[TYPO3-typo3org] buzz.typo3.org: Posting form allows HTML tags
Dmitry Dulepov
dmitry at typo3.org
Tue Jan 23 10:22:26 CET 2007
Dmitry Dulepov wrote:
> Hi!
>
> Thomas Hempel wrote:
>>> Do you have a patched ve_guestbook for download? :)
>> Unfortunately not but all I changed is the template which can be
>> downloaded here now:
>>
>> http://www.typo3-unleashed.net/singleentry.html?&tx_ttnews[tt_news]=612&tx_ttnews[backPid]=24&cHash=b0c4d70035
I still got spam posted... If action field is empty (or even
about:blank), spam just goes to current page, which is exactly what
spammers need to do...
So I changed tx_veguestbook_pi1[submitted] to empty value and set this
value to 1 in the script, when timeout finishes. Even that did not help,
I still got fresh portion of spam here:
http://typo3bloke.net/post-details/archive/2006/august/18/my_google_notebooks/index.htm
It seems like this is either a very clever robot or that spammer uses
browser to simulate correct behaviour.
I do not want to use captcha and now think about other solutions. One is
simple computational expression for submitter, another is much more
sophisticated: integrating SpamAssassin to check for spam. This looks
better: comment will be posted but hidden and approval message can be
sent to site owner, like in wordpress. The only problem is that it
requires changes (hook) in ve_guestbook. I already started working on
this second thing...
--
Dmitry Dulepov
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
"It is our choices, that show what we truly are,
far more than our abilities." (A.P.W.B.D.)
More information about the TYPO3-team-typo3org
mailing list