this post was submitted on 13 Dec 2023
0 points (50.0% liked)

PHP

363 readers
1 users here now

<?

namespace lemmy\php;

/*

Welcome to the PHP community on Lemmy

#Rules:

1: Soon(TM)

#Helpful stuff:

PHP Documentation

Composer

PHP Standards

#Common frameworks:

Symfony

Larvel

*/

echo "Welcome";

founded 1 year ago
MODERATORS
[email protected]
0
Even with a strong Captcha system in place, you will still find users trying to manually spam your web site. They tend to be people who discover your site through a very specific search engine query, (kbin.social)
submitted 11 months ago by [email protected] to c/[email protected]
6 comments fedilink hide all child comments
 

Even with a strong Captcha system in place, you will still find users trying to manually spam your web site. They tend to be people who discover your site through a very specific search engine query, for which they would like their own site to also rank well, and they hope that by adding a link back to their site from yours this will happen. Using this recipe, you can specify a set of keywords that will trigger spam detection, and then use the level of spam certainty returned by the function to decide whether to ignore a user post. https://www.chat-to.dev/post?id=11 #php #programming

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 11 months ago (1 children)

Did people invite this because it's a meta joke?

It reads like someone told an AI bot why they wanted links to their page, and the boat just literally explained it and linked to that page...

[–] [email protected] 2 points 11 months ago

The code is broken as well.

[–] [email protected] 3 points 11 months ago

Why would you trust any user input to begin with? If a person can spam links, there are bigger problems on the site. I would immediately start trying any and all forms of html and script injection if I saw that problem. The data is probably going back to a database anyway, so that is probably vulnerable as well.

Comparing against a short word list is also a lost cause. The input needs to be fully sanitized before it even gets shown.

I applaud the effort to teach, but there are more conceptual issues that need to be addressed first.

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)

Never trust user input on site, always properly sanitize it. There are many auto bots that break captcha and inject the code.

[–] [email protected] 1 points 11 months ago* (last edited 11 months ago) (1 children)

Sure... But assuming you're running a business, and you want potential future customers to be able to reach you... then you need some sort of contact form, and you'll get spam on that form which is annoying.

[–] [email protected] 1 points 11 months ago

You can avoid a lot of spam by using blacklists of ips. See spamhouse blacklists for example. Also log all users ips who contact you in case you need to block them for spamming.