留言板里好多垃圾留言,怎么屏蔽.应该都是机器自动发的,每天都有.
加了验证码也不定用,大家帮忙看看.
http://www.ctszj.net/ctszj/guestbook/index.asp
应该是有漏洞,验证码不显示也有新的留言出来
------解决方案--------------------
看不到,帮顶.
------解决方案--------------------
验证码复杂一些 并且可以设置审核后显示啊
------解决方案--------------------
把发信息的IP屏蔽掉了
------解决方案--------------------
有些论坛会随机放一些弱智问题
如1+1=2这种的.
可能会起一些作用
------解决方案--------------------
加个验证码就没事了呀,你的程序有问题
------解决方案--------------------
最快,最有效的办法:把留言板停了!
另一个办法:仔细检查一下你的程序,最好是使用审核之后才能显示留言的那种,如果使用验证码,把你的验证码改得复杂一些.
最不可能的办法:找到刷留言的人,K死他...
------解决方案--------------------
<%
' '--------定义部份------------------goldlan by lcz
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
Fy_In = " " "防 '防;防cmd防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防 <防> "
Fy_Inf = split(Fy_In, "防 ")
'For Fy_Xh=0 To Ubound(Fy_Inf)
' response.write Fy_Inf(Fy_Xh) & " <br> "
'next
checkfile
If Request.QueryString <> " " Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh)) <> 0 Then
Response.Write "非法操作!本站已经给您做了如下记录↓ <br> "
Response.Write "操作IP: "&Request.ServerVariables( "REMOTE_ADDR ")& " <br> "
if Request.ServerVariables( "HTTP_X_FORWARDED_FOR ")=null or Request.ServerVariables( "HTTP_X_FORWARDED_FOR ")= " " then
Response.Write "操作IP: "&Request.ServerVariables( "REMOTE_ADDR ")& " <br> "
else
Response.Write "操作 IP: " &Request.ServerVariables( "HTTP_X_FORWARDED_FOR ") & " <br> "
end if
Response.Write "操作时间: "&Now& " <br> "
Response.Write "操作页面: "&Request.ServerVariables( "URL ")& " <br> "
Response.Write "提交方式:GET <br> "
Response.Write "提交参数: "&Fy_Get& " <br> "
Response.Write "提交数据: "&Request.QueryString(Fy_Get)
txtRecord Request.ServerVariables( "REMOTE_ADDR "),Request.ServerVariables( "HTTP_X_FORWARDED_FOR "),now,Request.ServerVariables( "URL "), "GET ",Fy_Get,Request.QueryString(Fy_Get)
Response.End
End If
Next
Next
End If
function txtRecord(daliIP,neibuIP,lczNow,lczPage,lczPostOrGet,lczCanshu,lczData)
if neibuIP= " " or neibuIP=null then
neibuIP=daliIP
end if
dim fso,stream
path=server.MapPath( "fangzhu.txt ")
set fso=server.CreateObject( "Scripting.filesystemobject ")
if not fso.fileexists(path) then
set stream=fso.createtextfile(path,true)
stream.writeline( "操作IP 操作IP1 操作时间 操作页面 提交方式 提交参数 提交数据 ")
set stream=nothing
end if
Set filelcz = fso.GetFile(path)
Set ts = filelcz.OpenAsTextStream(8, -2)
ts.writeline daliIP& " "&neibuIP& " "&lczNow& " "&lczPage& " "&lczPostOrGet& " "&lczCanshu& " "&lczData