| View previous topic :: View next topic |
| Author |
Message |
stevem
Joined: 15 Mar 2003
Posts: 323
|
 Posted: Mon Nov 15, 2004 1:51 pm Post subject: |
 |
|
Lynn: It's strange that the incorrect URL is being shown, but that is the cause of the problem. I'm not clear why the partial URL is being shown but Cyberian75's suggestion should solve it for you
Sigg3: Either the spammer is doing something very clever or there's an error in the b2allissues.php code. Could you have a look in the database at the b2comments table? Do these spams have entries in the comment_ID and comment_post_ID and does the comment_post_ID match up with the posts in b2posts tables? Does b2allissues.php allow you to delete these comments?
I wonder if what the spammer is doing is posting with future post IDs. Let me explain. Suppose you have posts numbered 1 to 50. The spammer puts in comments which should go with posts 70-80. Then when you get to actually write post 70 up pops the spam comment instantly.
Now this could explain both Lynn's and Sigg3's problem - despite locking the door they are still receiving spams. But these were received before blacklisting so the solution is to get rid of all the old ones and then, assuming blacklisting is working as it should, there should be no more. |
|
| Back to top |
|
 |
stevem
Joined: 15 Mar 2003
Posts: 323
|
| Posted: Mon Nov 15, 2004 2:02 pm Post subject: |
|
|
| I have an improved version of List All Comments which will allow you to search for and delete all spam containing a particular word. This could, for example, help lynn with her spam attacks. Sigg3 is kindly testing it for me at the moment and if he's happy with it I will post it here. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Mon Nov 15, 2004 7:30 pm Post subject: |
|
|
If those "future" SPAM comments share the same IP, once you get that IP, add and then do a search in Blacklist.
_________________
Michael P.
 |
|
| Back to top |
|
|
lynn
Joined: 04 Jul 2003
Posts: 63
Location: USA
|
| Posted: Mon Nov 15, 2004 7:50 pm Post subject: |
|
|
| I made the change that Cyberian75 suggested. Same result. I still get the 404. |
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 323
|
| Posted: Mon Nov 15, 2004 7:58 pm Post subject: |
|
|
Very odd. But to get it working replace $siteurl (where Cyberian75 suggested putting it) by http://www.aeternam626.com so you have | Code: | | echo " [ <a href=\"http://www.aeternam626.com/$PHP_SELF?action=deletecomment&p=".$postdata["ID"]."&comment=".$commentdata["comment_ID"]."\" onclick=\"return confirm('You are about to delete this comment by \'".htmlentities($commentauthor)."\'\\n \'Cancel\' to stop, \'OK\' to delete.')\">Delete Comment</a> ]"; |
That should work and it's simpler than trying to find out what is going wrong  |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Tue Nov 16, 2004 1:52 am Post subject: |
|
|
| lynn wrote: | | I made the change that Cyberian75 suggested. Same result. I still get the 404. |
Where did you put your "allcomments" file???
_________________
Michael P.
|
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 323
|
| Posted: Tue Nov 16, 2004 6:42 pm Post subject: |
|
|
Here is the update to b2allcomments.php. You can search for any word and delete all comments with that word or just delete comments individually.
Please though, backup your database first in case things go wrong. Quick Backup is an easy and quick way to do so.
Searching for nothing will show all comments.
b2allcomments.php (You can call it whatever you want)
| Code: | <?php
require("b2config.php");
require("$b2inc/b2template.functions.php");
include("$b2inc/b2vars.php");
include("$b2inc/b2functions.php");
dbconnect();
get_currentuserinfo();
if (!($user_login)) exit;
if ($user_level<8) exit;
if ($action=='deletecomment') {
$standalone = 1;
require_once("./b2header.php");
if ($user_level == 0)
die ("Cheatin' uh ?");
$comment = $HTTP_GET_VARS['comment'];
$p = $HTTP_GET_VARS['p'];
$commentdata=get_commentdata($comment) or die("Oops, no comment with this ID. <a href=\"$PHP_SELF\">Go back</a> !");
if ($search!="") {
$query = "DELETE FROM $tablecomments WHERE comment_content NOT LIKE '%<trackback />%' AND comment_content LIKE '%$search%'";
} else {
$query = "DELETE FROM $tablecomments WHERE comment_ID=$comment";
}
$result = mysql_query($query) or die("Oops, no comment with this ID. <a href=\"$PHP_SELF\">Go back</a> !");
header ("Location: $PHP_SELF");
}
?>
<html>
<head>
<style type="text/css" media="screen">
@import url( layout2b.css );
</style>
<link rel="stylesheet" href="<?php echo $b2inc; ?>/b2.css" type="text/css">
