Print

[ukcbajr]

I noticed a few topics posted on this, but haven't seen any mention of this technique I use in my scripts (and which I added myself to coppermine.php scripts.)

For spam sent by robots (automated scripts), the bots essentially send form information to the ecard or comment scripts. It's as if the ecard form is on another webpage, but your webpage is doing the sending.

I add a filter at the start of my scripts to ensure all form information has been sent by my website. There's an environmental variable 'HTTP_REFERER' that contains this information. Here's the script (ok could be better written, but this is clear)

$eref = $_SERVER['HTTP_REFERER'];

$ecmatch=0;

if (stristr($eref, "http://www.mywebsite.com")) { $ecmatch=1; }
if (stristr($eref, "http://mywebsite.com")) { $ecmatch=1; }

if (!$ecmatch) {
   cpg_die(ERROR, $lang_ecard_php['error_no_data'], __FILE__, __LINE__);
}

For example, given that ecard.php can only be called from another .php script, I added this just before the line

pageheader($lang_ecard_php['title']);

Of course this won't stop the human spammer, but I hope this helps some...

[Tranz]

Unfortunately, there is a flaw in depending on referer info since some users (knowingly or otherwise) have blocked or altered referer info for privacy purposes.