 |
boardom
b2 message board
|
| View previous topic :: View next topic |
| Author |
Message |
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
 Posted: Sat Oct 30, 2004 7:42 pm Post subject: How to avert SPAM bots |
 |
|
SPAM bots are generally written so that it accesses your post script (i.e., "b2comments.post..php") directly with a bunch of common variables. One easy way to avert those bots is to simply rename the script flle frequently; however, it can get pretty troublesome as you'd also have change the value of form action attribute for your comments page(s).
The only sure and easy way is to mandate users to comment ONLY from your comments page(s). To do this, you'd need to pass a variable along with the comment to the post script file and then do a comparison check...
Put the following form input tag in ALL your b2comments page(s):
| Code: | | <input type="hidden" name="verify" value="<?php echo md5(date("z", time())); ?>"> |
right before
| Code: | | <input type="hidden" name="comment_post_ID" value="<?php echo $id; ?>"> |
Then in your "b2comments.post.php" file:
| Code: |
/* spam-protection */
$wordlist = Array("casino",
"blackjack",
"poker",
"debt",
"gambling",
"holdem");
foreach ($wordlist AS $word) {
if (eregi("<\ *a\ *href\ *\=.*".$word.".*>", $HTTP_POST_VARS['comment'])) {
$spamcount++;
}
}
if ($spamcount > 0 || $HTTP_POST_VARS["verify"] != md5(date("z", time()))) {
exit("Your comment has been filtered as a SPAM!");
}
/* end spam-protection */
|
That eregi function looks for those keywords in URLs (idea by tierra) and blocks them.
Of course, this won't stop people from leaving SPAMs. For that, there's my Comments Blacklist hack.
EDIT: I'm no longer going to provide support for this. I apologize for any inconveniences this may cause.
TO ALL:
This script seems to work for all others, and it's working fine on my own blog. You just need to follow the instruction to the last character without making any errors on your end.
If you want it to automatically add the spammer to the blacklist, add the following: | Code: | | mysql_query("INSERT INTO $tableblacklist (IP,name,URL) VALUES ('$REMOTE_ADDR','$author','$url')"); |
right before | Code: | | exit("Your comment has been filtered as a SPAM!"); |
_________________
Michael P.
Last edited by Cyberian75 on Thu Dec 16, 2004 3:27 am; edited 19 times in total |
|
| Back to top |
|
 |
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Sun Oct 31, 2004 12:02 am Post subject: |
|
|
So the commenter_ip value functions like an md5 pwd? Is this "foolproof"? It doesn't hinder actual visitors to comment?
Sounds like great stuff....! *amazed*
So, let me check if I got this right.. This:
| Code: | | <input type="hidden" name="commenter_ip" value="<?php echo $REMOTE_ADDR; ?>"> |
goes into the form... between <form> and </form>, right?
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Sun Oct 31, 2004 5:15 am Post subject: |
|
|
| Sigg3 wrote: | | So the commenter_ip value functions like an md5 pwd? Is this "foolproof"? It doesn't hinder actual visitors to comment? |
md5 is just another "measure" to make it harder to guess those variable values and is not necessary. And yes, it doesn't hinder normal commenting.
| Sigg3 wrote: | | Sounds like great stuff....! *amazed* |
No need to be amazed. It's only a "conceptual" work.
| Sigg3 wrote: | So, let me check if I got this right.. This:
| Code: | | <input type="hidden" name="commenter_ip" value="<?php echo $REMOTE_ADDR; ?>"> |
goes into the form... between <form> and </form>, right? |
Yes, that's correct. 
_________________
Michael P.
|
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Sun Oct 31, 2004 6:52 pm Post subject: |
|
|
It'd be a good idea to use different variables for forms ([$]commenter_ip) and for the actual processing ($md5_commenter_ip) as form variables are revealed in Source View.
This "conceptual" work can be applied in every blogware -- if it isn't already.
_________________
Michael P.
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Tue Nov 02, 2004 1:15 pm Post subject: |
|
|
I have a strange feeling, tho.
Before the latest attack I'd renamed b2comments.post.php to inconvenient.issues.php, but my host says that the file causing the load was b2comments.post.php, and I saw the logfile myself.
Is it possible that there's a vulnerability somewhere else in the b2system, allowing the functions of b2comments.post.php to be executed through another file (without naming that file to the logs)? Could this be done with an external file?
