Posting where they should not be.

Shaped

Hello

Got a problem with my script.
This script is a tagboard, the actual form is hidden from general browsers, this is shown in a block to registered site users only.

Im getting constant spam by someone and i cannot stop it.
Like i said the form to post to this processor is hidden from the guy who is spamming but he continues to get through.

I have

if ( !eregi ( $GLOBALS['sitename'] , $_SERVER['HTTP_REFERER'] ) ) { die ( 'Refer Error' ) ; }

at the top of the form processing page.

Does this work? or can headers be changed by someone.

I dont wanna lock this script down to registered users only, i just want to stop them posting from elsewhere except my domain name.

The form was visible for a while in the block to all visitors.

Any help appreciated..

Thanks.

tsinka

What about using another approach. You wrote that only registered users should be able to use that form.
What about using sessions to store some user info (like the user id) and to check if the user is actually logged in before processing any submitted data ?

It might be neccessary to add some additional logic like approving that someone registers with e.g. a valid email or something like that so you can at least trace who submits the spam.

That possibly wouldn't prevent someone to use some fake freemail address to send spam but try to find a solution that makes it as hard as possible to submit spam but on the other side doesn't annoy the other users too much.

Thomas

Shaped

Yes, thanks
The posting form in the block uses that kind of logic.. if (!USER) if (!ADMIN), etc.. but the actual processor of the form does not.
Ill have to write it that way, make the processor perform like the form does.

Was just wondering about the headers though.. i understand little about http headers and that that im using checks for my domain and matches against the referers domain.
They are managing to get through somehow.

I think its a robot of somesort as theres 5 messages allways from 5 diffrent women on 5 diffrent i.ps posting 5 links to some affiliate gambling site.

Ive added a referes field to the form, and the processing scripts checks that value to now, failing that im gonna change the processing script filename and see what that does..

If they still manage to get by that, then im going to have to intergrate one of them Number image verification functions.

They only have a handle on the tagboard,, the tutorials , forum news etc.. all of them have not been hit yet.

Very annoying.