Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
jimmo
Worker
Worker


Joined: Dec 08, 2005
Posts: 107

PostPosted: Sat Jun 10, 2006 5:25 am Reply with quote

Hi All!

As I mentioned in another post, I've been hit by the comment spammers. I have also had a large number of Feedback spams. They are a lot less annoying in that I can more easily delete them. However, they are still annoying and I am looking for a way to block them. I have already implemented a couple of things to prevent comment spamming by blocking known domains and thus preventing them from creating accounts (anonymous comments are not allowed).

I have seen in a few places references to mods that allow random graphical codes. Unfortunately my search for the actual mods/code has been fruitless. So, I was hoping that someone here would be able to point me to the right place.

I am currently using HA Nuke 7.6 and I cannot *yet* move to RavenNuke.

Any help is greatly appreaciated.

Regards,

jimmo
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sat Jun 10, 2006 5:34 am Reply with quote

An interesting idea. VinDSL did some work to prevent feedback spam, and has a download available, I think.

Are you suggesting a CAPTCHA-like graphical security code for posting comments? An interesting idea...but, if you control membership and require it to post a comment, doesn't that address that issue?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sat Jun 10, 2006 5:42 am Reply with quote

When you refer to Feedback spams, do you mean you are recieving email from the Feedback module?
If so, the only way to prevent that is to either set permission to registered users or disable it - the Feedback module is doing exactly what it was designed to do.

I have not seen any mods myself that use the random security image image on a per module basis, except for downloads but I'm sure someone will respond if they are aware of anything.
Have you now set all you modules (except Your Account' to registered users only?
 
View user's profile Send private message Send e-mail
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sat Jun 10, 2006 5:57 am Reply with quote

Guardian2003 wrote:
When you refer to Feedback spams, do you mean you are recieving email from the Feedback module?
If so, the only way to prevent that is to either set permission to registered users or disable it - the Feedback module is doing exactly what it was designed to do.

I have not seen any mods myself that use the random security image image on a per module basis, except for downloads but I'm sure someone will respond if they are aware of anything.
Have you now set all you modules (except Your Account' to registered users only?


Wherever it´s possible to add links you ´ll recieve spam links. You can prevent this like Guardian said to set this to registered users only but that´s not really a solution because if you have a guestbook would you set this also to registered users only ? I personally have never used that feedback module in Nuke 6.5 instead I´m using a contact us form but I got also spam entries. I blocked this known spammer with cidr and they never came back. However the next step I ll do is to integrate there a good captcha. To integrate in Articles/News a captcha seems also a good solution.


Last edited by Susann on Sat Jun 10, 2006 6:14 am; edited 1 time in total 
View user's profile Send private message
jimmo
PostPosted: Sat Jun 10, 2006 6:13 am Reply with quote

I feel Feedback should be available to everyone, wether registered or not, so I am not happy with the idea of blocking it. Any method that requires human interaction is a happy thing as it seems unlikely that someone would actually bother to manually post spams like this.

One alternative to a security code (a la CAPTCHA) would be to block the IPs as Susann does. That requires manual intervention but also prevents people from sending spams like that manually.
 
kguske
PostPosted: Sat Jun 10, 2006 6:19 am Reply with quote

You might be surprised at the lengths to which spammers go to ply their trade... My thought is to use VinDSLs approach - verify the email address with all available methods, edit / strip html from the post, etc. Make the effort on the part of the spammer without affecting people who have legitimate feedback.
 
jimmo
PostPosted: Sat Jun 10, 2006 6:41 am Reply with quote

kguske wrote:
You might be surprised at the lengths to which spammers go to ply their trade... My thought is to use VinDSLs approach - verify the email address with all available methods, edit / strip html from the post, etc. Make the effort on the part of the spammer without affecting people who have legitimate feedback.


No, I wouldn't. I've been doing this long enough to stop being surprised anything spammers do. Wink

Obviously anything where I block specific IPs or domains means there is a potential for blocking legitimate users. However, the sheer volume of trash I have to clean up makes it a necessity to take that risk. I might go with the "all available methods" aspects since I am not sure it would be worth the effort to verify the domain, or compare it or the IP to a blacklist, but it might be worth the effort in the future. Still, the attitude of making the spammers do a lot of work is a good approach.
 
