Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
pudbat
New Member
New Member


Joined: Mar 05, 2005
Posts: 20

PostPosted: Sun Mar 20, 2005 12:19 pm Reply with quote

hello everyone, just had a quick question and i hope i'm posting in the correct place. i started noticing very strange things happening in my review comment section-someone keeps posting these strange bronze links
i left one up so you can view... Only registered users can see links on this board! Get registered or login!

has anyone seen this before? there is no name after the "posted by' part, so i don't know how to block them or how they post because anonymous users aren't supposed to leave comments, i double checked that it was on.

can anyone help me stop the bronze bandit?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Mar 20, 2005 1:08 pm Reply with quote

I just sent a test comment and it accepted it. What setting is it that you think blocks anonymous users from posting a comment to Reviews? You would need to restrict it to Registered users only.
 
View user's profile Send private message
Raven
PostPosted: Sun Mar 20, 2005 1:35 pm Reply with quote

I found that crap in mine also. I have disabled Comments by altering the code and that will still allow visitors to read the reviews. A better solution would be to require admin approval of all comments, the same as with reviews.
 
pudbat
PostPosted: Sun Mar 20, 2005 1:46 pm Reply with quote

hey, Raven, in preferences it is set up like this, Allow Anonymous to Post? no

is there another setting to restrict it to Registered users only?
 
Raven
PostPosted: Sun Mar 20, 2005 2:47 pm Reply with quote

That's for NEWS, not Reviews.
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6793
Location: Ha Noi, Viet Nam

PostPosted: Tue Mar 22, 2005 3:08 am Reply with quote

Just found this on my site too, took ages to clear all those comments.
I think there is a need here to add extra checking in the function_comments() for those that wnat ot keep the reviews module set to all visitors but restrict comments posting to registered users.
I'm going to check my logs to see if I can find a common denominating IP for the times the comments were posted and the access logs of IP tracker and Matys Web Analysis module.
If I find anything I'll post back if I can verify and confirm the offending IP (assuming they were not using a proxy list).
 
View user's profile Send private message Send e-mail
sixonetonoffun
Spouse Contemplates Divorce


Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Mar 22, 2005 9:21 am Reply with quote

It shouldn't be to hard to patch those comments something like this
if(!is_user($user)){Header("Location: modules.php?name=Your_Account&op=login&redirect=Reviews");}

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
pudbat
PostPosted: Tue Mar 22, 2005 9:45 am Reply with quote

i'll give that a try, sixonetonoffun, which file does that get added to?
 
Raven
PostPosted: Tue Mar 22, 2005 10:15 am Reply with quote

I get bogus users almost every day trying to add accounts for "other" purposes. While that may slow them down, they can still enter a bogus user account and do their damage. Imo, the best modification would be to require admin approval on comments, just like on the original review. Which, when you think about it, only makes sense. Why only approve the review Laughing ? For now, I have just blocked all comments from reviews.
 
CurtisH
Life Cycles Becoming CPU Cycles


Joined: Mar 15, 2004
Posts: 638
Location: West Branch, MI

PostPosted: Tue Mar 22, 2005 10:33 am Reply with quote

May I ask how you achieved that?

_________________
Those who dream by day are cognizant of many things which escape those who dream only by night. ~Poe 
View user's profile Send private message Visit poster's website Yahoo Messenger
Raven
PostPosted: Tue Mar 22, 2005 10:57 am Reply with quote

As one of my mentors once said, "you may ask" ROTFL

In modules/Reviews/index.php, functions postcomment and savecomment, I added these lines of code right after the OpenTable();
Code:
    echo "This function is disabled.  You have tried to directly access this and your IP has been logged.  After investigation your IP may be banned from this site if it is determined that you didn't just happen to wander in here.";

    CloseTable();
    include('footer.php');
    die();
 
CurtisH
PostPosted: Tue Mar 22, 2005 11:03 am Reply with quote

Thank you Raven. Smile
 
CurtisH
PostPosted: Tue Mar 22, 2005 9:39 pm Reply with quote

sixonetonoffun wrote:
It shouldn't be to hard to patch those comments something like this
if(!is_user($user)){Header("Location: modules.php?name=Your_Account&op=login&redirect=Reviews");}


Has this been tried yet?
 
