 |
boardom
b2 message board
|
| View previous topic :: View next topic |
| Author |
Message |
Cyberian75
Joined: 26 Sep 2002
Posts: 1257
Location: Oregon
|
 Posted: Sat Dec 11, 2004 6:33 pm Post subject: Re: Variables |
 |
|
| daveo123 wrote: | | ....but I don't think I have a variable redundency. |
WRONG! | Code: | if ($IP != md5($user_ip)) {
exit("Your comment has been filtered as a SPAM!");
} |
I'm really no longer going to provide support for this.
_________________
Michael P.
 |
|
| Back to top |
|
 |
maimiti
Joined: 16 Sep 2003
Posts: 20
|
| Posted: Sat Dec 11, 2004 11:21 pm Post subject: |
|
|
| I installed this one today and then it turned out to be impossible to add any comments what so ever. It filtered out everything as SPAM. |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1257
Location: Oregon
|
| Posted: Sun Dec 12, 2004 6:36 am Post subject: |
|
|
TO ALL:
This script seems to work for all others, and it's working fine on my own blog. You just need to follow the instruction to the last character without making any errors on your end.
_________________
Michael P.
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 760
Location: Oslo, Norway
|
| Posted: Mon Dec 13, 2004 11:33 am Post subject: |
|
|
I agree, it works brilliantly.
And along with blacklist _and_ word verifier (now added to b2anti-spam) I don't receive any spam at all.
I ask people to respect Michael's request here, since it works. Then if it doesn't you a) have done something wrong (read the steps over again) or b) use an edited version of the files in question. Check out if there are hacks that involves changes to the files prior to the installation of this mod.
You can download the default ones from http://sigg3.net/cafelog
_________________
VOTE for Female of the Year 2004 NOW! |
|
| Back to top |
|
|
asiansoul
Joined: 29 Mar 2004
Posts: 4
|
| Posted: Wed Dec 15, 2004 1:37 am Post subject: modify the hack |
|
|
i used this hack and it blocked A LOT of the valid entries. i received lots of complaints about it. any alternative? or can u change the script so that it doesn't block valid entries.
_________________
Ivy
http://mezza-9.net |
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1257
Location: Oregon
|
| Posted: Wed Dec 15, 2004 2:56 am Post subject: Re: modify the hack |
|
|
| asiansoul wrote: | | i used this hack and it blocked A LOT of the valid entries. i received lots of complaints about it. any alternative? or can u change the script so that it doesn't block valid entries. |
That doesn't make sense at all, unless you've put more words into the "wordlist" array for it to filter.
_________________
Michael P.
|
|
| Back to top |
|
|
Cyberian75
Joined: 26 Sep 2002
Posts: 1257
Location: Oregon
|
| Posted: Thu Dec 16, 2004 3:29 am Post subject: |
|
|
If you want it to automatically add the spammer to the blacklist, add the following: | Code: | | mysql_query("INSERT INTO $tableblacklist (IP,name,URL) VALUES ('$REMOTE_ADDR','$author','$url')"); |
right before | Code: | | exit("Your comment has been filtered as a SPAM!"); |
_________________
Michael P.
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 760
Location: Oslo, Norway
|
|
| Back to top |
|
|
crab
Joined: 03 May 2004
Posts: 3
|
| Posted: Fri Dec 17, 2004 7:09 am Post subject: |
|
|
This is exactly what I did:
| Code: |
<input type="hidden" name="verify" value="<?php echo md5($REMOTE_ADDR); ?>">
|
Then in your "b2comments.post..php" file after the "$user_ip" variable near line 50:
| Code: |
$IP = $HTTP_POST_VARS["verify"];
if ($IP != md5($user_ip)) {
exit("Your comment has been filtered as a SPAM!");
}
|
now I have this at the top of my page and on the comments popup:
Warning: ob_start(): output handler 'ob_gzhandler' conflicts with 'zlib output compression' in /home/cbaron/public_html/blog/b2-include/b2functions.php on line 598
I don't know php very well at all so I have no idea what it means or how to fix it. Any help would be appreciated. |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 760
Location: Oslo, Norway
|
|
| Back to top |
|
|
BDKR
Joined: 04 Jan 2003
Posts: 25
Location: Clearwater, Florida
|
| Posted: Mon Dec 20, 2004 6:44 pm Post subject: |
|
|
Well, first off, I know Michael isn't supporting this anymore. That's cool as I'm not looking for support for the mod itself. This is more discussion on the topic and a question or two.
| Cazorp wrote: | They are back.. I got hit for 173 spams this morning... I have added that spam protection by cyberian75, but they still got through.. Am i doing something wrong???
Where do I exactly put the following line:
<input type="hidden" name="verify" value="<?php echo md5(date("z", time())); ?>">
...
Any help is greatly appreciated, I I just don't know how this all works..  |
More for the tech guys:
If you look at something like Snoopy (http://sourceforge.net/projects/snoopy/) you quickly realize that it's a rather sophisticated bit of code that in the hands of a good coder can probably overcome the mod spoken of above. There is a method in the snoopy class that can request a URL and another that can parse the html elements, and more importantly in this case, the form elements. That said, the script, using this class (or a similar one) could request the form and from the information gathered put together everything needful to make a successful post in spite of the mod.
However, it can't overcome a turing test (unless the answer of the turing test is in the form).
On to other things. My approach at this time is two fold with another element that I will be adding in the future.
NOW
1) I scan for terms in the author and url fields at post time. If I find them, I fail the post and log the info t a file. To the bot, it would seem as if the post was a success (I'm trying to avoid retaliation).
2) I run a cron job that cleans the b2comments table nightly based on search for certain authors or URL's. This is to deal with things that might slip through for one reason or another or are the result of an actual human posting and not yet being know as a comment spammer.
FUTURE
3) Scan the actual comment itself for links to know comment span URLS. This process will also make a decision based on the actual number of links in the comment.
4) As an option, lock out commenting on older posts.
So far, everything that I've got going is working well, but I'd like to know if there is a universal list of authors and urls out there somewhere. I could update it myself, but I would never be able to keep up as one individual. A lot of people adding to the list here or there would be great.
Another approach to dealing with comment spam that is 'out there' and under development (I'm sorry, I can't remember the link at this point in time) is a system where all blog commenters us a common log in system. Everyone will have to be know to that system to post a comment on your blog. Know spammers that sign up would eventually be purged from that system based on input from the site admins. I personally like this idea working in conjunction with the above.
Anyway, I don't have time to support anyone using these, but if you are interested, my filter file and cron job for cleaning spam can be found at http://mgaps.highsidecafe.com/tools . The filter.txt file has two functions I use for checking the author and url fields as well as my jargon and php filters. Also, the code I use for generating the image I use in my turing test is button.txt in the same directory.
Lastly, somone could possibly write a script to break my turing test becuase of how I pass the key to the script that generates the image. This is something that I will work on in time, but for now, I'm a little ahead of the spammers.
Cheers,
BDKR |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2 © 2001, 2002 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
