kitesmite
Posts: 12
|
| Posted: 03/25/2008, 11:37 AM |
|
Hello,
I have a public forum and user registration is not an option. How can i secure this forum without user registration. I have a server side session id but the spam bots have found a way to post into it. I also have i htaccess file to deny the ip.
These security measurements are not enough anymore. Maybe i must implement catcha but are there any other ways to tighten the forum?
Regards,
Frans
www.windsurfnet.nl/_pzv
_________________
Official user from 2002 as member Travel-Net.
Official user from 2007 member as Kitesmite
Using PHP, MySQL, Apache
Origin: NL, Timezone GMT+1 (Forumtime +9) |
 |
 |
DonP
|
| Posted: 03/25/2008, 4:04 PM |
|
I think Walter is right although there are some things that might help
short of that. What seems to work for me is at the "front door" of my
site, I set a session value, such as UserAuth = 1, and none of the other
forms can be submitted if that value does not exist. When a spammer
tries to submit to the form remotely, the form does nothing without the
session value.
Don (DonP)
kitesmite wrote:
> Hello,
>
> I have a public forum and user registration is not an option. How can i secure
> this forum without user registration. I have a server side session id but the
> spam bots have found a way to post into it. I also have i htaccess file to deny
> the ip.
>
> These security measurements are not enough anymore. Maybe i must implement
> catcha but are there any other ways to tighten the forum?
>
> Regards,
> Frans
> www.windsurfnet.nl/_pzv
> ---------------------------------------
> Sent from YesSoftware forum
> http://forums.codecharge.com/
>
|
|
|
|
wkempees
Posts: 1679
|
| Posted: 03/25/2008, 4:47 PM |
|
Frans,
If you do not want login/usermanagement, the Captcha is the way to go.
Gegroet, greetz\
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|
kitesmite
Posts: 12
|
| Posted: 03/26/2008, 1:32 AM |
|
Hello,
@don, i also have a session id, but that is not working anymore.
@walter, i have placed an activation code which has to be confirmed, a sort of captcha system. Hope this helps for now! Maybe i will implement captcha in the future but i don't have time for it now.
Regards,
Frans
_________________
Official user from 2002 as member Travel-Net.
Official user from 2007 member as Kitesmite
Using PHP, MySQL, Apache
Origin: NL, Timezone GMT+1 (Forumtime +9) |
|
|
|
wkempees
Posts: 1679
|
| Posted: 03/26/2008, 3:02 AM |
|
Looked at your link yesterday, noticed there is in fact a user/pwd system in place?
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|
kitesmite
Posts: 12
|
| Posted: 03/26/2008, 5:14 AM |
|
Hi Walter,
Correct, but for now i don't have much time to deploy it any further. Maybe in the future.
_________________
Official user from 2002 as member Travel-Net.
Official user from 2007 member as Kitesmite
Using PHP, MySQL, Apache
Origin: NL, Timezone GMT+1 (Forumtime +9) |
|
|
|
wkempees
Posts: 1679
|
| Posted: 03/26/2008, 9:34 AM |
|
Just seen your solution, it is a Captcha without the Captcha.
Should work nicely, compliments.
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|
chriscripps
Posts: 30
|
| Posted: 04/17/2008, 5:02 PM |
|
I had a lot of trouble with spam bots on an email form I set up. I started reading about CAPTCHA, but did not get it working, so as a stopgap, I put a math question on the page. That worked for about a day.
I then thought I should log the IP address of the email senders so I could block mail from some IPs if they were repeat spammers. I added this code to a hidden textbox and required the the IP be submitted to the database where the emails were stored.
$ip=$_SERVER['REMOTE_ADDR'];
$email->Hidden3->SetValue($ip);
Since adding this, I have not had a single SPAM. Is that because they do not have an IP to log? I am not sure why this worked, but it worked great.
Any thoughts on why it worked so good?
Thanks,
Chris
|
|
|
|
|
