Sex Adds being added to reviews by Anonymous?????

mrix · Client Joined: Dec 04, 2004 Posts: 757

Hello all, I find it hard to believe that with the latest phpnuke 7.6 and the latest patch with the latest sentinal that somehow peope can come along as Anonymous and add loads of sex adds to my reviews section of my site I have having to delete these adds everyday now and there is loads of them I have set the reviews for regestered only but Anonymous still can add the reviews even though I am ment to except posted reviews first.
Any idea`s all ??
thanks for any help
mrix

hitwalker · Sells PC To Pay For Divorce Joined: Posts: 5661

no, you cannot stop this.
when you have certain settings set to public then your opening the door to these types of submissions.
A bad words list wouldnt help also.

Only thing left is to ban on ip and disallow any proxy...that will kill 98 percent.

evaders99 · Posted: Sat Mar 11, 2006 7:48 pm

FB "convenentially" left this out.. it was updated in newer versions of phpNuke.
If you are looking for a 7.6 Patched-compatible file, with these feature - I have one here. It should stop people from anonymously posting comments now

Only registered users can see links on this board!
Get registered or login to the forums!

I expect this will be one of the things added to RavenNuke

sting · Posted: Mon Mar 13, 2006 9:50 pm

Hey evaders, just a quick note - maybe you can point me in the right direction here.

The patched file that I am using (7.6 patch 3.2) worked well on first copy over - only things I have noticed - if there is a paren in the review title, you get the allowable html error.

Also, it may be a cookie issue for me but while the Anonymous poster is blocked - no wait - I think I may have figured it out - I think I am logged in as Admin, which gets me past the anonymous part, but it still posts a comment with "Posted by" and no user name... ha. So I am guessing one will only run into that problem if logged in as admin.

-sting

sting · Posted: Mon Mar 13, 2006 9:55 pm

Ok - so that's not it - I was logged in as a user, also as admin - the anonymous does get blocked, but in the Review Comments section, the posted by user doesn't seem to be working.

Not sure why (as of yet..)

-sting

Guardian2003 · Posted: Tue Mar 14, 2006 1:13 am

RN NEEDS something like this - 'nuff said.
I'll be looking at this too as soon as time allows.

montego · Posted: Tue Mar 14, 2006 6:08 am

BugTracker anyone????

evaders99 · Posted: Tue Mar 14, 2006 8:33 am

Yes definitely will be included in 3.2's update for RavenNuke

I don't seem to have this problem. Weird.. sting, can you show me where this error is occuring?
I know there have been problems with unncessary titles being passed.. ultimately blocked by Sentinel. I've removed the unnecessary parts from Downloads and Web_Links - but if there's a problem with Reviews, I'll look into it too.

sting · Posted: Wed Mar 15, 2006 12:13 pm

Ok - which one are we talking about - the parenthesis in the title or the Posted by issue?

Either way - If you have a title like Movie (DVD), the parenthesis seem to throw something out of whack as the Allowable HTML error comes up.

The other just has a "Posted by on this date". As soon as I get some time to look into this one I will.

-sting

evaders99 · Posted: Wed Mar 15, 2006 4:51 pm

I just added a Review with that title just fine. Weird.
Tell me if you figure out anything or need help with it. Will need to give me some idea how to duplicate the bug

providence · Regular Joined: Apr 23, 2005 Posts: 95

I was hit with this

i got hundreds of sex spams in my reviews

how can i disallow annonymous to post in reviews section?

Guardian2003 · Posted: Thu Apr 27, 2006 2:20 am

providence - you can make a start by making changing the module to access to registered users.

evaders99 · Posted: Thu Apr 27, 2006 7:34 am

Here's the fix I backported from newer phpNuke, will be added to RavenNuke's SVN shortly. This will sync with the option of anonymous comments in the Preferences

in modules/Reviews/index.php

FIND

Code:

function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name;

REPLACE WITH

Code:

function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name, $anonpost;
if (!is_user($user) && $anonpost == 0) {
 include("header.php");
 title("$module_name");
 OpenTable();
 echo "<center>"._RESTRICTEDAREA." "._MODULEUSERS."";
 CloseTable();
 include("footer.php");
 die();
}

FIND

Code:

function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name;

REPLACE WITH

Code:

function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name, $user_prefix, $anonpost;
if (!is_user($user) && $anonpost == 0) {
 include("header.php");
 title("$module_name");
 OpenTable();
 echo "<center>"._RESTRICTEDAREA." "._MODULEUSERS."";
 CloseTable();
 include("footer.php");
 die();
}

deech · New Member Joined: Jul 24, 2005 Posts: 12

Is there any way to delete all current Review comments?

