| View previous topic :: View next topic |
| Author |
Message |
tierra
Joined: 30 Nov 2004
Posts: 5
|
 Posted: Tue Nov 30, 2004 10:57 pm Post subject: [Hack] Google Bombing Spammers |
 |
|
As mentioned before, the comment blacklist doesn't work very well with spammers spoofing, and generally I've found recently use a wide variety of IPs even if they aren't spoofing making IP blocking features worthless.
So I took a different approach to the problem. The spammers seem to be aimed at more Google bombing techniques then grabbing users reading posts. If your not familiar with Google bombing, read:
http://www.microcontentnews.com/articles/googlebombs.htm
Since with Google bombing, you have to use your target word as the link text (or title), I do filtering on that level. So inside b2comments.post.php, before it checks $ok, add the following code:
| Code: | // Add words as neccessary...
$parsePost = "<xmlstuff>" . stripslashes($original_comment) . "</xmlstuff>";
$wordlist = Array(
"poker",
"gambling",
"blackjack",
"casino",
"free"
);
$parser = xml_parser_create();
xml_parse_into_struct($parser, $parsePost, $vals, $index);
xml_parser_free($parser);
foreach($vals as $element)
{
if(strtolower($element['tag']) == "a")
{
foreach($wordlist as $keyword)
{
$position = strpos(strtolower($element['value']), $keyword);
if($position !== false)
$ok = false;
}
}
)
|
Basically, it checks for any HTML links, and checks the link text for keywords spammers are using, then I got lazy and let the flood protection system block the post. It's actually probably better that way since spammers will think they've hit the flood, and won't try past that.
This was a simple quick hack I wrote up today, so if anyone wants to add in attribute checking to check the link "title" attribute for those keywords as well as anything else, go for it.
Note: This is for anyone that wants to still allow for linking inside comments, otherwise, you could just block any posts with a link period. |
|
| Back to top |
|
 |
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Wed Dec 01, 2004 12:46 am Post subject: |
|
|
Instead of using a XML parser, why not use a PCRE function? For example,
| Code: |
$wordlist = Array(
"poker",
"gambling",
"blackjack",
"casino",
"free"
);
foreach ($wordlist AS $word) {
$pattern = "<\s*a\s*href\s*\=.+>.*".$word.".*<\s*\/a\s*>";
if (eregi($pattern, $comment)) {
$ok = 0;
}
}
|
_________________
Michael P.
 |
|
| Back to top |
|
|
tierra
Joined: 30 Nov 2004
Posts: 5
|
| Posted: Wed Dec 01, 2004 8:16 am Post subject: |
|
|
| You could do that as well, in fact, that's actually better. I'm just not very experienced with PCRE or REGEX. I don't fully understand the syntax, but that does cover newlines in the middle of the link though right? The XML syntax can be easily broken while keeping a link intact I'm sure, so there's ways around my code. It works with all the methods all scammers have shown on my site currently, and it's an on-going battle, so stuff will always have to be changed up. Thanks for the addition. |
|
| Back to top |
|
|
tierra
Joined: 30 Nov 2004
Posts: 5
|
| Posted: Wed Dec 01, 2004 8:20 am Post subject: |
|
|
| Quote: | | if (eregi($pattern, $comment)) { |
BTW, I use $original_comment since some of the B2 parsing was cleaning out what I was looking for actually making it possible to get past the parsing with links intact. I wasn't sure how it was messing it up, but I think it's just better to parse the original submitted text. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Wed Dec 01, 2004 7:16 pm Post subject: |
|
|
I put it after... | Code: | | $original_comment = $comment; |
So it doesn't matter.
| Quote: | | ...but that does cover newlines in the middle of the link though right? |
Yes, the "." matches any characters including newline.
I use... | Code: | /* spam-protection */
$verify = $HTTP_POST_VARS["verify"];
$words = Array("casino", "blackjack", "poker", "free", "gambling");
foreach ($words AS $word) {
if (eregi("<\ *a\ *href\ *\=.+>.*".$word.".*<\ *\/a\ *>", $comment)) {
$spamcount++;
}
}
if ($spamcount > 0 || $verify != md5(date("z", time()))) {
exit("Your comment has been filtered as a SPAM!");
}
/* end spam-protection */ |
To use more than one word in an array elenment, put "\s+" instead of spaces.
