| View previous topic :: View next topic |
| Author |
Message |
Sigg3
Joined: 03 Jul 2003
Posts: 889
Location: Oslo, Norway
|
 Posted: Mon Oct 25, 2004 2:01 pm Post subject: b2comments.post.php |
 |
|
I just had a real hard SPAM attack, probably deliberately to shut down my server, and my host wanted to know why I used POST instead of GET in the b2comments form.
Is it possible to use GET instead?
If things continues, I might just have to take down the entire comment-feature. Would be a real drag...
Edit: Wohoo! 600 post!
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center |
|
| Back to top |
|
 |
stevem
Joined: 15 Mar 2003
Posts: 357
|
| Posted: Mon Oct 25, 2004 4:57 pm Post subject: |
|
|
I can't see any reason why you can't use GET - which is not the same thing as saying it will work .
Looking at it very quickly you'll have to change the method in the forms in b2comments.php/b2commentspopup.php from post to get, then change HTTP_POST to HTTP_GET in b2comments.post.php. Maybe other files need changing as well but you could try these first and see what happens. |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 889
Location: Oslo, Norway
|
| Posted: Mon Oct 25, 2004 10:39 pm Post subject: |
|
|
Thanks. I will probably try it out..
..when my host decides I'm capable of running my own site again. Geez!
This is undoubtedly a pushed-beyond-limit SPAM attack or a DoS. The IPs (all with the same xxx.xxx.xxx numbers the last ones ranging from 4-12) were all tunneled through anonymous-tools.
Last time I checked the IP the spammer was from Spain, also different IPs, but the same company. It would most probably turn out that they just offered free proxies, so there's no point in investigating further.
Right now the page is all 403 Forbidden, and my host has taken down everything... Maybe a good excuse to start doing something with that new design I've been thinking about for half a year..
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center |
|
| Back to top |
|
|
Guest
|
| Posted: Wed Oct 27, 2004 11:08 am Post subject: |
|
|
Ok...
I changed every HTTP_POST to HTTP_GET (except for the get magic quotes definitions) and it works to post comments. But (in Firefox at least) the form just sends then nothing happens (for the poster). This means he has to hit F5 after posting...
anywho, I thought this could be relevant to the $location = function (in comments.post.php) and reverted these two back to HTTP_POST, but it didn't work..
Any thoughts? |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 889
Location: Oslo, Norway
|
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 357
|
| Posted: Wed Oct 27, 2004 2:19 pm Post subject: |
|
|
I wonder if you could use an old trick which fools the browser by letting it think it is seeing a new page. You just append ?a=1 to the URL (or any other letters/numbers). To do that in this case, in b2commentspopup.php you change | Code: | | <form action="b2comments.post.php" method="get"> |
to | Code: | | <form action="b2comments.post.php<?php echo '?a='.rand(1,100) ; ?>" method="get"> |
and in b2comments.php you change | Code: | | <form action="<?php echo $siteurl; ?>/b2comments.post.php" method="get"> |
to | Code: | | <form action="<?php echo $siteurl; ?>/b2comments.post.php<?php echo '?a='.rand(1,100) ; ?" method="get">>" |
This puts ?a= a random number between 1 and 100 in the URL - always putting a=1 might cause the same problem.
Not tested it though so may be errors or just not work! |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 889
Location: Oslo, Norway
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