I haven't had the time to add "Avert bots" modification to my b2, so installing that could solve this problem. I guess it's a repeating issue, because someone is deliberately targeting my site...
Last time posteriori the attack, no new SPAM messages could be found among the comments.. I have a bad feeling about this.
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Tue Nov 02, 2004 7:03 pm Post subject: |
|
|
I used to get 3-5 SPAMs daily on my old posts from those bots. I don't know about any vulnerabilities, though.
_________________
Michael P.
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 369
|
| Posted: Wed Nov 03, 2004 6:28 pm Post subject: |
|
|
I got that originally because, although I changed commenter_ip to something else, I hadn't done so in all places.
If you are sure all your variable names are consistent then try in b2comments.post.php adding an echo command to see if the variables are correct:
| Code: | $md5_commenter_ip = md5($HTTP_POST_VARS["commenter_ip"]);
echo "user_ip= ".$user_ip." commenter_ip= ".$HTTP_POST_VARS["commenter_ip"];
if (md5($user_ip) != $md5_commenter_ip) {
exit("No direct access!");
} |
When you comment you should get your IP address twice (ignore any header errors which are only because of the temporary echo line). If you don't then you've made an error with the variables. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Wed Nov 03, 2004 8:46 pm Post subject: obsolete |
|
|
Steve is correct.
I thought of an easier and much more effective method, though -- and possibly foolproof.
Put the following at the top of your "b2comments.post.php" file right before "dbconnect()":
Basically, if I'm correct regarding "HTTP_HOST," you're allowing access to your script if requests were made only from those "hosts," and since the "HTTP_HOST" is a server variable, it can't be changed easily. Correct me if I'm wrong, though, as I'm new to HTTP 1.1 Specifications.
UPDATE: I've tested the above script, and I can confirm that it works!
_________________
Michael P.
Last edited by Cyberian75 on Fri Nov 26, 2004 1:30 am; edited 13 times in total |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Sat Nov 06, 2004 11:57 am Post subject: |
|
|
Great. Installing it this instance...
..Guess who just got 3 front-row tickets for Lou Reed live????
Me! Me! Me! 
Now I must found a way of getting money for food:)
EDIT: I just thought of a thing. I replaced *.michaelpark.net with *.sigg3.net of course, but what about the users with spoofed domain and instatic IPs?
EDIT2: Ok. I just installed it, put the code above before:
| Code: | # if you want to change the paths here, remember to put your new path BEFORE $b2inc,
# like this: "b2/$b2inc/b2functions.php" |
But I get "Please fill in required fields (email, name)" when I post, even though they're filled out. Since it should be working there must be something I've overlooked. Anyone?
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1285
Location: Oregon
|
| Posted: Sat Nov 06, 2004 7:20 pm Post subject: |
|
|
You shouldn't be getting that at all. You must have messed up the comment form, because my script doesn't change those variables.
HTTP_HOST contains the host (donain) you're currenty viewing, not the users' IP information. I don't think it can be spoofed. What my script does is prevent the file being accessed externally.
_________________
Michael P.
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 906
Location: Oslo, Norway
|
| Posted: Sun Nov 07, 2004 1:07 pm Post subject: |
|
|
My commenttspopup form:
| Code: | | Crossed out due to space restrictions:P |
And, if necessary, inconvinient.issues.php (comments.post.php):
| Code: | | b2comments.post.php code (crossed out as well) |
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp!
Last edited by Sigg3 on Mon Nov 08, 2004 10:16 am; edited 1 time in total |
|
| Back to top |
|
|
daveo123
Joined: 23 Apr 2004
Posts: 13
|
| Posted: Sun Nov 07, 2004 5:41 pm Post subject: Parse Error |
|
|
I tried this but I'm getting a parse error with this line:
if (substr(trim($myhost_array[$index]),0,1) == "*") |
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 369
|
| Posted: Sun Nov 07, 2004 6:53 pm Post subject: |
|
|
As there isn't an error with that line I wonder if you have been using a text editor to put the code in the file?
Some online editors can mangle code so it doesn't run. |
|
| Back to top |
|
|
daveo123
Joined: 23 Apr 2004
Posts: 13
|
| Posted: Sun Nov 07, 2004 7:05 pm Post subject: DW |
|
|
I'm using Dreamweaver to edit it. Never had a problem before.
Is it a problem with the "myhost" variable? I'm putting it in as '*.oeskovic.com' (oeskovic.com is my domain) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2 © 2001, 2002 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
