28,390
社区成员
发帖
与我相关
我的任务
分享留言板里好多垃圾留言,怎么屏蔽.应该都是机器自动发的,每天都有.
留言板里好多垃圾留言,怎么屏蔽.应该都是机器自动发的,每天都有.
加了验证码也不定用,大家帮忙看看.
http://www.ctszj.net/ctszj/guestbook/index.asp
应该是有漏洞,验证码不显示也有新的留言出来
加了验证码也不定用,大家帮忙看看.
http://www.ctszj.net/ctszj/guestbook/index.asp
应该是有漏洞,验证码不显示也有新的留言出来
...全文
请发表友善的回复…
发表回复
gui0605 2007-04-18
- 打赏
- 举报
加验证码
sf0223cn 2007-04-18
- 打赏
- 举报
呵呵,这个问题我前段时间遇到过,每天几百条垃圾数据,不过我已经解决了
发出来跟大家分享以下啦
具体方法:
1,加验证码
2,防止数据从外部提交,判断提交时数据的来源就可以了
3,记录IP(我琢磨了很长时间,自己实验成功了)
4,在conn.asp文件中加防SQL注入
有这4个,基本没问题了
发出来跟大家分享以下啦
具体方法:
1,加验证码
2,防止数据从外部提交,判断提交时数据的来源就可以了
3,记录IP(我琢磨了很长时间,自己实验成功了)
4,在conn.asp文件中加防SQL注入
有这4个,基本没问题了
mwmaowei 2007-04-18
- 打赏
- 举报
后台审核或者再发布的地方加上验证码就可以了!
cyyxy 2007-04-17
- 打赏
- 举报
最好加入审核
silinee 2007-04-17
- 打赏
- 举报
现在一般的验证码根本不起作用的,用搜客之类的软件可以轻松破解,再加上一个可以随时变化IP的软件,实现注册发帖一条龙的刷,根本不好防。
你还是寄希望于那个人不是故意跟你捣乱,加一个逻辑验证什么的,比方说,你标题的第x(x是随机数)个字符是什么,今天是几月几日,如果想搞复杂点,或者你找百十来个简单易答的问题,把问题和答案分别写到数组,然后随机挑出一个问题,让发贴的人回答,这样应该会比较有效
你还是寄希望于那个人不是故意跟你捣乱,加一个逻辑验证什么的,比方说,你标题的第x(x是随机数)个字符是什么,今天是几月几日,如果想搞复杂点,或者你找百十来个简单易答的问题,把问题和答案分别写到数组,然后随机挑出一个问题,让发贴的人回答,这样应该会比较有效
奇型怪状 2007-04-17
- 打赏
- 举报
问题是机器自动发言,验证码好像没起作用.
只看远方 2007-04-17
- 打赏
- 举报
加验证码好点,一定要图片验证码,估计广告信息多,加个变量,进行过滤,
mrwang2000 2007-04-17
- 打赏
- 举报
个人意见,仅供参考
对发留言的IP进行限制,比如每个IP一段时间内只能发几次等等
对发留言的IP进行限制,比如每个IP一段时间内只能发几次等等
zhanghongwen 2007-04-17
- 打赏
- 举报
先审核再显示.
奇型怪状 2007-04-17
- 打赏
- 举报
DD
atao1980 2007-04-16
- 打赏
- 举报
同意楼上的,或者加上审核功能
changhe37 2007-04-16
- 打赏
- 举报
怀疑可以刷新提交,建议对同一IP进行提交时间限制.
奇型怪状 2007-04-16
- 打赏
- 举报
怀疑代码有SQL注入漏洞,大家帮忙看看
nihaopp 2007-04-16
- 打赏
- 举报
onpaste="return false; 信息内容访粘贴行不行?群发软件是不是内存粘贴?