<title>Comments</title>
</head><body>
<h2><?php if ($search!="") {
echo "Comments including '$search'";
} else {
echo "All Comments";
} ?>
</h2>
<div id="contentcomments">
<div class="storyContent">
<div><b><span style="color: #0099CC">::</span> <a href="index.php">return to the blog</a></b> <a href="b2edit.php">:: return to edit</a></div>
<br /><br />
<form method="post" action="<?php echo $PHP_SELF ?>">
<input type=submit name="submit" value="Show comments with" class="search">
<input type=text name="search">
<?php
$queryc = "SELECT * FROM $tablecomments WHERE comment_content NOT LIKE '%<trackback />%' AND comment_content LIKE '%$search%' ORDER BY comment_date DESC";
$resultc = mysql_query($queryc);
if ($search!="" && mysql_num_rows($resultc)>0) { ?>
<a href="<?php echo $PHP_SELF."?search=".$search."&action=deletecomment" ?>" onclick="return confirm('You are about to delete all comments containing \'<?php echo $search ?>\'\nCancel to stop, OK to delete')">Delete all comments including '<?php echo $search ?>'</a>
<?php } ?>
</form><br /><br />
<?php
if ($resultc) {
// these lines are b2's motor, do not delete
while($rowc = mysql_fetch_object($resultc)) {
$commentdata = get_commentdata($rowc->comment_ID);
$posting = $rowc->comment_post_ID;
$commentauthor = $rowc->comment_author;
$postdata = get_postdata($posting);
?>
<p>
<b><?php comment_author() ?></b> ( <?php comment_author_email_link() ?>
<?php if(comment_author_url_link()=="") {$slash="";} else {$slash="/";} echo " $slash"; ?>
<?php comment_author_url_link() ?> ) (IP: <?php comment_author_IP() ?>)
<?php comment_date('D j M Y') ?> @ <?php comment_time('g:i a') ?>
<?php
echo " [ <a href=\"$PHP_SELF?action=deletecomment&p=".$postdata["ID"]."&comment=".$commentdata["comment_ID"]."\" onclick=\"return confirm('You are about to delete this comment by \'".htmlentities($commentauthor)."\'\\nCancel to stop, OK to delete.')\">Delete Comment</a> ]";
?><br />
Comment was made in <b>
<?php the_title() ?> <?php echo $the_date ?> @ <?php the_time('g:i a') ?></b><br /><br />
<?php comment_text() ?>
<br /><br /></p>
<?php //end of the loop, don't delete
}
}
?>
<br /><br />
<div><b><span style="color: #0099CC">::</span> <a href="index.php">return to the blog</a></b> <a href="b2edit.php">:: return to edit</a></div>
</div></div>
</body>
</html> |
Last edited by stevem on Tue Nov 16, 2004 11:59 pm; edited 1 time in total |
|
| Back to top |
|
|
noahd
Joined: 01 Dec 2003
Posts: 7
|
| Posted: Tue Nov 16, 2004 11:55 pm Post subject: |
|
|
| thanks, works like a charm first try! |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 779
Location: Oslo, Norway
|
| Posted: Wed Nov 17, 2004 10:02 am Post subject: |
|
|
| lynn wrote: | | Ah... I had wondered about that. I didn't see anything in the instructions about where to put it so I put it in the same folder that b2menutop.txt is in. |
The dangers of uncritical cut-and-paste. I'll update the txt file.
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 779
Location: Oslo, Norway
|
| Posted: Wed Nov 17, 2004 10:17 am Post subject: |
|
|
| stevem wrote: | | I wonder if what the spammer is doing is posting with future post IDs. Let me explain. Suppose you have posts numbered 1 to 50. The spammer puts in comments which should go with posts 70-80. Then when you get to actually write post 70 up pops the spam comment instantly. |
This seems very plausible, since I a) have a comment-count on the initial page (assuming the spammer even visits his targets) and b) saw that the comment's number was around 1000, when I only have about 400 comments.
I haven't had the time to test the improved b2allcomments just yet:p
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center |
|
| Back to top |
|
|
lynn
Joined: 04 Jul 2003
Posts: 63
Location: USA
|
| Posted: Wed Nov 17, 2004 2:17 pm Post subject: |
|
|
-- "Where did you put your "allcomments" file???" --
It's now in the B2 directory, as someone suggested above. |
|
| Back to top |
|
|
lynn
Joined: 04 Jul 2003
Posts: 63
Location: USA
|
| Posted: Fri Dec 17, 2004 8:44 pm Post subject: |
|
|
I tried the new version and it's still not working.  |
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 323
|
| Posted: Fri Dec 17, 2004 9:04 pm Post subject: |
|
|
| What's not working? What is happening? |
|
| Back to top |
|
|
lynn
Joined: 04 Jul 2003
Posts: 63
Location: USA
|
| Posted: Fri Dec 17, 2004 9:07 pm Post subject: |
|
|
| Every time I try to delete a comment I get a 404 page. |
|
| Back to top |
|
|
stevem
Joined: 15 Mar 2003
Posts: 323
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