_________________
Michael P.
Last edited by Cyberian75 on Wed Dec 01, 2004 7:54 pm; edited 2 times in total |
|
| Back to top |
|
|
ghoti
Joined: 27 Jul 2004
Posts: 8
|
| Posted: Wed Dec 01, 2004 7:22 pm Post subject: Where |
|
|
| You said to put the hack before it checks $ok. Where is that exactly? Sorry to be the ignorant n00b. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Wed Dec 01, 2004 7:34 pm Post subject: |
|
|
Look for...
_________________
Michael P.
|
|
| Back to top |
|
|
ghoti
Joined: 27 Jul 2004
Posts: 8
|
| Posted: Wed Dec 01, 2004 7:44 pm Post subject: parse error |
|
|
I add in the above code right before the "if ($ok)," but then when I try to comment on my page, I get this:
Parse error: parse error, unexpected T_STRING in /home/storm7/public_html/home/b2comments.post.php on line 93
What am I doing wrong? |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Wed Dec 01, 2004 7:49 pm Post subject: |
|
|
Which one???
_________________
Michael P.
|
|
| Back to top |
|
|
ghoti
Joined: 27 Jul 2004
Posts: 8
|
| Posted: Wed Dec 01, 2004 7:52 pm Post subject: |
|
|
I'm adding this code:
| Quote: |
// Add words as neccessary...
$parsePost = "<xmlstuff>" . stripslashes($original_comment) . "</xmlstuff>";
$wordlist = Array(
"poker",
"gambling",
"blackjack",
"casino",
"free"
);
foreach ($wordlist AS $word) {
$pattern = "<\s*a\s*href\s*\=.+>.*".$word.".*<\s*\/a\s*>";
if (eregi($pattern, $comment)) {
$ok = 0;
}
}
foreach($vals as $element)
{
if(strtolower($element['tag']) == "a")
{
foreach($wordlist as $keyword)
{
$position = strpos(strtolower($element['value']), $keyword);
if($position !== false)
$ok = false;
}
}
) |
|
|
| Back to top |
|
|
kiss
Joined: 09 Sep 2004
Posts: 63
Location: Brooklyn
|
| Posted: Tue Dec 07, 2004 4:27 pm Post subject: |
|
|
| so which code do we use exactly? i just got bombed again with 175 comments. |
|
| Back to top |
|
|
tierra
Joined: 30 Nov 2004
Posts: 5
|
| Posted: Wed Dec 08, 2004 12:36 am Post subject: |
|
|
using some new derived work from both of us it's easy and clean to just put this above the "if($ok) {" line:
| Code: | $wordlist = Array(
"poker",
"gambling",
"blackjack",
"casino",
"free",
"holdem",
"texas"
);
foreach ($wordlist as $keyword)
if (eregi("<\ *a\ *href\ *\=.+>.*".$keyword.".*<\ *\/a\ *>", $original_comment))
$ok = false; |
BTW, I wanted to thank you again Cyberian75 for being paranoid enough to re-write new code, that's a good habit. |
|
| Back to top |
|
|
kiss
Joined: 09 Sep 2004
Posts: 63
Location: Brooklyn
|
| Posted: Wed Dec 08, 2004 12:38 am Post subject: |
|
|
| imam try this one out becuz the other makes ALL my comments identified as spam |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1267
Location: Oregon
|
| Posted: Wed Dec 08, 2004 1:33 am Post subject: |
|
|
| kiss wrote: | | imam try this one out becuz the other makes ALL my comments identified as spam |
This one only filters links with those keywords.
Tierra, thanks for your acknowledgement. 
_________________
Michael P.
|
|
| Back to top |
|
|
kiss
Joined: 09 Sep 2004
Posts: 63
Location: Brooklyn
|
| Posted: Wed Dec 08, 2004 1:36 am Post subject: |
|
|
| Cyberian75 wrote: | | kiss wrote: | | imam try this one out becuz the other makes ALL my comments identified as spam |
This one only filters links with those keywords.
|
So what does the other one do? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