Raven
PostPosted: Tue Mar 22, 2005 9:58 pm Reply with quote

As I said, all that that will do is force a user to login. It doesn't prevent them from posting garbage.
 
pudbat
PostPosted: Tue Mar 22, 2005 11:06 pm Reply with quote

i'd like to have them have to log in to post, because then i can still have user input for the reviews and an easy way to deal with the people that post crap and i don't really want to approve every one.

i'd like to try sixonetonoffuns code may i ask what file i need to add it to?
 
Raven
PostPosted: Tue Mar 22, 2005 11:18 pm Reply with quote

modules/Reviews/index.php
 
Guardian2003
PostPosted: Wed Mar 23, 2005 9:49 am Reply with quote

I think the point Raven was trying to make (correct me if I'm wrong Gaylen) but having a forced user log-in is one thing, tracing a logged in user is not so simple given that they will probably be using a list of proxy servers or indeed spoofing the IP and also, probably using a free 'throw away' email account to register on the site - making banning them difficult as you may well ban a legitimate IP address.

I have managed to ascertain, by comparing the time of the comments posting and the accessing the appropriate url at that time, over 20 different IP addresses had been used on my site for the purposes of spamming the comments area.

The only sure way of preventing an occurance is by intercepting the comment posting and having it manually checked by the site admin prior to posting or disabling comment posting altogether.
 
Raven
PostPosted: Wed Mar 23, 2005 9:59 am Reply with quote

Exactly!
 
pudbat
PostPosted: Wed Mar 23, 2005 12:32 pm Reply with quote

just out of curiosity what do people like this have to benefit from this spam-- what do they get out of it, traffic? there is like 30 different links.
Do some people enjoy writing spamming programs to simply annoy others, or is it usually about getting traffic?
 
skeen
Hangin' Around


Joined: Jul 17, 2003
Posts: 29

PostPosted: Wed Mar 23, 2005 3:50 pm Reply with quote

I have changed the links for my reviews comments and have pointed them to an appropriate area on the forums.
They can read all they like but cant post unless they have joined the site.
I feel it gives more control over the poster, maybe wrong but it has worked thus far.
 
View user's profile Send private message
pudbat
PostPosted: Wed Mar 23, 2005 11:09 pm Reply with quote

skeen wrote:
I have changed the links for my reviews comments and have pointed them to an appropriate area on the forums.
They can read all they like but cant post unless they have joined the site.
I feel it gives more control over the poster, maybe wrong but it has worked thus far.


how did you do that, skeen?
 
ladysilver
Hangin' Around


Joined: May 03, 2004
Posts: 49
Location: Cyberspace

PostPosted: Thu Mar 24, 2005 3:05 am Reply with quote

At one point I had to turn off comments at two of my sites, a PHP-Nuke & a Nucleus, because of spam comments. Not "bronzed", but tons of links to casino sites couched in nonsense statements. Google, MSN, and Yahoo are trying to address the comment-spam issue by making the posting of spam links worthless:
Only registered users can see links on this board! Get registered or login!

Quote:
From now on, when Google sees the attribute (rel="nofollow”) on hyperlinks, those links won’t get any credit when we rank websites in our search results. This isn’t a negative vote for the site where the comment was posted; it’s just a way to make sure that spammers get no benefit from abusing public areas like blog comments, trackbacks, and referrer lists. (...)

We’ve also discussed this issue with colleagues at our fellow search engines and would like to thank MSN Search and Yahoo! for supporting this initiative. (...)

We encourage you to use the rel="nofollow” attribute anywhere that users can add links by themselves, including within comments, trackbacks, and referrer lists.


I know it's not a solution in and of itself, but it might take away much of the incentive for spam comments.
 
View user's profile Send private message Visit poster's website ICQ Number
skeen
PostPosted: Sun Mar 27, 2005 10:02 pm Reply with quote

Sorry for the delay in reply pudbat..

Ok create the forum you want to use for comments then look for the following.

Ok in Reviews module or MRReviews module whichever the case look in index.php, for phpnuke it is around line 570 for the following

echo "[ <a href=\"modules.php?name=MReviews\">"._RBACK."</a> | "
."<a href=\"modules.php?name=MReviews&op=list_revs&cid=$row[cid]\">"._BACKTO." $row2[title] "._INDEX."</a> | "
."<a href=\"m o d ules.php?name=Forums&file=index&c=5 \">"._REPLYMAIN."</a> ]";


You will see i have highlighted where you need to put the code and I have had to add some spaces so this forum would accept the code.

In Nuke Platinum it is around line 706 and the same applies.

Hope this helps as I am only a weekend warrior so to speak when it comes to coding, but if i can help i will try.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©