Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other
Author Message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Sun Oct 30, 2005 9:23 am Reply with quote

I think that the casino sites are finding other ways to mixed up in ous sites/ranks whatever.
Today someone submitted a website (looked as a useless site) and used a email address from (casino watch dogs) .
I know the casino world of spammers are very busy finding an entrance into nuke..
I get attacks by bots now atleast a few times a week.
Whats all behind this i dont know,but i strongly suggest you watch out with what you approve..
 
View user's profile Send private message
manunkind
Client


Joined: Apr 26, 2004
Posts: 368
Location: Albuquerque, NM

PostPosted: Sun Oct 30, 2005 9:53 am Reply with quote

Yeah, I get about 15-20 submittals a week for casino stuff. I just keep deleting. Smile
 
View user's profile Send private message Visit poster's website
hitwalker
PostPosted: Sun Oct 30, 2005 9:58 am Reply with quote

To your weblinks mod ?
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun Oct 30, 2005 11:59 am Reply with quote

Be sure spammers are always looking for new chances. I don t know why they are interested in our downloads-section. Got several mails.
Code:
String-: base-poker.com 

--------------------
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)
Query-String: ww w.mysite.com/modules.php?name=Downloads&d_op=viewdownload&cid=6&orderby=ratingA
Get String: ww w.mysite.com/modules.php?name=Downloads&d_op=viewdownload&cid=6&orderby=ratingA
 
View user's profile Send private message
hitwalker
PostPosted: Sun Oct 30, 2005 12:18 pm Reply with quote

well my guess is,is they are looking for form fields..
 
manunkind
PostPosted: Sun Oct 30, 2005 2:49 pm Reply with quote

hitwalker wrote:
To your weblinks mod ?


Yes.

We need a mod for Web Links where we can leave it open for Guests, but require a membership to submit links. Right now, if you turn it off for Guests, they can't even see the links at all. (I keep it turned on to Guests for the Search Spiders)

The ideal Web Links module would be open to everybody for viewing, but a switch in the Admin area to require memberships to actually submit links. That would fix this whole problem.
 
hitwalker
PostPosted: Sun Oct 30, 2005 2:57 pm Reply with quote

Huh?
Isnt that what we already have?
Mine is viewable,and you can submit but only on approval..
 
manunkind
PostPosted: Sun Oct 30, 2005 3:08 pm Reply with quote

But they can still submit links to the site.

I'm talking about as soon as they click the "Add Link" link, it checks for a membership and stops them right there. This would eliminate the Admins having to delete all these bogus submissions from spammers. (Spammers will not normally register an account)
 
hitwalker
PostPosted: Sun Oct 30, 2005 3:25 pm Reply with quote

oh...that,but i guess they havent created an auto form /bot yet..but as soon as they do that sentinel kicks them out..
 
Susann
PostPosted: Sun Oct 30, 2005 3:39 pm Reply with quote

@Manunkind
Maybe this could be done through a small piece of code, but is it really necessary ? I have my doubts, because we have also NukeSentinel.
And you are wrong .Time changes Spammers also register to reach their intensions. Of course there are different ways to spam.

-------
edit: I could tell you the different ways but why should I give such dirty spammers new ideas ? Therefore I don´post this public.
 
manunkind
PostPosted: Sun Oct 30, 2005 4:20 pm Reply with quote

Susann wrote:
@Manunkind
Maybe this could be done through a small piece of code, but is it really necessary ? I have my doubts, because we have also NukeSentinel.


NukeSentinel does not prevent this. I've been running NS since the very first version and I've always had to deal with Web Link Submissions Spam.
 
hitwalker
PostPosted: Sun Oct 30, 2005 4:31 pm Reply with quote

well then you must be a special case.
but i think you mean that people tried to abuse your weblinks..
cause im pretty sentinel prevents this.
if im wrong then i asume they jump in here..
 
manunkind
PostPosted: Sun Oct 30, 2005 4:49 pm Reply with quote

All I was saying above was that adding a check to the Add Link function should take care of all this.

But now I'm confused. How does NukeSentinel prevent a guest from clicking on the Web Links module, clicking on Add Link and submitting their information? And at the same time, allowing the exact same procedures for guests that are submitting valid and related links?
 
Susann
PostPosted: Sun Oct 30, 2005 4:51 pm Reply with quote

He is talking about people and no automatic programms. NukeSentinel works if they are in the blocks see above. Stop words e.g.like casino, poker used in blocks and forums can prevent this. Guests can add weblink. I have to think about it again.


Last edited by Susann on Sun Oct 30, 2005 4:58 pm; edited 1 time in total 
hitwalker
PostPosted: Sun Oct 30, 2005 4:57 pm Reply with quote

partly right susann but...
Before it get mixed up,were talking about bots for now...
the same auto stuff that wondered around in blog world a long time.
but now they finaly have thought off enough security tricks to ignore them.
and now they come to check out nuke world starting with guestbooks..
But as i said,its the posting that kills them,and the same thing will happen if they try that with the weblinks module.
atleast 2 times a week they still try it,then my guestbook is a victim by such a bot but sentinel blocks it completely..
 
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Sun Oct 30, 2005 6:20 pm Reply with quote

manunkind wrote:
But now I'm confused...

Now I'm confused... Very Happy

I shelled into my account and was digging through the code, when I realized it checks to see if you're logged-in before you can submit a web link. So, I tried it (which I should have done first)...

All visitors can see the web links, but you need to be a member and logged-in to submit a web link. Try it yourself...
Only registered users can see links on this board! Get registered or login!

What am I missing here Question

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
hitwalker
PostPosted: Sun Oct 30, 2005 6:26 pm Reply with quote

well nice point you have there vin...
i never realise it cause im allways logged in as admin and member..
only on ocassions that i need some checking from a members p.o.v i login as only member...
 
Susann
PostPosted: Sun Oct 30, 2005 7:07 pm Reply with quote

Seems there are different weblink versions. It´s possible to add a link.

Is this the point ?

l_config

Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)
 
manunkind
PostPosted: Sun Oct 30, 2005 7:57 pm Reply with quote

Mine is the default 7.6 module and you CAN submit links as a guest.
 
manunkind
PostPosted: Sun Oct 30, 2005 8:01 pm Reply with quote

Susann wrote:
Is this the point ?

l_config

Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)


There it is! That should fix the problem. Thank you so much! Smile
 
Susann
PostPosted: Sun Oct 30, 2005 8:04 pm Reply with quote

Very Happy Fine
 
VinDSL
PostPosted: Sun Oct 30, 2005 10:50 pm Reply with quote

Susann wrote:
l_config

Doh! That's hilarious! Good catch, Susann!

Note to self: Don't attack problem[s] before first pot of coffee! Mr. Green
 
myrtletrees
Involved
Involved


Joined: Sep 13, 2005
Posts: 259
Location: Cornfields of Indiana

PostPosted: Thu Jun 28, 2007 6:20 am Reply with quote

Ok I'm confused!
Which is not hard for me.

In my l_config file it was already set to
$blockunregmodify = 1;

However, unregistered users are still spamming my Weblinks Submission area.
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Jun 28, 2007 6:25 am Reply with quote

What version of Nuke are you using?

I believe it is possible to bypass this check in some versions of Nuke.

This should be fixed in RN and you can also enable the captcha in rnconfig.php for submissions.
 
View user's profile Send private message
myrtletrees
PostPosted: Thu Jun 28, 2007 6:34 am Reply with quote

Nuke 7.6 Raven...

ahh I found it..and it is opposite of the norm

$links_anonaddlinklock: Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)

1 is usually Yes, and 0 is usually No....
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - Other

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©