loucc 2007-04-16
- 打赏
- 举报
利用认证码是个好方法
chang1216 2007-04-16
- 打赏
- 举报
<%
''--------定义部份------------------goldlan by lcz
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>"
Fy_Inf = split(Fy_In,"防")
'For Fy_Xh=0 To Ubound(Fy_Inf)
' response.write Fy_Inf(Fy_Xh) & "<br>"
'next
checkfile
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "非法操作!本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "操作 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:GET<br>"
Response.Write "提交参数:"&Fy_Get&"<br>"
Response.Write "提交数据:"&Request.QueryString(Fy_Get)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"GET",Fy_Get,Request.QueryString(Fy_Get)
Response.End
End If
Next
Next
End If
function txtRecord(daliIP,neibuIP,lczNow,lczPage,lczPostOrGet,lczCanshu,lczData)
if neibuIP="" or neibuIP=null then
neibuIP=daliIP
end if
dim fso,stream
path=server.MapPath("fangzhu.txt")
set fso=server.CreateObject("Scripting.filesystemobject")
if not fso.fileexists(path) then
set stream=fso.createtextfile(path,true)
stream.writeline("操作IP 操作IP1 操作时间 操作页面 提交方式 提交参数 提交数据")
set stream=nothing
end if
Set filelcz = fso.GetFile(path)
Set ts = filelcz.OpenAsTextStream(8, -2)
ts.writeline daliIP&" "&neibuIP&" "&lczNow&" "&lczPage&" "&lczPostOrGet&" "&lczCanshu&" "&lczData
ts.close
set ts=nothing
set filelcz=nothing
set fos=nothing
end function
%>
给你一个防蛀的程序吧 建立一个 fangzhu.txt 文件
''--------定义部份------------------goldlan by lcz
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In = """防'防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>"
Fy_Inf = split(Fy_In,"防")
'For Fy_Xh=0 To Ubound(Fy_Inf)
' response.write Fy_Inf(Fy_Xh) & "<br>"
'next
checkfile
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Write "非法操作!本站已经给您做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
if Request.ServerVariables("HTTP_X_FORWARDED_FOR")=null or Request.ServerVariables("HTTP_X_FORWARDED_FOR")="" then
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
else
Response.Write "操作 IP:" &Request.ServerVariables("HTTP_X_FORWARDED_FOR") &"<br>"
end if
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:GET<br>"
Response.Write "提交参数:"&Fy_Get&"<br>"
Response.Write "提交数据:"&Request.QueryString(Fy_Get)
txtRecord Request.ServerVariables("REMOTE_ADDR"),Request.ServerVariables("HTTP_X_FORWARDED_FOR"),now,Request.ServerVariables("URL"),"GET",Fy_Get,Request.QueryString(Fy_Get)
Response.End
End If
Next
Next
End If
function txtRecord(daliIP,neibuIP,lczNow,lczPage,lczPostOrGet,lczCanshu,lczData)
if neibuIP="" or neibuIP=null then
neibuIP=daliIP
end if
dim fso,stream
path=server.MapPath("fangzhu.txt")
set fso=server.CreateObject("Scripting.filesystemobject")
if not fso.fileexists(path) then
set stream=fso.createtextfile(path,true)
stream.writeline("操作IP 操作IP1 操作时间 操作页面 提交方式 提交参数 提交数据")
set stream=nothing
end if
Set filelcz = fso.GetFile(path)
Set ts = filelcz.OpenAsTextStream(8, -2)
ts.writeline daliIP&" "&neibuIP&" "&lczNow&" "&lczPage&" "&lczPostOrGet&" "&lczCanshu&" "&lczData
ts.close
set ts=nothing
set filelcz=nothing
set fos=nothing
end function
%>
给你一个防蛀的程序吧 建立一个 fangzhu.txt 文件
奇型怪状 2007-04-16
- 打赏
- 举报
大家帮忙看看代码有没有问题
<%
on error resume next
dim WrForm(10),iyzcode,From_url,Serv_url,facelist_rs
if CheckStr(request("action")) = "new" then
From_url = Cstr(Request.ServerVariables("HTTP_REFERER"))
Serv_url = Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(From_url,8,len(Serv_url)) <> Serv_url then
response.write ("<br><br>禁止外部提交!3秒钟后返回!<br><br><a href='index.asp'>返回</a> <meta http-equiv='refresh' content='3;url=index.asp'>")
response.redirect ("index.asp")
