Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's
Author Message
seventys
New Member
New Member


Joined: Aug 02, 2006
Posts: 12

PostPosted: Mon Jun 18, 2007 6:19 pm Reply with quote

Here is a very simple hack, to stop spammers from posting porno links into news comments !

Code tested for PhpNuke 8.0 :

Open the file modules/News/comments.php

Find the lines :

Code:


      if ($nuke_editor == 0) {
          echo "<font class=\"content\">"._ALLOWEDHTML."<br>";
          while (list($key,) = @each($AllowableHTML)) echo " &lt;".$key."&gt;";
          echo "</font><br><br>";
      } else {
         echo ""._HTMLNOTALLOWED."</font><br><br>";
      }


Remplace to :
Code:


    if ($nuke_editor == 0) {
        echo "<font class=\"content\">"._ALLOWEDHTML."<br>";
        while (list($key,) = @each($AllowableHTML)) echo " &lt;".$key."&gt;";
        echo "</font>";
    } else {
        echo ""._HTMLNOTALLOWED."</font>";
    }
    mt_srand ((double)microtime()*1000000);
    $maxran = 1000000;
    $random_num = mt_rand(0, $maxran);
    if (extension_loaded("gd") AND $gfx_chk != 0 ) {
        echo "<b>"._SECURITYCODE.":&nbsp;&nbsp;</b><img src='?gfx=gfx_little&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'>\n";
        echo "<b>"._TYPESECCODE.":&nbsp;&nbsp;</b><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\">\n";
        echo "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
    } else {
        echo "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";
    }


OPTIONAL : Removes post button, forces user to review before posting !
Find the line right after :

Code:


      ."<input type=\"submit\" name=\"op\" value=\""._OK."\"> "._GOBACK."\n"


Change to :
Code:


      .""._GOBACK."\n"


Find the line :

Code:
function replyPreview ($pid, $sid, $subject, $comment, $xanonpost, $mode, $order, $thold) {

  global $module_name, $user, $cookie, $AllowableHTML, $anonymous, $anonpost, $userinfo;


Add in global :

Code:
$gfx_chk, $sitekey


No resembles :

Code:
    function replyPreview ($pid, $sid, $subject, $comment, $xanonpost, $mode, $order, $thold) {

  global $module_name, $user, $cookie, $AllowableHTML, $anonymous, $anonpost, $userinfo, $gfx_chk, $sitekey;



Right below, juste after the line :
Code:
$pid = intval($pid);


Add :
Code:


    $datekey = date("F j");
    $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . filter($_POST['random_num'], "nohtml") . $datekey));
    $code = substr($rcode, 2, 3);
    if (extension_loaded("gd") AND $code != filter($_POST['gfx_check'], "nohtml") AND $gfx_chk != 0) {
    OpenTable();
    echo "<center><font class=\"title\"><b>"._SECURITYCODEERROR."</b></font></center>";
    CloseTable();
    include ("footer.php");
    die();
    }


At the end of the function, find :
Quote:
."<input type=submit name=op value=\""._PREVIEW."\">"


And REMOVE LINE

Open your LANGUAGE FILES, and add the following line :

Code:
define("_SECURITYCODEERROR","ERROR ! You have entered a bad code !<br>[ <A href=\"javascript:history.go(-1)\">Return</A> ]");



Thats it ! the spam bot has to input the code, before they can post !

