Rogue Guestbook Entries...

[dicknite]

I didn't know where to put this... I guess the Water Cooler is as good as any!I have a website and in that website, have a guestbook. A couple of years ago, I changed the script to email me the entries and then I could post them - was getting too much profanity and such posted when it was immediately posted.Anyway, I have been getting a LOT of entries from what looks to be a script - multiple entries, a lot from .ru sites, advertising. Then in the "Comments" field, a lot of them say something generic like, "Send my entry", or "Great site" or whatever...Just curious if any of you with guestbooks have been seeing the same thing?d|:^)Dick

[ross549]

Hmm.... I am not surprised that there are people doing this. The only thing I can tell you.....1. Use a non-popular guestbook/comment script system.... or only allow those who have registered on your site to post comments, and use an e-mail verification system. That way, there are a lot more steps involved in getting to the point where you can post a comment. However, there will be less people posting, because of the increased hassle involved.2. You could just set your e-mail client to dump any mail coming from an .ru domain. Again, you might be blocking a particular demographic.I guess there are ups/downs for any option.

[nlinecomputers]

Sounds like just another way to spam you. I'm running a WordPress blog and I have to use heavy filters to keep scripts from clogging the thing with spam.

[NRD]

Looks like a Matt's scripts guestbook. It has a few problems including exposing the recipient email address in the form. Spam bots scan for this.Personally, If you want a direct replacement for it, I would suggest NMS Guestbook.http://nms-cgi.sourceforge.net/scripts.shtmlThey have taken Matts scripts and made them much more secure. The NMS Guestbook allows you to disable HTML in posts, hides the recipient email address, and allows you to hide entries until they are reviewed.

[Pete!]

I saw something similar but it was on a message board. The "bot" was posting as fast as the moderator could delete. "Flood control" only slowed it down a little....also an ".ru" domain.Unless you want Russian traffic:Suggest you run a whois search on the domain and ban it's entire IP Bloc.

[teacher]

This seems to fit more under Security than anywhere else. A close second was the Web Design and Programming. I took the liberty of moving it there and leaving a link behind.