| Author |
Message |
recep
Hangin' Around
Joined: Dec 11, 2005
Posts: 44
|
 Posted:
Mon Jan 23, 2006 5:30 pm |
|
Hello friends, l have a request from you,
l had a script on my forums which redirect you to google, some of my guests posted it into my forums in [ Only registered users can see links on this board! Get registered or login! ] but its in turkish lang,
anyway ?
my question will : whats the reason of this script accepted by the forum security ?
is it a bug of phpbb ?
is it a bug of nuke ?
is it a bug of editoer ?
is it a bug or just redirecting ?
if its a bug why nukesentinel didnt secured it ?
l know some of them silly but l need some answers to learn..
thanks.. |
_________________
[ [ Only registered users can see links on this board! Get registered or login! ] ] + [ [ Only registered users can see links on this board! Get registered or login! ] ] |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Mon Jan 23, 2006 9:02 pm |
|
It would help to know what version of PHP-Nuke you are using, and what version of NukeSentinel. If you are using PHP-Nuke 7.7 or later, there is no way to prevent that from happening, even with NukeSentinel, since the HTML checking (which would prevent this) was effectively disabled in 7.7 and 7.8. |
_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Jan 23, 2006 10:38 pm |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Tue Jan 24, 2006 6:40 am |
|
If they are standard spam messages, and you do not want them, you may slow them down considerably by requiring registration in order to post in your Forums. I had to do that on another site because someone was spamming adult links to it! Have not received a spam post since. It may also be possible that these spammers are doing these things with some form of automated process (not 100% certain), so it may be possible, by looking through you logs, to find out what user agent string they are passing to you, and then you could add that to your string blocker OR if they are using a consistent IP address or range, you could ban them that way too. |
_________________
Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
|
recep
|
| Posted:
Tue Jan 24, 2006 3:10 pm |
|
| kguske wrote: | | It would help to know what version of PHP-Nuke you are using, and what version of NukeSentinel. If you are using PHP-Nuke 7.7 or later, there is no way to prevent that from happening, even with NukeSentinel, since the HTML checking (which would prevent this) was effectively disabled in 7.7 and 7.8. |
php version is 4 and php-nuke version is 7.6 3.1 patched, thanks for ur interest. l presently disabled html code from the forums, but ld ont know the real solution. |
Last edited by recep on Tue Jan 24, 2006 3:18 pm; edited 1 time in total |
|
|
|
|
recep
|
| Posted:
Tue Jan 24, 2006 3:14 pm |
|
| evaders99 wrote: | | Looks like they are just standard spam messages. They post their links everywhere to try to get a better rating on google and other search engines |
evaders, friend l really didnt understand what you mean, if l try to think friendly 
anyway the code that was posted to my forums is :
Code:<B C='>' onmouseover='alert(document.location="http://www.google.com")' X='<B
'> MOUSE İLE BURANIN ÜSTÜNE GELİNNNN</B>
|
this. anyway its not a bad code my guest try to warn me..
thanks.. |
| |
|
|
|
|
recep
|
| Posted:
Tue Jan 24, 2006 3:17 pm |
|
| montego wrote: | | If they are standard spam messages, and you do not want them, you may slow them down considerably by requiring registration in order to post in your Forums. I had to do that on another site because someone was spamming adult links to it! Have not received a spam post since. It may also be possible that these spammers are doing these things with some form of automated process (not 100% certain), so it may be possible, by looking through you logs, to find out what user agent string they are passing to you, and then you could add that to your string blocker OR if they are using a consistent IP address or range, you could ban them that way too. |
montego l am having trauble understand these kinds of messages, why should l send spam messages, ? l have about 10 websites over net but l know l am very new in php and php-nuke, thats why l start to join ravens after nuke cops and nukescripts if u dont want that its okey for me.
l was sending my friends to get help in these forums... why should l use spam ?
these kinds of messages hurting me anyway..  |
| |
|
|
|
|
montego
|
| Posted:
Tue Jan 24, 2006 7:00 pm |
|
recep, You have misunderstood my post. I am offerring a suggested solution that I have personally used on my sites to stop these kinds of posts.
I have locked down my forums on several sites to require a user to be a registered user in order to post rather than just an anonymous user. This has cut down ALL of these types of "spam" messages in my forums. I was offerring that up as a suggestion to you for your forums. Mark them all as type "Registered" within the Forum Permissions and you may see these issues go away.
 |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Tue Jan 24, 2006 7:54 pm |
|
Against spammers in the forums it´s the best way you use the mod hide links (there are two other mods maybe they are also interesting e.g.yellow card) , your rules are clear (whats allowed and whats forbidden) you can also use the wordfilter in your forum and of course only registered users can post. There are different links and for some links it´s possible to earn points or maybe money. So this links aren´t allowed in our forum but there are always people who registered just to post her links it ´spam. |
| |
|
|
|
|
evaders99
|
| Posted:
Tue Jan 24, 2006 10:05 pm |
|
It could also be hackers trying to test for vulnerabilities in your system. Often they will do that in prepreration for a major attack to follow. |
| |
|
|
|
|
recep
|
| Posted:
Wed Jan 25, 2006 6:00 am |
|
| montego wrote: | recep, You have misunderstood my post. I am offerring a suggested solution that I have personally used on my sites to stop these kinds of posts.
I have locked down my forums on several sites to require a user to be a registered user in order to post rather than just an anonymous user. This has cut down ALL of these types of "spam" messages in my forums. I was offerring that up as a suggestion to you for your forums. Mark them all as type "Registered" within the Forum Permissions and you may see these issues go away.
|
Montego l understand your post now and sorry for missunderstanding and thanks for ur helps..
Other Helper friends, thanks for ur advises l will do what u suggest me..
l am adding now the keywords not allowed in forums and l will search around how to block direct links in forums..
and yes they can ( hackers ) try the security issues of my new site its normal, thats why l made this , this is my newest (first) php-nuke site l prepared myself and it will not be last  this is just a test center for me..
thanks..... |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
