| Author |
Message |
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
 Posted:
Sun Jan 14, 2007 10:01 am |
 
|
I would like to block any IP that tries to access my site by entering this url in order to do so:
/modules.php?name=Forums&file=weblog&w=2
Is this possible?
....:::don't know if this question is in the right forum, I never seem to do that correctly  and I tried searching first  ::::.....
JoAnne ~ |
|
|
 
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sun Jan 14, 2007 10:19 am |
|
chances are other will be blocked....
or is that the intention ? |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sun Jan 14, 2007 10:49 am |
|
| hitwalker wrote: | chances are other will be blocked....
or is that the intention ? |
Thanks Hitwalker
Yes.... everyone who tries to access directly through that url
....seems to be the way for spammers to inject their lovely advertisements directly into the blogs 
I have been manually blocking each one.... but it would be great to automate it  |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sun Jan 14, 2007 10:57 am |
|
i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ? |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sun Jan 14, 2007 11:07 am |
|
| hitwalker wrote: | i think its hard cause you cant put in any refer,and blocking by rule in sentinel or directly in the htaccess will lead to innocent banned people...
but how come that blog is easy to spam ? |
I have taken the blog down, but I get an average of 5-10 trying to access it directly each day. If they are trying to access the site directly through that url, then I want them blocked. If that IP can't add their spam that way, then they will be back with yet another way to try and spam, so why not block them now before they come up with another way. |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sun Jan 14, 2007 11:51 am |
|
well no rule will ban them automatically...
and the blog thing....yes now i understand...
there are a few scripts outhere that auto submit on certain scripts,phpbb is one of them ...
you can put a rewrite rule in the htaccess that sends them to japan if needed...
banning is useless cause they use millions of bogus ip's
you can use :
Redirect permanent /modules.php?name=Forums&file=weblog&w=2 |
|
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3038
Location: United Kingdom
|
| Posted:
Sun Jan 14, 2007 12:16 pm |
|
I like that!!! 
If you really want them to get banned just changed the redirect to a page that Sentinel will ban them for accessing. |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sun Jan 14, 2007 3:00 pm |
|
| hitwalker wrote: |
you can put a rewrite rule in the htaccess that sends them to japan if needed...banning is useless cause they use millions of bogus ip's
you can use :
Redirect permanent /modules.php?name=Forums&file=weblog&w=2 |
 ..... that is funny as quite a few of the IPs are from Japan, not all of them, but quite a few .....
Thanks Hitwalker |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Sun Jan 14, 2007 3:06 pm |
|
well put a nice irritating web address and that will do..
realise they will never notice that cause its automated junk... |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Mon Jan 15, 2007 11:22 pm |
|
JoAnne, just make sure that your normal users don't need that URL "string" to use the tool!
I have done a similar thing with Web Links as they were trying to spam them every chance they got. I happened to notice in the access logs that their referrer was always blank! I also noticed that a normal user would really only be able to reach the link from WiTHIN my site (so it would always have a referer) and the chances of a user bookmarking the exact URL to post into was just too remote a possibility.
Here is what I did:
| Code: |
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{QUERY_STRING} ^(.*)name=Web_Links(.*)
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]
|
However, I had to make the "call" that I would not let anyone bookmark in their browser directly to the Web Links module. I can live with that...
But, keep in mind, this ONLY works if the HTTP_REFERER is blank. |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Fri Jan 19, 2007 7:44 am |
|
Hey montego
No one should need to directly or indirectly access that weblog. Thanks, I will try your suggestion as well 
I have been manually blocking any IP that used that url string to try to gain access. One IP I banned 62.141.53.139 on 01/06/07 tried to access it again last night, shouldn't I not see that? How could they try to do it again if they were banned?
JoAnne |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Jan 19, 2007 7:48 am |
|
you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info.... |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Fri Jan 19, 2007 7:58 am |
|
| hitwalker wrote: | you have to stop them at server level, that means atleast in the htaccess file.
but to wake you up a bit.....
these are not people but forums and blog spambots...
when they run the script they automatically visit your site again...
they never refresh or renew their info.... |
Hey Hitwalker
I knew they were spambots, even though I do need to wake up a bit more ...... 
I thought by entering them into NukeSentinel, that I was stopping them. By banning an IP in NukeSentinel, what am I banning them from? Am I wasting my time by doing this?
