I get 100s of spam everyday through review postings. Is there any solution or suggestion to prevent it?
Hi,
Do we have to turn $config_useJavaScript on in the config file to get this to work?
I'm getting spammed already on Games Compare but I don't have $config_useJavaScript set to true.
Cheers
John
Hi John,
No, you don't need to enable JavaScript in the config file for this fix to work.
If you are getting automated spam (robots that just submit forms in the hope of something working), then you might need to make the following modification. In reviews.php, look for the following code on line 12:
if ($_POST["rating"] == $_POST["confirm"])...and change this to:
if ($_POST["rating"] && ($_POST["rating"] == $_POST["confirm"]))Cheers,
David.
Hi David
I've had tons of spammy reviews today. None have actually appeared in my Moderate Reviews panel in the PT Control Panel, but because I've set up Email notification of reviews, they've been coming through on that as reviews.
I've had the odd link spam before but this is actually text, sometimes relevant to the product that's so called being reviewed, but it's defo spam as the authors of these 'reviews' are having imaginary conversations or writing just plain nonsense.
Any ideas how this is happening and more importantly, how to stop it please?
Hi bat,
That sounds like your email notification code has been added before the CAPTCHA test. If you move the code to _after_ the following code which is at line 16 in reviews.php:
database_queryModify($sql,$insertId);...then you should only ever receive email alerts once a review has passed the CAPTCHA test and has been inserted into the database for moderation.
Hope this helps!
Cheers,
David.
--
PriceTapestry.com
Hi David
Thanks for the help though the email notification code is already after that piece of code on Line 16.
However, today there's been no emails as yet *touch wood*
Hi David
We've had exactly the same problem as bat above on and off for a few years, tons of emails but nothing to moderate even if email notification is placed after as above. I think (although not sure) whether it needs a mechanism to check the database for any actual inserted data before sending the email.
Chris
Hi bat/Chris,
The email code could be made conditional based on a valid insert of the review into the reviews table. To do this, if you currently have:
database_queryModify($sql,$insertId);
// email code here...REPLACE with:
database_queryModify($sql,$insertId);
if ($insertId)
{
// email code here
}Hope this helps!
Cheers,
David.
--
PriceTapestry.com
Hi David
I'll give that a go, trouble is you can go weeks and only get normal reviews and then out of the blue some bot starts submitting the form and you get 100's of emails, more time consuming than anything.
Thanks
Chris
Hi,
I recently added spam protection to the review form. If you download the latest distribution you should just be able to extract and upload just the following files:
reviews.php
html/ratings.php
The protection uses JavaScript behind the scenes and doesn't impact the user in any way.
Cheers,
David.