Even with a strong Captcha system in place, you will still find users trying to manually spam your web site. They tend to be people who discover your site through a very specific search engine query, for which they would like their own site to also rank well, and they hope that by adding a link back to their site from yours this will happen. Using this recipe, you can specify a set of keywords that will trigger spam detection, and then use the level of spam certainty returned by the function to decide whether to ignore a user post. https://www.chat-to.dev/post?id=11 #php #programming
Did people invite this because it’s a meta joke?
It reads like someone told an AI bot why they wanted links to their page, and the boat just literally explained it and linked to that page…
The code is broken as well.
Why would you trust any user input to begin with? If a person can spam links, there are bigger problems on the site. I would immediately start trying any and all forms of html and script injection if I saw that problem. The data is probably going back to a database anyway, so that is probably vulnerable as well.
Comparing against a short word list is also a lost cause. The input needs to be fully sanitized before it even gets shown.
I applaud the effort to teach, but there are more conceptual issues that need to be addressed first.
Never trust user input on site, always properly sanitize it. There are many auto bots that break captcha and inject the code.
Sure… But assuming you’re running a business, and you want potential future customers to be able to reach you… then you need some sort of contact form, and you’ll get spam on that form which is annoying.
You can avoid a lot of spam by using blacklists of ips. See spamhouse blacklists for example. Also log all users ips who contact you in case you need to block them for spamming.