I created a free online web form builder a while back and since it went well in search engine rankings, spammers and phishers found it and started to use it creating forms to collect email account usernames and passwords through phishing attempts. I’ve got to do something before my host closes down my site because of all the complaints and alerts from security department of the universities. They’ve got good reasons. I’m hosting all the phishing forms.

Phishers tend to use URL slugs that include words such as ‘admin’, ‘webmail’ or ‘account’ so that the form seems authoritative at first glance. After they have signed up, they will create forms with fields labeled ‘Password’ or something. So what I’m going to do is to list all such words as reserved words and prohibit the users from doing anything with them.

A function will be needed to examine a subject string against an array of reserved words that will be censored when users use them as input. Listed is a my function:

public static function isStringLegal($subjectString = '', $disallowedWords = array()) {
	$alphabetSubject = preg_replace('|[^a-zA-Z]+|', '', $subjectString);
	foreach ($disallowedWords as $disallowedWord) {
		if (stripos($alphabetSubject, $disallowedWord) !== false) {
			return false;
		}
	}
	return true;
}

The PHP function stripos() returns a numeric value if it finds $disallowedWord in $alphabetSubject, case-insensitive. If it fails to find anything, it returns false.

A sample disallowed words list:

$slugDisallowedWords = array(
	'formkid',
	'kavoir',
	'mail',
	'admin',
	'account',
	'password'
);

The disallowed words list can only contain alphabet letters. If you need a phrase such as ‘no way’, you have to add it in the array as ‘noway’. This is to prevent illegal attempts to add any word or phrase in manners such as ‘a-d-m-i-n’ or ‘Pa_ss Word’. All the non-alphabet letters / characters are first gotten rid of and then the deprived string which contains only alphabet letters are checked against each word in the disallowed words list.

Related Posts:

• PHP: Count Words in a String
• PHP: Check if A String Contain Only Uppercase / Capital Letters
• PHP: Crontab Class to Add, Edit and Remove Cron Jobs
• PHP String Case: Uppercase all Letters or Lowercase all Letters in a String | Uppercase First Letter of a String | Uppercase First Letter of all Words in a String
• JavaScript: Split and Divide Text String by A Delimiter

Back when WordPress was pretty young there’s some loopholes that enable hackers to inject unauthorized and dangerous HTML code into your website pages, thus promoting the distribution of malware that damages the end users computer. I was once there and got penalized by Google for one of my sites. However, they are gentle enough to detect that this might not be my fault but still decided to bring down the overall ranking of all the pages on that site for a while to protect Internet users and notify me.

If you have spotted anything suspicious or sense that your overall site ranking is down, you may want to check it out for sure if your site has been infected with malware or anything else that’s a threat to your site and the visitors.

Just go here: http://www.google.com/safebrowsing/diagnostic?site=example.com

And Google will present you a detailed report of what they have found on your site for the last 90 days.

Related Posts:

• Google: Restrict matching results by searching only the anchor text, page title, page URL, page text or filetype
• What is wrong with ‘Supplemental result’?
• Auto-generated content by user searches
• Find the perfect page to build links on
• Web Hosting IP and SEO: Are You A Slum Dog or Are You A Millionaire?

phpBB is pretty much the best php forum software out there that is free, and comes the first choice of many webmasters. However, after a few weeks of first installation, many complain that spam bots start to overwhelm their forums, flooding with automated spam registrations and spam posts.

Unfortunately, that is generally because:

1. phpBB disables account activation by default so that any registered account would be instantly able to write and submit posts.
2. The default image captcha at registration is much too easy for anti-captcha programs to break.

So, taking phpBB 3.0.4 for an example, to prevent the majority of simple phpBB forum spam bots, with every new phpBB installation, you will:

1. Enable registration activation: Administration Control Panel => General => (Board Configuration) User registration settings => (General settings) Account activation => Now select ‘By User‘ from ‘None‘ => Submit.Thereby all new registered accounts will be required to validate the email address which no automated spam bots would do with fabricated ones, at least for not-so-valuable new forums.
2. Use harder captcha images: Administration Control Panel => General => (Board Configuration) Visual confirmation settings => (General options) => GD CAPTCHA foreground noise => Select ‘Yes‘ instead of ‘No‘ => Submit.This would make the captcha a lot harder to break but also less user friendly / accessible because the texts are also much harder for human recognizing. To ease the pain, you may want to set the numeric values just below the option for background noises of x-axis and y-axis higher or zero. I use 200.

After all these efforts you should be receiving much less spam now. If they still laugh at your defense and keep on coming, you should consider using more advanced image captcha such as reCaptcha.net.

For an idea of what captcha works best

Below is a list of famous Chinese websites image captchas that have allegedly been broken by automated text recognition programs with an accuracy percentage and price for each of them. From them you can get an idea of what captcha works the best and what can be easily worked around.

Origin	Samples	Accuracy	Price	Comments
9you		100%	500 $100	Very Easy
tiancity		100%	500 $100	Very Easy
cncard		100%	500 $100	Very Easy
the9		100%	500 $100	Very Easy
the9		99%	1000 $200	Easy
kingsoft		98%	1000 $200	Easy
taobao		95%	1000 $200	Easy
dvbbs		95%	1000 $200	Easy
126		95%	1000 $200	Easy
163		95%	1500 $300	Middle
shanda		90%	1500 $300	Middle
qq		90%	1500 $300	Middle
xiaonei		85%	1000 $200	Middle
sdo		85%	1500 $300	Middle
ourgame		80%	1500 $300	Middle
chinaren		85%	2000 $400	Middle
monter		80%	2000 $400	Middle
baidu		80%	$3000	Difficult
qq		75%	$3000	Difficult
ebay		60%	$4000	Difficult
myspace				30%
google				30%
hotmail				30%
yahoo				45% $8000

Related Posts:

• phpBB: Disabling User Registrations / Signup
• How to Enable / Change vBulletin Default Thread Subscription Mode for New User Registrations?
• How to change CJ password? (of Commission Junction)
• Pair.com Hosting Coupons and Promo Codes (Bonus: Pair.com Control Panel Screenshots)
• $6.99 .com domain coupon at GoDaddy for both registration and renewal