

Threads
473,996
Messages
2,570,238
Members
46,826
Latest member
robinsontor

Latest Threads

Top