Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules
Author Message
neralex
The Mouse Is Extension Of Arm


Joined: Aug 22, 2007
Posts: 1328
Location: Germany

PostPosted: Thu May 16, 2013 9:02 am Reply with quote

I have catched a issue while passing the errormsg in new_confirm.php of Your_Account, when the registration was blocked by nukeSPAM. The whole error-message with all the javascript is passed in a input hidden field and the sentinel block this pass with 'Abuse script' after i have clicked on 'Go Back'! kguske have currently not the time to check it so i have tried to find a solution.

I followed an idea to split the return of NukeSPAM in a array and pass only the language constants without the js-code.

open modules/NukeSPAM/nukeSPAM.php and find:

php Code:
	if ($spambot === true) return _SPAM_BLOCKED.'

<script type="text/javascript">
//<![CDATA[
eAdd="'.$eAdd.'"
eDom = "'.$eDom.'"
document.write(\'<A href="mailto:\' + eAdd + \'@\' + eDom + \'">\' + eAdd + \'@\' + eDom + \'<\/a><span style="display:none">\')
//]]>
</script>
'._SPAM_NOSCRIPT.'
<script type="text/javascript">
//<![CDATA[
document.write(\'<\/span>\')
//]]>
</script>
<br />';
else return '';
}

i have it changed to:

php Code:
	if ($spambot === true) {

$constant = _SPAM_BLOCKED;
$constant_ext1 = ': ';
$constant_ext2 = '!';
$jsadress = '<script type="text/javascript">' . PHP_EOL
. '//<![CDATA[' . PHP_EOL
. 'eAdd="' . $eAdd . '"' . PHP_EOL
. 'eDom = "' . $eDom . '"' . PHP_EOL
. 'document.write(\'<a href="mailto:\' + eAdd + \'@\' + eDom + \'">\' + eAdd + \'@\' + eDom + \'<\/a><span style="display:none">\')'
. '//]]>' . PHP_EOL
. '</script>' . PHP_EOL
. '<script type="text/javascript">' . PHP_EOL
. '//<![CDATA[' . PHP_EOL
. 'document.write(\'<\/span>\')' . PHP_EOL
. '//]]>' . PHP_EOL
. '</script>' . PHP_EOL
. '<br />' . PHP_EOL;

$return = array(
'constant' => $constant,
'constant_ext1' => $constant_ext1,
'constant_ext2' => $constant_ext2,
'eAdd' => $eAdd,
'eDom' => $eDom,
'jsadress' => $jsadress
);

} else {
$constant = '';
$constant_ext1 = '';
$constant_ext2 = '';
$jsadress = '';
$return = '';
}
return $return;
}


After that i have splitted the return in the new_confirm.php. One part to show the error-message and the other part to pass it into the hidden field.

open modules/Your_Account/public/new_confirm.php and find:

php Code:
// BEGIN:  nukeSPAM(tm)

if ( function_exists('nukeSPAM') and empty($errormsg) and empty($stop)) $errormsg .= nukeSPAM($ya_username, $ya_user_email);
// END: nukeSPAM(tm)

i have it changed to:

php Code:
// BEGIN:  nukeSPAM(tm)

if ( function_exists('nukeSPAM') and empty($errormsg) and empty($stop)) {
$nukeSPAM = nukeSPAM($ya_username, $ya_user_email);
$errormsg = $nukeSPAM;
} else {
$nukeSPAM = array();
}
// END: nukeSPAM(tm)


find in the same file:

php Code:
} else {

OpenTable();
echo '<div><form action="modules.php?name=' . $module_name . '&amp;op=new_user" method="post">';
echo '<div class="text-center title"><strong>' . _ERRORREG . '</strong></div><br /><br />' . $errormsg;
$errormsg = htmlentities($errormsg);
echo '<input type="hidden" name="errormsg" value="' . $errormsg . '" /><br />';
echo '<input type="hidden" name="op" value="new_user" />';
}

i have it changed to:

php Code:
} else {

OpenTable();
echo '<div><form action="modules.php?name=' . $module_name . '&amp;op=new_user" method="post">';
echo '<div class="text-center title"><strong>' . _ERRORREG . '</strong></div><br /><br />';
if (function_exists('nukeSPAM')) {
echo '<div class="text-center title">' . $nukeSPAM['constant'] . $nukeSPAM['constant_ext1'] . $nukeSPAM['jsadress'] . '</div>'
, '<input type="hidden" name="errormsg" value="' . htmlspecialchars($nukeSPAM['constant'] . $nukeSPAM['constant_ext2'], ENT_QUOTES, _CHARSET) . '" /><br />';
} else {
echo '<div class="text-center title">' . $errormsg . '</div>';
$errormsg = htmlentities($errormsg);
echo '<input type="hidden" name="errormsg" value="' . $errormsg . '" /><br />';
}
echo '<input type="hidden" name="op" value="new_user" />';
}


open modules/NukeSPAM/language/lang-english.php and find:

php Code:
define('_SPAM_BLOCKED', 'ERROR: Your registration has been blocked by our spam filter. If you feel this is incorrect, please contact the site administrator for resolution: ');

i have it changed to:

php Code:
define('_SPAM_BLOCKED', 'ERROR: Your registration has been blocked by our spam filter. If you feel this is incorrect, please contact the site administrator for resolution');


Unfortunately, after that we have no more the email-adress in the error-message after the user has seen the message in the new_confirm.php, clicked on 'Go Back' and came back to the new_user.php. But is it really needed to have the email-addy here again? If yes, then someone have maybe a cool idea for the email-adress on this place.

