Message ID | 20190630124536.18622-1-jelle@vdwaa.nl |
---|---|
State | New |
Headers | show |
Series | [v2] Implement spamming mitigations for comments | expand |
On Sun, 30 Jun 2019 at 08:45:36, Jelle van der Waa wrote: > From: Jelle van der Waa <jelle@vdwaa.nl> > > Add a hidden input text field named 'website' which is hidden by CSS to > not show up for normal users. Automated bots try to fill in all text > fields, especially 'required' fields such as a 'website' when spamming a > webform. When a comment is posted with the 'website' field filled in > ignore it, so it seems that the submission is succesful. > > Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> > --- > web/html/css/aurweb.css | 4 ++++ > web/html/pkgbase.php | 3 ++- > web/template/pkg_comment_form.php | 1 + > 3 files changed, 7 insertions(+), 1 deletion(-) > Thanks! I added this to our live setup. Let's see whether it actually reduces the amount of spam.
diff --git a/web/html/css/aurweb.css b/web/html/css/aurweb.css index 81bf9ab..aa0a7b0 100644 --- a/web/html/css/aurweb.css +++ b/web/html/css/aurweb.css @@ -199,3 +199,7 @@ label.confirmation, .error { color: red; } + +#id_website { + display: none; +} diff --git a/web/html/pkgbase.php b/web/html/pkgbase.php index b716644..0241ae3 100644 --- a/web/html/pkgbase.php +++ b/web/html/pkgbase.php @@ -117,7 +117,8 @@ if (check_token()) { list($ret, $output) = pkgreq_close($_POST['reqid'], $_POST['reason'], $_POST['comments']); } elseif (current_action("do_EditComaintainers")) { list($ret, $output) = pkgbase_set_comaintainers($base_id, explode("\n", $_POST['users'])); - } elseif (current_action("do_AddComment")) { + } elseif (current_action("do_AddComment") && $_REQUEST['website'] === "") { + // website is a hidden field used to detect if a bot filled in all form elements $uid = uid_from_sid($_COOKIE["AURSID"]); list($ret, $output) = pkgbase_add_comment($base_id, $uid, $_REQUEST['comment']); if ($ret && isset($_REQUEST['enable_notifications'])) { diff --git a/web/template/pkg_comment_form.php b/web/template/pkg_comment_form.php index 3feee8f..23322a7 100644 --- a/web/template/pkg_comment_form.php +++ b/web/template/pkg_comment_form.php @@ -11,6 +11,7 @@ <p> <textarea id="id_comment" name="comment" cols="80" rows="10"><?= (isset($comment_id)) ? htmlspecialchars($comment) : "" ?></textarea> </p> + <input id="id_website" type="text" name="website"/> <p> <input type="submit" value="<?= (isset($comment_id)) ? __("Save") : __("Add Comment") ?>" /> <?php if (!isset($comment_id) && !pkgbase_user_notify($uid, $base_id)): ?>