Thanks for your help |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Jan 19, 2007 8:02 am |
|
no your not wasting time but check if the ip's are also written to the htaccess.. |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Fri Jan 19, 2007 7:39 pm |
|
| hitwalker wrote: | | no your not wasting time but check if the ip's are also written to the htaccess.. |
No.... the IPs that I add to NukeSentinel are not being written to the .htaccess file, should they be or do I have to them to that file manually? Am I doing something wrong?
Thanks
JoAnne |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Jan 19, 2007 7:42 pm |
|
as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless... |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Fri Jan 19, 2007 8:18 pm |
|
| hitwalker wrote: | as far as i know of it should....
but check your settings in sentinel...!
that it writes to the htaccess file as well...
otherwise its indeed a bit useless... |
My Bad ...... I had a typo in the path to the .htaccess file... DUH!
I fixed it, tested it and it works fine now...
Sorry
Thank you so much for your help!
JoAnne |
|
|
|
|
|
hitwalker
Sells PC To Pay For Divorce
Joined:
Posts: 5661
|
| Posted:
Fri Jan 19, 2007 8:20 pm |
|
happy banning....  |
|
|
|
|
|
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
| Posted:
Fri Jan 19, 2007 9:17 pm |
|
I know I may be a little late here, but why not just set the Reply permissions in the Blog CP to registered users. You can put the view permissions to Guests and then everyone can see it, but no one can reply (comment) unless they are a registered user.
You will have to watch the shout box though.
Afterthought: If you want to keep guests from accessing the shoutbox, (not displaying the shoutbox causes the page to break), you can open your weblog.php file and comment out line 250 and on the next line add:
| Code: | | message_die(GENERAL_ERROR, 'Guests are not allowed to post in the shoutbox'); |
Then guests can view the blog, but when they try to submit something to the shoutbox, they received the error. |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sat Jan 20, 2007 2:16 am |
|
Hey Dauthus
The ported Blog Mod/Weblogs for PHPNuke has alot of security holes. Naturally, I had started out with above settings of guests viewing and only registered users adding comments, etc. etc. I removed the shout boxes. No matter what I did, there was always a way for the hackers and spammers to find a way to get through.
I have removed the Blogs from my sites until someone ports the Blog Mog/Weblogs to PHPNuke and maintains it with the necessary upgrades for the latest vulnerabilities.
My reason for wanting to ban the IPs that are still trying to enter the Weblogs, even though I have them turned off, is that I feel they are malicious IPs and will not stop at the blogs and that they will continue to find ways to hack or spam in some way or another. I know I can not ever stop them all, but if I can stop just a few... who knows 
.....:::::with a false sense of security::::......
JoAnne |
|
|
|
|
|
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
| Posted:
Sat Jan 20, 2007 10:15 am |
|
That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.
Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay. |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sat Jan 20, 2007 10:19 am |
|
| Dauthus wrote: | That's ok. I use the blog Mod, and had problems in the beginning with spammers in the shoutbox. Sure, bots will try to access any page they spider, but just because they attempt to visit doesn't mean they get through or they are attempting to hack a site. They are just doing their jobs.
Since I implemented the changes I gave to you, I have been able to use the blog without problems, and keep the bot spamming at bay. |
Which version of the Blog Mod are you using and who ported it to PHPNuke?
Thanks
JoAnne |
|
|
|
|
|
Dauthus
Worker
Joined: Oct 07, 2003
Posts: 211
|
| Posted:
Sat Jan 20, 2007 10:32 am |
|
As best as I can tell, this one:
Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005 |
|
|
|
|
|
JoAnne
Worker
Joined: Oct 18, 2005
Posts: 127
Location: NYC
|
| Posted:
Sat Jan 20, 2007 10:47 am |
|
| Dauthus wrote: | As best as I can tell, this one:
Powered by the Blog Mod version 0.2.x by Hyperion
A port for PHP-Nuke by BBtoNukeMods with enhancements from NukeKorea Dev. Network © 2003-2005 |
That is the one I have. The Blog Mod has been updated a few times since that as some security vulnerabilities had been found by Hyperion. I was going to update it myself, but have not had the time. I really wish Raven would take that project on, I would feel much better with a version from him
JoAnne |
|
|
|
|
|
guidyy
Worker
Joined: Nov 22, 2004
Posts: 208
Location: Italy
|
| Posted:
Sun Jan 21, 2007 12:21 am |
|
Just my 2 cents:
In sentinel, also add in the string blocker the most used words used by spammers
cialis, viagra, phentermine, levitra etc...
mail.ru cachette.com are a "must" too...
Since I did, i saw spam going down by 80% and love it  |
|
|
 |
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::