Guardian2003
PostPosted: Sat Jun 10, 2006 8:14 am Reply with quote

I would ceratinly agree with kguske - if you are using the feedback module, use the one that VinDSL did that is included in Raven Nuke due to its additional security features.
 
checksum
Hangin' Around


Joined: Jun 30, 2003
Posts: 39

PostPosted: Sun Jul 30, 2006 6:23 pm Reply with quote

That's what I am using ( Feedback by WinDSL, and I get a lot of spams. The idea of using a security code in feedback or contact form will reduce the amount of spams. I looked and I could not find such a mod
 
View user's profile Send private message
Guardian2003
PostPosted: Mon Jul 31, 2006 4:49 am Reply with quote

Remember that the feedback module is basically an online form processor. Although the object of having it is so that people can leave you feedback, it can also be abused.

A couple of my sites attracted people using this to spam me with garbage but it stopped once I set it to registered users - apparently it is too much trouble to sign up to send spam lol.
I was hoping they would register so I could ban their IP.
 
checksum
PostPosted: Mon Jul 31, 2006 5:00 am Reply with quote

People should not have to register to contact you or leave you a feedback.
 
Guardian2003
PostPosted: Mon Jul 31, 2006 5:11 am Reply with quote

I know we shouldn't have to but its a sad fact remains that spammers will take advantage of anonymous access.

Although a captcha would be nice it will not stop manually sent spam or the more sophisticated bots.
To really tighten it up, you would need to send the data to a DB table, use a captcha on the form processing and email validation to actually trigger the 'send' from the data stored temporarily in the DB to the webmaster.
Another advantage of storing data inthe DB is that you could then (in the case of none free email accounts) add a function that would block firther submissions from that sender.
 
guidyy
Worker
Worker


Joined: Nov 22, 2004
Posts: 208
Location: Italy

PostPosted: Mon Jul 31, 2006 7:16 am Reply with quote

there are only 2 things you can do to avoid spam.
1) make plain html pages with no forms.
2) stop having a website and go fishing.

you can limit it, making comments, posting, reviewing only for members.
you can check if members are humans and not robots by using visual code
you can display links only to members.
you can block single IPs countries, domains, referers , you can block sentences and words BUT you will get spam.
Asking people to sign up for accessing your site means loosing a lot of visitors.
I'm getting sick of registering everywhere I go o get a download, or looking at content. Most of the time I go look elsewhere.
Face it: you need to spend some of your time deleting crap from your database. Sad but true.
Guido
 
View user's profile Send private message Visit poster's website MSN Messenger
checksum
PostPosted: Mon Jul 31, 2006 6:22 pm Reply with quote

I know you cannot get rid of it, but you can reduce it a great deal by putting a security code for the news comment and the contact, that way the spam script wont be able to post comment.

I have deactivated the news comment on my site because of the amout of spams I was getting, it was only opened to register users, but he managed to register and post spams.

Recently I have been getiing tremendous amount of spams in the news comment section although I disable it, I get this from sentinel every 5 min:

Quote:
Date & Time: 2006-07-31 05:15:37 CDT GMT -0500
Blocked IP: 213.249.155.244
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: none
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login! trades&comment=<a
..
...
.....spam..
.......spam....
Forwarded For: 10.2.114.11
Client IP: none
Remote Address: 213.249.155.244
Remote Port: 38563
Request Method: POST
--------------------
Who-Is for IP
213.249.155.244




OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: Only registered users can see links on this board! Get registered or login!

NetRange: 213.0.0.0 - 213.255.255.255
CIDR: 213.0.0.0/8
NetName: RIPE-213
NetHandle: NET-213-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at Only registered users can see links on this board! Get registered or login!
RegDate:
Updated: 2005-07-27


What does the Forwarded For: IP means? Is that the orginal IP address?
 
Guardian2003
PostPosted: Mon Jul 31, 2006 7:08 pm Reply with quote

Looks like it might be, though it is in the IANA reserved range which is interesting.
 
checksum
PostPosted: Mon Jul 31, 2006 11:44 pm Reply with quote

I think the blocking of IP address is useless, unless you know real domain name of the script.
 
checksum
PostPosted: Wed Aug 02, 2006 7:32 am Reply with quote

Would BLOCK PROXIES (strongest level) in sentinel admin help?
 
checksum
PostPosted: Thu Aug 03, 2006 6:02 am Reply with quote

Only registered users can see links on this board! Get registered or login!

try this , it works for me for the comments
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©