Home

Bio
My Articles
Blog
Photo albums
Contact me

IT news
Articles

Stop spambots on your Coppermine Gallery!

21 Jan 2007, 652 read(s)
Tags:


Coppermine is one of the best php galleries ever created. I use it on one of my website and I'm very satisfied. However, spambots are making me nervous. Everything started when two-three links per day appeared as comments on my galleries. It wasn't that hard to remove them manually. But the number increased to 10-50/daily, so I decided to make something ...

I looked for any spambot protection for Coppermine Photo Gallery. However, I couldn't find any. One advice I could find on a forum was "Email verify, and don't allow unverified signups.". That won't deal with it. It still requires too much manual work. So ... I decided to make some necessary changes in the code of Coppermine and stop that SPAM/SCAM once and for all.


Fight them all!

Open the /db_input.php file of the Coppermine Photo Gallery and find the line that contains "// Comment update" (without slashes, around line 59):
db_input.php
  1. $event = isset($HTTP_POST_VARS['event']) ? $HTTP_POST_VARS['event'] : $HTTP_GET_VARS['event'];
  2. switch ($event) {
  3.  
  4.     // Comment update
  5.  
  6.     case 'comment_update':


Between the first and second line in the above code add the following: 
code to add...
  1. $msg_body = $HTTP_POST_VARS['msg_body'];
  2. 		$bw = Array();
  3. 		$bw[] = "http";
  4. 		$bw[] = "(...)";
  5. 		$bw[] = "www";
  6. 		$bw[] = "a href";
  7. 		$bw[] = ".html";
  8. 		foreach($bw as $w) if(strpos($msg_body, $w) !== false){ die("Illegal chars found!"); }
  9.  $HTTP_POST_VARS['msg_body'] = $msg_body ;
  10.  $msg_body = '';


Each line like this $bw[] = "..."; defines what string to look for in the comments. If the string is found, the comment is not posted and a message appears on the screen: "Illegal chars found!". If you'd like, you can add more "black"-strings. It depends on what do the spambots write in your gallery. These are the ones I use. I should admin that I have had no problems since the modifications. Here is what we get as a final result:
db_input.php
  1. $event = isset($HTTP_POST_VARS['event']) ? $HTTP_POST_VARS['event'] : $HTTP_GET_VARS['event'];
  2.  
  3. $msg_body = $HTTP_POST_VARS['msg_body'];
  4. 		$bw = Array();
  5. 		$bw[] = "http";
  6. 		$bw[] = "(...)";
  7. 		$bw[] = "www";
  8. 		$bw[] = "a href";
  9. 		$bw[] = ".html";
  10. 		foreach($bw as $w) if(strpos($msg_body, $w) !== false){ die("Illegal chars found!"); }
  11.  $HTTP_POST_VARS['msg_body'] = $msg_body ;
  12.  $msg_body = '';
  13. switch ($event) {
  14.  
  15.     // Comment update
  16.  
  17.     case 'comment_update':


Quite simple, but quite effective! You can see a live demo here.


Comments

Linda: I just changed my file and I really hope it works fine. Tomorrow I will check if it works... Anyway..thank you very much for your help!
Anonymous:

Add comment...