I forgot about the less programmatic way to create spam, the traditional “urlcom” nick or “adddresdotcom” type of spam. The current version protects against any type of page rank bleeding with embedded scripts, links and html but it doesn’t prevent english spamming such as people repeating words, speaking url addresses, things of that nature. I made a quick little patch here for people who are wanting something for this.

Open up rpc.php and go to line 12 where a if statement begins with

<?php

if(isset($_POST['textbox'])){

?>

replace the body of the if statement with the following code.

<?php

$clean = preg_replace(’/[^a-zA-Z0-9\s]/’, ”,strtolower($_POST['textbox']));
$cleannick = preg_replace(’/[^a-zA-Z0-9\s]/’, ”,strtolower($_POST['nick']));
$uglywords = array(’com’,'net’,'org’,'biz’);
$lameguy = false;
foreach($uglywords as $key =>$value){
if(strstr($clean,$value) !== false)
$lameguy = true;
if(strstr($cleannick,$value) !== false)
$lameguy = true;
}
if($lameguy != true){
$sql = ‘INSERT INTO chatbox(user,message,posted,ip) VALUES (”‘.$cleannick.’”,”‘.$clean.’”,’.time().’,”‘.$_SERVER['REMOTE_ADDR'].’”)’;
mysql_query($sql);
}

?>

This is just a simple check and if you wanted to you could put more ugly words in the array to make whatever you wish to be more secure. It’s on the programmers to make a spam free internet.