Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
warren-the-ape
Worker
Worker


Joined: Nov 19, 2007
Posts: 196
Location: Netherlands

PostPosted: Sat Jul 11, 2009 9:20 am Reply with quote

Ey guys, I thought this wouldn't happen at my site but it happened anyway, well better late than never I guess Rolling Eyes

Running php-nuke 7.9 (patched) with nukesentinel here.

In the past we already experienced some spam, mainly in the article/news comments but never in the forum (bb2nuke 2.0.23), and not something that continued for 2 days.

It started yesterday with a couple of bots signing up, activating their account and spamming the forum with all kinds of crap.

The bots are from all over the place, UK, India, Russia etc. and also the spam varies a lot.
Atm I'm just deleting the posts and accounts in the hope that it will stop at some point Wink

I already found; Only registered users can see links on this board! Get registered or login!
Which pointed me to a phpbb mod Only registered users can see links on this board! Get registered or login!

Thing is, they don't sign-up through the phpbb register process but the standard php-nuke register page, so.. nice mod but not very helpful I guess.

If I look in my logs I see they access the registration page;

Code:
www.website.com/modules.php?name=Your_Account&op=new_user

And then request the captcha pic;

Code:
http://www.website.com/modules.php?gfx=gfx&random_num=712887


So I guess they read it out with some sort of OCR software?

I also thought about installing the Approve Membership module. Thing is that I made quite some changes to various files included. Why can't those guys just supply the hacks needed just like the phpbb mods out there Cool


Is there anything I can do about this? I red something about adding a 'yes' 'no' checkbox to the registration process to see if it's a bot or not.

"Are you a bot" [yes] [no] - not sure if that will help at all?

I'm kinda at a loss here as you may have noticed Wink
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Sat Jul 11, 2009 11:39 am Reply with quote

This is a known problem with all phpNuke versions, which is why we switched for a different CAPTCHA system in RavenNuke (tm).
They are not so much reading the CAPTCHA as forcing their own value.
If you can't or won't migrate to RavenNuke(tm), it should not be too hard to modify the registration page to add another form value.
I don't remember off-hand but I think the function new_user you could add a textarea input and ask the user to type in a specific word or a checkbox or radio button.

And then which ever function deals with processing the (confirmUser?) add something like
Code:


if(!$_POST['inputname'] =  $value;
redirect
 
View user's profile Send private message Send e-mail
warren-the-ape
PostPosted: Sat Jul 11, 2009 3:08 pm Reply with quote

Thnx for your reply Guardian, but wow forcing their own captcha's, didn't know that was possible?

Anyway, I just wondered if there were more solutions to battle this problem. I'm not even sure an extra check box in the registration process would work?

I believe there was a topic from Dad137(?) asking for a similar IP check tool. It would be great to have something like this built-in into NS for example.
Pretty much all those IP's are flagged over at Only registered users can see links on this board! Get registered or login!

But wasn't it you Guardian who built a similar tool but shut it down cause nobody would submit new spammers?

I see if I can fiddle around with the registration fields although my php knowledge is nowhere near my html/css knowledge. Understanding yes but building from scratch is perhaps a bridge too far Wink
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Sat Jul 11, 2009 4:46 pm Reply with quote

The problem is that we're very much focused on producing a high quality CMS rather than trying to patch older *nukes. We keep improving upon RN all the time and if you are not using it, you can't benefit from those efforts. Sure wish you would consider migrating.

However, some type of spam stopper capability within NS might not be a bad idea. Another tool in the tool chest.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
slackervaara
Worker
Worker


Joined: Aug 26, 2007
Posts: 236

PostPosted: Sat Jul 11, 2009 11:05 pm Reply with quote

I have used bbantispam or Advanced Textual Confirmation for two years now and I have not had a single spam, despite guests are allowed to post in the forum. Easy to install and if the installation code is put in config.php all spam in PHP-Nuke is stopped effectively.
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Guardian2003
PostPosted: Sat Jul 11, 2009 11:34 pm Reply with quote

Just remember, stopping automated registrations and stopping spam should be seen as two different efforts. phpNuke and older versions of phpBB were notoriously vulnerable to automated registrations so stopping that with a simple form modification would give you most bang for the buck.
Human nature being what it is, people don't want to spend time on one site just to post spam, so stopping automated processes will cut spam by 90 odd %

If you wanted to be really devious, you could actually change one of the input field names and then on the processing of the form, if the renamed input field has a value because it was filled by a bot, you could sent them to NS Smile
I use a similar technique in robots.txt to send spider/bots that don't adhere to my robots.txt instructions to oblivion.
 
montego
PostPosted: Sun Jul 12, 2009 8:07 am Reply with quote

G, that is a very interesting idea!
 
warren-the-ape
PostPosted: Sun Jul 12, 2009 2:19 pm Reply with quote

slackervaara wrote:
I have used bbantispam or Advanced Textual Confirmation for two years now and I have not had a single spam, despite guests are allowed to post in the forum. Easy to install and if the installation code is put in config.php all spam in PHP-Nuke is stopped effectively.
Only registered users can see links on this board! Get registered or login!


That's looking very nice and simple Slacker, thnx for the link! I will certainly give this a try. This would actually be very similar to an extra/hidden "are you a bot" checkbox in the registration process.

@ Guardian
The mod described by Slackervaara will actually stop spam from the root > the registration form.

@ Montego
Yeah yeah I know, you don't have to repeat it for me Wink I'm well aware that you guys are abandoning the old nuke versions more and more, but I guess that even RN is not completely spam free. Atm I don't have the time and energy to migrate since i have a lot of other stuff going on, the cms is running ok (apart from the spam bots since yesterday), and I made quite a lot of custom changes.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©