I deleted the spamming cards in the e-card database and proceeded to make it much more difficult for spammers to use our e-cards by doing the following:
- Limit the amount of time a card is available from forever to 7 days.
- Limit the type of HTML tags that can be used in the body of the e-card preventing the use of javascript, redirects, links and so forth. There is a php function called strip_tags which does the trick.
- Utilize two of the most effective and popular anti-spam services that are used in the Blogging and Photo Gallery comments:
- Bad-Behavior: which stops spam links and spam robots before they can even see a page.
- Akismet: which is a spam filtering service developed by the creators of WordPress. So if the spammer gets through the first defense, this service scans the content of the fields being submitted.
Bad-Behavior and Akismet are highly regarded and very effective separately. When combined they are even more so. The beauty and simplicity of PHP made these updates possible along with the fact that everything is open source.
In addition to the above, I changed the WYSIWYG editor from FCKeditor to TinyMCE which works in both Windows and Macs. FCKeditor did, too, but it did not work with Apple's Safari browser. TinyMCE also appears to load faster. I also brought back the preview function which hopefully will now display an accurate preview. I also added a noscript message to inform visitors that they need to enable javascript in their browser in order to utilize the e-cards.
I will monitor the e-cards more closely. I do not normally look at the content of the cards sent, but I will now periodically scan them. However, I feel that with the new measures in place we should continue to maintain the e-cards since they are a popular feature on the web site. If necessary, I will add a CAPTCHA ( Completely Automated Public Turing test to tell Computers and Humans Apart) to the e-card form.
I wish that Bad-Behavior was around when we were running the phpBB bulletin board because it may have helped.