| Author |
Message |
VinDSL
Life Cycles Becoming CPU Cycles
Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com
|
 Posted:
Mon Jul 24, 2006 4:43 am |
|
I discovered I had 3900+ of them in my download comments today... 
Here's a cute little fix! Testing it as we 'speak'... Anyone interested?
 |
_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: VinDSL's Lenon.com | The Disipal Site ::. |
|
 
 |
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Mon Jul 24, 2006 4:58 am |
|
i dont have that problem...  |
| |
|
|
|
|
VinDSL
|
| Posted:
Mon Jul 24, 2006 7:44 am |
|
Man, I guess they think I do...
If you pardon the pun, here's my test bed. 
I just cleared the (ahem) dead wood a couple of hours ago! |
| |
|
|
|
|
hitwalker
|
| Posted:
Mon Jul 24, 2006 7:47 am |
|
|
|
|
|
VinDSL
|
| Posted:
Mon Jul 24, 2006 7:53 am |
|
Heh! Maybe I should change that wording!
Sounds like my site was hacked (by myself)...  |
| |
|
|
|
|
hitwalker
|
| Posted:
Mon Jul 24, 2006 7:59 am |
|
mmm, have a coffee vin.. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Mon Jul 24, 2006 8:59 am |
|
| Quote: | | Anyone interested? |
Your kidding right? Give me, give me.......
Nice to see you about mate, thought you were bedridden (pun intended). |
| |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
| Posted:
Mon Jul 24, 2006 10:57 am |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Mon Jul 24, 2006 8:33 pm |
|
|
|
|
|
sledster
New Member
Joined: Jul 24, 2006
Posts: 5
Location: Fairbanks, Alaska
|
| Posted:
Mon Jul 24, 2006 10:52 pm |
|
heya Vin, I have been waiting for you to give me access to your site as a member. I wanted to check out more of your great work you have done with Blocks and Mods
Anyways, still waiting on if I can be a member...
Thanks Sledster |
| |
|
 |
|
VinDSL
|
| Posted:
Tue Jul 25, 2006 1:50 am |
|
Heh! It would appear the game is afoot, my friends!
 |
| |
|
|
|
|
kguske
|
| Posted:
Tue Jul 25, 2006 1:58 pm |
|
Sad...such a waste of valuable brain tissue...
Keep up the good work, VinDSL! |
| |
|
|
|
|
VinDSL
|
| Posted:
Tue Jul 25, 2006 3:25 pm |
|
Okay, this is all preliminary, but it's working pretty good...
The hack is in the 'viewdownloadcomments function' in 'modules/Downloads/index.php'
[ Only registered users can see links on this board! Get registered or login! ]
I've been leaving the sql db alone -- just modifying the display!
It's a LOT easier to find & delete these evil entries, in the db, by doing a search query for 'http' in the 'ratingcomments' field, in the 'downloads_votedata' table... and a LOT easier to debug modifications to the code, e.g the hack!
Later on, I'll probably add a button to the download admin panel, for a one-click solution, but this will do for now. I like using phpMyAdmin anyway! |
| |
|
|
|
|
kguske
|
| Posted:
Tue Jul 25, 2006 3:34 pm |
|
|
|
|
|
VinDSL
|
| Posted:
Tue Jul 25, 2006 3:50 pm |
|
Use with a 'grain of salt'... It's NOT a drop-in!
I started making a custom download module (interface) about 3 years ago, and never got back to it, so the code is a mess, but I commented the pertinent stuff... |
| |
|
|
|
|
kguske
|
| Posted:
Tue Jul 25, 2006 3:56 pm |
|
Didn't you also create an enhanced feedback module with lots of additional checks, etc.? I see the flash feedback module on your site, but that doesn't seem to be the one I am thinking of... |
| |
|
|
|
|
VinDSL
|
| Posted:
Fri Jul 28, 2006 2:35 am |
|
Update:
[ Only registered users can see links on this board! Get registered or login! ]
Continuing... |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Jul 28, 2006 12:05 pm |
|
|
|
|
|
VinDSL
|
| Posted:
Sat Aug 05, 2006 3:57 pm |
|
Okay, I'm happy with the first part (the display function). See the link above. It's been catching everything for the last week.
Now for the second part -- killing this stuff before it makes it into the sql db...
I horsed around with the code, last night, and ended up killing 100% (so far) of the spam tring to get into the rating comments. This is what I did...
Hacking the same file, '/modules/Downloads/index.php'
Near the top, I added:
Code:<snip>
require_once("modules/$module_name/d_config.php");
$index = 1;
// VinDSL - EvilTagR DSL definition
define("_COMPLETEVOTE7","Links Detected by EvilTagR DSL - Comments not saved.");
<snip>
|
Then, in the 'addrating function' I added:
Code:<snip>
/* Make sure only 1 anonymous from an IP in a single day. */
$ip = $_SERVER["REMOTE_HOST"];
if (empty($ip)) {
$ip = $_SERVER["REMOTE_ADDR"];
}
/* VinDSL - Check rating comments for evil links. */
if (preg_match("/(http|https|ftp)|(([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+)\.([0-2]*[0-9]+[0-9]+))/i", $ratingcomments)) {
$error = "evillink";
completevote($error);
$passtest = "no";
}
/* Check if Rating is Null */
if ($rating=="--") {
$error = "nullerror";
completevote($error);
$passtest = "no";
}
<snip>
|
A little further down, I changed:
Code:<snip>
/* Passed Tests */
if ($passtest == "yes") {
// VinDSL - Part of EvilTagR DSL Hack
$comment = stripslashes(FixQuotes(check_html(removecrlf($comment))));
/*$comment = stripslashes(FixQuotes($comment)); */
<snip>
|
Then, finally, I added:
Code:<snip>
function completevote($error) {
global $module_name;
include("modules/$module_name/d_config.php");
if ($error == "none") echo "<center><font class=\"content\"><b>"._COMPLETEVOTE1."</b></font></center>";
if ($error == "anonflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE2."</b></font></center><br>";
if ($error == "regflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE3."</b></font></center><br>";
if ($error == "postervote") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE4."</b></font></center><br>";
if ($error == "nullerror") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE5."</b></font></center><br>";
if ($error == "outsideflood") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE6."</b></font></center><br>";
// VinDSL - Part of EvilTagR DSL Hack
if ($error == "evillink") echo "<center><font class=\"option\"><b>"._COMPLETEVOTE7."</b></font></center><br>";
}
<snip>
|
Continuing... |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sat Aug 05, 2006 4:34 pm |
|
Shame you couldn't couple this with the forums censor word list to populate the $EvilWord array - it might provide a ready made interface for adding/deleting 'bad' words.
Excellent work Vin, love it! |
| |
|
|
|
|
Guardian2003
|
| Posted:
Thu Aug 17, 2006 3:50 am |
|
<Bumped> I want to follow up on this and don't want it scrolling off the page just yet. |
| |
|
|
|
|
Unit1
Worker
Joined: Oct 26, 2004
Posts: 134
Location: Boston
|
| Posted:
Sat Aug 19, 2006 11:36 am |
|
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
