Even with a strong Captcha system in place, you will still find users trying to manually spam your web site. They tend to be people who discover your site through a very specific search engine query, for which they would like their own site to also rank well, and they hope that by adding a link back to their site from yours this will happen. Using this recipe, you can specify a set of keywords that will trigger spam detection, and then use the level of spam certainty returned by the function to decide whether to ignore a user post. https://www.chat-to.dev/post?id=11 #php #programming

  • givesomefucks@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    11 months ago

    Did people invite this because it’s a meta joke?

    It reads like someone told an AI bot why they wanted links to their page, and the boat just literally explained it and linked to that page…

  • remotelove@lemmy.ca
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    11 months ago

    Why would you trust any user input to begin with? If a person can spam links, there are bigger problems on the site. I would immediately start trying any and all forms of html and script injection if I saw that problem. The data is probably going back to a database anyway, so that is probably vulnerable as well.

    Comparing against a short word list is also a lost cause. The input needs to be fully sanitized before it even gets shown.

    I applaud the effort to teach, but there are more conceptual issues that need to be addressed first.

  • noroute@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    11 months ago

    Never trust user input on site, always properly sanitize it. There are many auto bots that break captcha and inject the code.

    • abhibeckert@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      11 months ago

      Sure… But assuming you’re running a business, and you want potential future customers to be able to reach you… then you need some sort of contact form, and you’ll get spam on that form which is annoying.

      • noroute@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        You can avoid a lot of spam by using blacklists of ips. See spamhouse blacklists for example. Also log all users ips who contact you in case you need to block them for spamming.