response.end
end if
if mid(From_url,8,len(Serv_url)) <> Serv_url then
session("imsg") = "13"
response.redirect ("msg.asp")
response.end
end if
iyzcode = cint(trim(request("yzcode")))
if iyzcode <> cint(Session("Foosun")) then
session("imsg") = "14"
response.redirect("msg.asp")
response.end
end if
WrForm(0) = CheckStr(trim(request("name")))
WrForm(1) = CheckStr(trim(request("qq")))
if CheckStr(HTMLEncode(trim(request("homeurl")))) = "" then
WrForm(2) = "http://"
else
WrForm(2) = CheckStr(HTMLEncode(trim(request("homeurl"))))
end if
WrForm(3) = CheckStr(trim(request("mail")))
WrForm(4) = CheckStr(HTMLEncode(trim(request("content"))))
WrForm(5) = CheckStr(request("face"))
WrForm(6) = cstr(now())
WrForm(7) = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If WrForm(7) = "" Then WrForm(7) = Request.ServerVariables("REMOTE_ADDR")
if CheckStr(request("show")) = "on" then
WrForm(8) = False
else
WrForm(8) = True
end if
WrForm(9) = trim(Request("fromm"))
strconn = "insert into ebook(fname,fqq,fhomeurl,fmail,fcontent,fface,ftime,fip,fshow,ffrom) values('" & WrForm(0) & "','" & WrForm(1) & "','" & WrForm(2) & "','" & WrForm(3) & "','" & WrForm(4) & "','" & WrForm(5) & "','" & WrForm(6) & "','" & WrForm(7) & "'," & WrForm(8) & ",'" & WrForm(9) & "')"
conn.execute (strconn)
if err.number = 0 then
response.redirect ("index.asp")
response.end
else
session("imsg") = "2"
response.redirect ("msg.asp")
response.end
end if
end if
set facelist_rs = conn.execute("select * from face")
%>
<%
on error resume next
dim WrForm(10),iyzcode,From_url,Serv_url,facelist_rs
if CheckStr(request("action")) = "new" then
From_url = Cstr(Request.ServerVariables("HTTP_REFERER"))
Serv_url = Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(From_url,8,len(Serv_url)) <> Serv_url then
response.write ("<br><br>禁止外部提交!3秒钟后返回!<br><br><a href='index.asp'>返回</a> <meta http-equiv='refresh' content='3;url=index.asp'>")
response.redirect ("index.asp")
response.end
end if
if mid(From_url,8,len(Serv_url)) <> Serv_url then
session("imsg") = "13"
response.redirect ("msg.asp")
response.end
end if
iyzcode = cint(trim(request("yzcode")))
if iyzcode <> cint(Session("Foosun")) then
session("imsg") = "14"
response.redirect("msg.asp")
response.end
end if
WrForm(0) = CheckStr(trim(request("name")))
WrForm(1) = CheckStr(trim(request("qq")))
if CheckStr(HTMLEncode(trim(request("homeurl")))) = "" then
WrForm(2) = "http://"
else
WrForm(2) = CheckStr(HTMLEncode(trim(request("homeurl"))))
end if
WrForm(3) = CheckStr(trim(request("mail")))
WrForm(4) = CheckStr(HTMLEncode(trim(request("content"))))
WrForm(5) = CheckStr(request("face"))
WrForm(6) = cstr(now())
WrForm(7) = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If WrForm(7) = "" Then WrForm(7) = Request.ServerVariables("REMOTE_ADDR")
if CheckStr(request("show")) = "on" then
WrForm(8) = False
else
WrForm(8) = True
end if
WrForm(9) = trim(Request("fromm"))
strconn = "insert into ebook(fname,fqq,fhomeurl,fmail,fcontent,fface,ftime,fip,fshow,ffrom) values('" & WrForm(0) & "','" & WrForm(1) & "','" & WrForm(2) & "','" & WrForm(3) & "','" & WrForm(4) & "','" & WrForm(5) & "','" & WrForm(6) & "','" & WrForm(7) & "'," & WrForm(8) & ",'" & WrForm(9) & "')"
conn.execute (strconn)
if err.number = 0 then
response.redirect ("index.asp")
response.end
else
session("imsg") = "2"
response.redirect ("msg.asp")
response.end
end if
end if
set facelist_rs = conn.execute("select * from face")
%>
lichxi1002 2007-04-15
- 打赏
- 举报
把发信息的IP屏蔽掉了
rehearts 2007-04-15
- 打赏
- 举报
验证码复杂一些 并且可以设置审核后显示啊
adverse 2007-04-15
- 打赏
- 举报
看不到,帮顶.
加载更多回复(5)