But i have seen the same return is used in the admin-area of NukeSPAM. Here i have used the same way with a little change:

open modules/NukeSPAM/admin/nukeSPAMCheck.php and find:

php Code:
else echo $error;

i have it changed to:

php Code:
else echo $error['constant'] . $error['constant_ext1'] . $error['jsadress'];


I have moved the topic from nukeseo.com here in these forums because in the nukeseo.com forums i can't post the full code. Somehow is the code in the brackets filtered out.

Wink


Last edited by neralex on Fri Dec 12, 2014 3:45 pm; edited 8 times in total 
View user's profile Send private message
hicuxunicorniobestbuildpc
Life Cycles Becoming CPU Cycles


Joined: Aug 13, 2009
Posts: 967
Location: Netherland

PostPosted: Thu May 16, 2013 1:54 pm Reply with quote

Parse error: syntax error, unexpected end of file in /www.bestbuildpc.org/modules/nukeSPAM/nukeSPAM.php on line 106.

I added at the end

Code:
         }

         return $return;
   }


Now it works
 
View user's profile Send private message Visit poster's website
neralex
PostPosted: Thu May 16, 2013 2:09 pm Reply with quote

Yes it was a copy&paste error. the last bracket was not there. I have added the closing bracket in my topic.
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Fri Dec 12, 2014 12:42 pm Reply with quote

neralex, thank you (and hicux) for this. It came in handy today after a significant increase in attempted spammer registrations. It wasn't bad that the nukeSPAM block also resulted in a NukeSentinel block, since many of the requests came from the same IP address. But that also wasn't the intended behavior. I will incorporate this into the next version of nukeSPAM, and update the instructions for modifying the RavenNuke Your Account module.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
draxx
Involved
Involved


Joined: Nov 19, 2003
Posts: 282

PostPosted: Wed Jul 08, 2015 11:25 am Reply with quote

I've applied all the fixes listed here but _EVERYONE_ still gets blocked.

Only registered users can see links on this board! Get registered or login!
DEBUG: <?xml version="1.0"?> <spammers><spammercheck> <spammer>t-d@XXXXXXX.com</spammer> <isspammer>false</isspammer> <lastseen>-</lastseen> <timesreported>-</timesreported> </spammercheck> <spammercheck> <spammer>24.166.XX.XXX</spammer> <isspammer>false</isspammer> <lastseen>-</lastseen> <timesreported>-</timesreported> </spammercheck> <spammercheck> <spammer>jackson4</spammer> <isspammer>false</isspammer> <lastseen>-</lastseen> <timesreported>-</timesreported> </spammercheck> </spammers>
email no 0 ip no 0 username no 0
SFS username: False
SFS email: False
SFS ip: False Only registered users can see links on this board! Get registered or login!
SENT: Only registered users can see links on this board! Get registered or login!
RECEIVED: N|MULTI|IP|0|MAIL|0|NAME|0
133.68.166.24.drone.abuse.ch.
133.68.166.24.httpbl.abuse.ch.
133.68.166.24.spam.abuse.ch.
133.68.166.24.ipbl.zeustracker.abuse.ch.
133.68.166.24.dnsbl.ahbl.org.
AHBL (127.0.0.2 - Open Relay)
133.68.166.24.all.bl.blocklist.de
133.68.166.24.dnsbl.dronebl.org.
133.68.166.24.rbl.efnetrbl.org.
133.68.166.24.l2.spews.dnsbl.sorbs.net.
133.68.166.24.problems.dnsbl.sorbs.net.
133.68.166.24.zen.spamhaus.org.
133.68.166.24.bl.spamcop.net.
133.68.166.24.opm.tornevall.org.
133.68.166.24.80.104.161.233.64.ip-port.exitlist.torproject.org.
TRUE




Registration Error!



ERROR: Your registration has been blocked by our spam filter. If you feel this is incorrect, please contact the site administrator for resolution:
 
View user's profile Send private message
kguske
PostPosted: Wed Jul 08, 2015 11:30 am Reply with quote

Check out this article: Only registered users can see links on this board! Get registered or login!

Looks like you need to disable the AHBL blocker
 
draxx
PostPosted: Wed Jul 08, 2015 12:10 pm Reply with quote

Yeah that does sound like the problem. Thank you! Smile Smile
 
draxx
PostPosted: Wed Jul 08, 2015 2:27 pm Reply with quote

Does anyone know - does the module report to botscout?
 
kguske
PostPosted: Thu Jul 09, 2015 5:08 am Reply with quote

If configured, it checks Botscout to see if the registering user is a know spammer. But it does not report anything.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Modules

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©