Preventing Spammers...?

Hello Folks,

Yes, the spammers even try to use Sphider to spread their pesky behaviour. I've made the following modification to the top of SEARCH.PHP - any comments, for or against?

<snip>

if (isset($_GET['query']))
$query = $_GET['query'];
if (eregi("http",strtolower($query)))
{
echo "Spamming Attempt!";
die;
}
if (isset($_GET['search']))
$search = $_GET['search'];

</snip>

Regards,
Steve (Peter_LT)
Caronia Timeline Webmaster
< [www.caronia2.info] >



Edited 1 time(s). Last edit at 08/15/2007 04:50AM by Peter__LT.

Hello Folks,

Well it works! Bandwidth used - just 29bytes!

Regards,
Steve (Peter_LT)
Caronia II Timeline Webmaster
< [www.caronia2.info] >

Hello,

I don't understand how Sphider could be spammed ? If you do a search this won't show the search term on any indexable page.
Could you explain what sort of spam you 're talking about please :-?

Hello John,

What happens is that they send their robots to place URLS into the search. This may not cause any display, but it still places their URL into the search log and has quite a major bandwidth hit. By stopping them, it's reduced to just 29bytes with no logging.

Regards,
Steve (Peter_LT)
Caronia II Timeline Webmaster
< www.caronia2.info >

Ok, I understand. So, thanks a lot for your code :-) !

Hello,
can you said me please with which line you add your code in search.php?
because of on my page I have an error message:

Notice: Undefined variable: query in c:\program files\easyphp1-8\www\sphider-1.3.3\search.php on line 18

regards,

Had the same problem when testing it. There is a small bug: for the first starts (without any query input) the variable $query is not defined.
With this modification you may fix it.

In search.php delete the two rows:

if (isset($_GET['query']))
$query = $_GET['query'];

and replace it with the following:

if (isset($_GET['query'])) {
$query = $_GET['query'];
if (eregi("http",strtolower($query)))
{
echo "Spamming Attempt!";
die ('');
}
}

Happy coding

Tec



Edited 1 time(s). Last edit at 09/10/2007 01:24AM by Tec.

thank you very well TEC, it's work so good now !

nice little script, but i'm using robots.txt to prevent bots from indexing my search results.

zotag:

Keep in mind that only well educated crawlers will follow robots.txt

Tec

Hello Folks,
Tec wrote:
"Had the same problem when testing it. There is a small bug: for the first starts (without any query input) the variable $query is not defined."

The correct answer to this is not to add the extra opening and closing curly braces but to make your search box form accessible by populating it with a prompt that disappears when the box has focus and the user has clicked to set their cursor in place ready for input.

<HTML snip>

<form action="./sphider/search.php" method="get">
<fieldset>
<legend>Site Search <a class="help" href="helpsearch.php" title="Link: Site searching tips">[ <em>?</em> ]</a></legend>
<label class="brk" for="query">Insert search text</label>
<input type="text" name="query" id="query" size="22" maxlength="40"
value=" Enter search text" title="Click - then type search term" onfocus="this.value=''"
/>
<input type="submit" id="search" name="search" title="Click to start site search" value=" Start "
/>
<input type="hidden" name="search" value="1"
/>
</fieldset>
</form>

</HTML snip>

<CSS snip>

.brk {
display: none;
font-size: 0.1em;
line-height: 0.1em;
margin: 0;
padding: 0;
visibility: hidden;
}

a.help {
cursor: help;
text-decoration: none;
}

</CSS snip>

Notes.
The above is XHTML - for HTML4 only the 3 " />" lines need to be modified with the closing " > " for the code to work.

The <legend> tag has a link added to a page where you guide visitors on how best to search your site. That page should also carry a search form either within or below the guidance text you present.

Giving the label tag a class="brk" makes that invisible to everyone _except_ those who are using assistive technologies that don't use CSS, where this line is essential. Of course, if you want the label to be viewed, then you can remove the class and the associated CSS.

The onfocus="this.value='' property should be used with care in forms, for example, it should never be used for input type="textarea" as it will wipe out everything the user has entered if a field eleswhere has been accessed and the visitor then wants to go back and make a minor edit to the text they have already entered.

Regards,
Steve (Peter_LT)
Caronia II Timeline Webmaster
< [www.caronia2.info] >



Edited 1 time(s). Last edit at 09/15/2007 01:06AM by Peter__LT.

Congratulations for the sophisticated attempt to repair your bug. But to suggest that my answer was not correct? A week ago you were proud to stop spammers with 29 bytes. I followed your intention, added only two brakes and your snip worked without error messages.

By the way: It is absolutely no problem to bypass your http-trap. Have a look at your forum search log. A minute ago I placed [http://tec_made_this.com] there.

Tec

I am very curious about the reaction of Peter__LT

Hello Folks,

The _only_ point I'm trying to make is that your search form should be built to WAI accessibility standards. I was no more casting blame upon you Tec, than you were suggesting there was a bug. By using accessible HTML, you avoid the bug - simple.

As for my forum, I presently use the built-in phpBB code for that and not Sphider. This is unlikely to change because I only ever rebuild my Sphider index locally, whereas the phpBB forum search index records are updated as they happen.

Regards,
Steve (Peter_LT)
Caronia II Timeline Webmaster
< [www.caronia2.info] >