cPanel Hosting by

Stop Guestbook SPAM

Article title: What is guestbook spam and how to stop it

Author: Klemen Stirn

What is guestbook SPAM?

Guestbook spam is simply a phrase for advertising messages that people submit in your guestbook. Spammers submit the same message with the link to their website in numerous guestbooks hoping for some clicks and links indexed by search engines. You can recognize spam by completely irrelevant, general or promotion messages always accompanied by URL of a website. Most of the time messages explain how good your site is, for example:

Sweet page! I think it's cool! Visit my site http://www.??????.??

Spammers usually use some kind of software that automatically submits their messages to hundreds of guestbooks. They never actually open or look at your website, only the software sends their spam to your guestbook script.

The bottom line is guestbook spam is very annoying and can completely overflow your guestbook and make it practically unusable (who want's to have their guestbook full of messages saying buy pills, drugs and stuff?). In fact I know quite a few webmasters who disabled their guestbook after being spammed again and again and again.


Use a guestbook with good anti-spam measures. If your server supports PHP scripts give the Guestbook script from PHP Junkyard a try! It's free and capable of blocking a ton of spam! The SPAM combating features in GBook include:

  • Security image aka CAPTCHA
  • Logical question
  • JunkMark™
  • Disable posting URLs

Let's say a few words about each of these measures.


This is a generated image showing a 5-digit number that changes every time someone wants to post a message. In order to successfully submit a new guestbook entry the visitor needs to type in the correct number.

In the above example one would have to type 94740 into the box to submit a message. Like I said the security number changes every time you try to post a message. Using this simple check GBook prevents automated signups by spam software.

Logical question

While a CAPTCHA can be effective against simple SPAM programs the problem is more complex software can read the number from the image. There are also accessibility issues to be considered - visually impaired people for example can't read CAPTCHAs and therefor can't submit forms using them.

As an alternative GBook comes with an option to setup a logical question that is easy to solve for a human, but can be a huge problem for a computer program. You can set up questions like "What color is snow?" (answer: white), or an even simpler question like the one below:

Similalry as with CAPTCHA, the visitor needs to type human into the appropriate box to submit a comment.


CAPTCHAs and logical questions are effective methods to combat SPAM, but what if a spammer doesn't use software to submit SPAM and actually visits your guestbook? In this case he/she is still able to get past it and submit his/her spam.

This is where JunkMark™ comes in. It's a unique tool designed to additionally filter the SPAM that slips through the security image. It comapres submitted information against certain patterns and words to recognize advertising messages. For obvious reasons I can't give out any details about how this filter works, but it does the job and it does it good.

Disable posting URL addresses

By default GBook will block any comment that includes website URLs. The philosophy behind this is simple: the purpose of a guestbook is letting people post a comment about YOUR website and not invite people to visit THEIR website. Since no URLs can be posted it will scare away spammers as well.

The URL field can be enabled easily in the settings if you wish to include it anyway, but leaving it disabled is an effective trick against guestbook spam!

How effective is GBook at fighting guestbook spam?

This is something I have been asking myself, so I decided to make a little test. I edited the demo guestbook on my site to log all posts in a special file, even those who don't pass the security number check. Then I ran the test for 24 hours (on January 26th, 2006) and the results were astonishing!

Within 24 hours no less than 143 spam messages were blocked!

Yes, if I disabled the security check my demo guestbook would have been spammed with 143 messages in a single day! The guestbook would have been a mess by now!


Guestbook spam is a very annoying way of advertising, but with proper filters it can be reduced to a minimum. If your guestbook is having problems with spam I suggest you give my PHP guestbook script GBook a try, it does help! And it's free!

Copyright notice

This tutorial is copyrighted by Klemen Stirn. Obtain permission before copying, re-publishing or otherwise redistributing this article.

Dedicated Servers by