网站上有个留言板,最近服务器被人黑上了,常常一大堆垃圾。就像下面这样的:
What's the last date I can post this to to arrive in time for Christmas? <a href=" http://soundcloud.com/groups/zyprexa-buy ">Zyprexa Buy
</a> 楼 Electronic enlargement .
<a href=" http://soundcloud.com/groups/order-zyban ">Order Zyban
</a> Cut the chicken into quarters. Saute the chicken to brown in a little oil, put inside. Put oil in a heavy
<a href=" http://soundcloud.com/groups/zyprexa-10 ">Zyprexa 10
</a> Colorado CO New Jersey NJ
<a href=" http://soundcloud.com/groups/online-zyprexa ">Online Zyprexa
</a> transaction with an entry in the Eligibility Clarification Code (309-C9) field on the Insurance
<a href=" http://soundcloud.com/groups/purchase-zyprexa ">Purchase Zyprexa
</a> And for each prescription item on the receipt:
为了防止垃圾留言,给后台管理人员减少工作量,我建议匹配内容,过滤留言,但是有个队员不同意,认为开启验证码是比较合理的。
当时我手头有更重要的事情,于是就按排他去做了。
依我的习惯,如果要我提建议性的留言的话,我不会去填带验证码的内容,尤其是很难看清的验证码。甚至如某邮箱网站注册时要三遍,五遍的输入注册码,很是考验人耐性,并且浪费别人时间。
结果,开启验证码一个星期后,后台无留言。
于是又关闭,但垃圾又来了。
还是回到了我最初提的建议上,因为这个垃圾的长像很有特色,而用户的评论也很有特色,所以,只要正则匹配一下就可以了。这个办法供有这方面需求的朋友参考。
具体方法如下。
修改文件: e\enews\gbookfun.php
修改后如下:
// 发表留言
function AddGbook($add) {
global $empire, $dbtbpre, $level_r, $public_r;
// 验证IP
eCheckAccessDoIp ( 'gbook' );
CheckCanPostUrl (); // 验证来源
$bid = ( int ) getcvar ( 'gbookbid' );
if (empty ( $bid )) {
$bid = intval ( $add [bid] );
}
$name = RepPostStr ( trim ( $add [name] ) );
$email = RepPostStr ( $add [email] );
$call = RepPostStr ( $add [call] );
$lytext = RepPostStr ( $add [lytext] );
if (empty ( $bid ) || empty ( $name ) || ! trim ( $lytext )) {
printerror ( "EmptyGbookname", "history.go(-1)", 1 );
}
// 匹配,如果有注删机灌水,则直接略掉
if (! preg_match ( $pattern, $lytext )) {
// 验证码
$keyvname = 'checkgbookkey';
if ($public_r ['gbkey_ok']) {
ecmsCheckShowKey ( $keyvname, $add ['key'], 1 );
}
$lasttime = getcvar ( 'lastgbooktime' );
if ($lasttime) {
if (time () - $lasttime < $public_r ['regbooktime']) {
printerror ( "GbOutTime", "", 1 );
}
}
// 版面是否存在
$br = $empire->fetch1 ( "select bid,checked,groupid from {$dbtbpre}enewsgbookclass where bid='$bid';" );
if (empty ( $br [bid] )) {
printerror ( "EmptyGbook", "history.go(-1)", 1 );
}
// 权限
if ($br ['groupid']) {
$user = islogin ();
if ($level_r [$br [groupid]] [level] > $level_r [$user [groupid]] [level]) {
printerror ( "HaveNotEnLevel", "history.go(-1)", 1 );
}
}
$lytime = date ( "Y-m-d H:i:s" );
$ip = egetip ();
$userid = ( int ) getcvar ( 'mluserid' );
$username = RepPostVar ( getcvar ( 'mlusername' ) );
$sql = $empire->query ( "insert into {$dbtbpre}enewsgbook(name,email,`call`,lytime,lytext,retext,bid,ip,checked,userid,username) values('$name','$email','$call','$lytime','$lytext','','$bid','$ip','$br[checked]','$userid','$username');" );
ecmsEmptyShowKey ( $keyvname ); // 清空验证码
if ($sql) {
esetcookie ( "lastgbooktime", time (), time () + 3600 * 24 ); // 设置最后发表时间
$reurl = DoingReturnUrl ( "../tool/gbook/?bid=$bid", $add ['ecmsfrom'] );
printerror ( "AddGbookSuccess", $reurl, 1 );
} else {
printerror ( "DbError", "history.go(-1)", 1 );
}
}else{
printerror ( "HavePlCloseWords", "history.go(-1)", 1 );
}
}
ps: 因为不同的内容,正则匹配的表达式不一样,这里,我用变量$pattern代替。