DEATH TO SPAMMERS !
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Tue Jun 19, 2007 12:18 am Reply with quote

How about upgrade to RavenNuke? Wink
 
View user's profile Send private message
seventys
PostPosted: Tue Jun 19, 2007 2:42 am Reply with quote

Great idea ! The only other "solution" was to disactivate the comments...... ;(

I also noticed, the bots are posting on OLD articles, deep in the archives of my sites; out of human site, but not google.....
 
jakec
PostPosted: Tue Jun 19, 2007 5:59 am Reply with quote

Unfortunately that is a common problem with other versions of Nuke. Sad
 
seventys
PostPosted: Tue Jun 19, 2007 6:06 am Reply with quote

ALL versions of Nuke you mean...... Well, this works, untill the bots hack the GFX image.....
 
jakec
PostPosted: Tue Jun 19, 2007 6:16 am Reply with quote

All versions except RavenNuke. Wink
 
seventys
PostPosted: Tue Jun 19, 2007 6:57 am Reply with quote

Not on the site here.... In fact, I tryed. And I was able to post a line of garbage, no prob.

On the other hand, if you could remove it for me..... Wink
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Tue Jun 19, 2007 7:18 am Reply with quote

Do you allow anonymous comment posting in your preferences? Do you have the latest patches?

I have never had a problem with this when anonymous comment posting is disabled, either on PHP-Nuke 7.9 with the 3.2 patches, or with RavenNuke.

This site here is not actually running the latest RavenNuke, I don't believe....

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Tue Jun 19, 2007 7:55 am Reply with quote

This site is NOT RavenNuke!

RavenNuke(tm) version 2.10.00 and above has a spam captcha built in that when enabled in the rnconfig.php (it is enabled by default), it effectively stops this. This is why everyone here is saying that RavenNuke(tm) has this issue solved already.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
jakec
PostPosted: Tue Jun 19, 2007 10:24 am Reply with quote

If you don't believe us I will give you a link to my test site and you can try and post some spam. Wink
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Tue Jun 19, 2007 10:59 am Reply with quote

seventys

you are right with hide button and the preview function. Preview before posting is a way to protect the forum from spam.
I had never a problem with comments spam but I´ve seen many, many sites filled with spam and the comment function was disabled for quests.
From the earliest versions of standard Nuke there was always a security problem with news, comments and sent to friend option.Sad
Of course the weblinks and the downloads had similar security issues.
In summary it may be said in my version didn´t exist a modul without a security problem. A reason for me to use only RavenNuke.

They changed the send to friend function later to fix this.
But if I where you I would observe this function also.

However, RavenNuke its protected like Montego said.

And Truden has made last year a cool mod to prevent comment spam in 7.6 and from the logic within the code I believe its a very good protection. Only registered users can see links on this board! Get registered or login!

If you are interested check also his newest forums mod "Trubar" the next version.
NukeSentinel does also a good job. Some days ago I got this for my unknown testsite .


Quote:
Date &amp; Time: 2007-06-12 13:19:52 CEST GMT +0200
Blocked IP: 69.125.84.90
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Query String: Only registered users can see links on this board! Get registered or login!
Get String: Only registered users can see links on this board! Get registered or login!
Post String: Only registered users can see links on this board! Get registered or login! Viagra Cialis Phentermine&alanguage=albanian&story=
autoca.org/_chat/00002486.htm <a href="autoca.org/_chat/00002486.htm">Buy Cheap Viagra</a> [url=autoca.org/_chat/00002486.htm]Buy Cheap Viagra[/url]
rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm <a href="rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm">Tramadol Online</a> [url=rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm]Tramadol [/url]
etc.
etc.
&op=Vorschau
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Jun 19, 2007 12:11 pm Reply with quote

seventys wrote:
Not on the site here.... In fact, I tryed. And I was able to post a line of garbage, no prob.

On the other hand, if you could remove it for me..... Wink


As Montego said, this site is not RN. I have made so many hacks and customizations to this site (originally 6.5) that I have not had the time to transfer. But, I will (I hope).

To test RavenNuke(tm) Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
seventys
PostPosted: Wed Jun 20, 2007 4:11 am Reply with quote

Ok ok ! Wink My sites all have members only comments, but that doesn't stop them....

I like the hack, at least it forces a few more manipulations, enough to stop most spam. I also have Nukesentinal, but it doesnt stop everything....

Just keep ahead of them !
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> How To's

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©