Guardian2003 · Posted: Tue May 02, 2006 11:55 am

You should see that option when logged in as an admin when in the reviews module - or you could delete the data directly from the database.

providence · Regular Joined: Apr 23, 2005 Posts: 95

I have already changed the module to access registered users only, and it has stopped
thanks guardian!

Guardian2003 · Posted: Sat Jun 03, 2006 7:38 am

Thanks for the update!

providence · Regular Joined: Apr 23, 2005 Posts: 95

Hey guys,

what if we add the captcha system when adding comments?

doesnt that stop bots?

Guardian2003 · Posted: Sun Jun 18, 2006 11:11 pm

providence wrote:

Hey guys,

what if we add the captcha system when adding comments?

doesnt that stop bots?

It will stop most of them yes.

providence · Regular Joined: Apr 23, 2005 Posts: 95

is there already a script available for this ?

Guardian2003 · Posted: Mon Jun 19, 2006 12:02 am

Not that I know of (I thought you were offering to do it Smile

)
A quick fix is to change the module permissions to 'Registered User' but of course that means that the module will not get crawled.

This has actually been one of my personal gripes with nuke since I started using it but so much time gets taken up with debugging that hardly any time is left for, what I perosnally see as a 'must have' enhancement - or to put it nicely, a 'missing feature' Wink

providence · Regular Joined: Apr 23, 2005 Posts: 95

Hehe, I would do it, but I dont know how

A quick fix was to change the module permission to registered users. but doesnt that hide the module from unregistered users?

I dont the spams, yet I dont like users to be forced to register just to read the reviews

hitwalker · Sells PC To Pay For Divorce Joined: Posts: 5661

indeed,but thats a fact when you set it to registered...
the module as..reviews...can only be seen by registered logged in people.

thebishop · Posted: Thu Oct 26, 2006 5:31 am

evaders99 wrote:

Here's the fix I backported from newer phpNuke, will be added to RavenNuke's SVN shortly. This will sync with the option of anonymous comments in the Preferences

in modules/Reviews/index.php

FIND

Code:

function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name;

REPLACE WITH

Code:

function postcomment($id, $title) {
global $user, $cookie, $AllowableHTML, $anonymous, $module_name, $anonpost;
if (!is_user($user) && $anonpost == 0) {
 include("header.php");
 title("$module_name");
 OpenTable();
 echo "<center>"._RESTRICTEDAREA." "._MODULEUSERS."";
 CloseTable();
 include("footer.php");
 die();
}

FIND

Code:

function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name;

REPLACE WITH

Code:

function savecomment($xanonpost, $uname, $id, $score, $comments) {
global $anonymous, $user, $cookie, $prefix, $db, $module_name, $user_prefix, $anonpost;
if (!is_user($user) && $anonpost == 0) {
 include("header.php");
 title("$module_name");
 OpenTable();
 echo "<center>"._RESTRICTEDAREA." "._MODULEUSERS."";
 CloseTable();
 include("footer.php");
 die();
}

evaders, does this completely fix the issue of people being able to post comments in the reviews module under anonymous.

I'm running Nuke 7.6 fully patched and when i post a review, a comment from some one not registered shows up right under my review.
my reviews module has been for registered users only, since i found out this could be done but it's still happening.

I then deleted my review and posted another test review and BAM there it was again, except the posters name was different.
this is what it looks like.

testing review module
Posted by yukibv on 2006-03-07 15:06:37
My Score:
Admin: [ Delete ]
--------------------------------------------------------------------------------

amphetamine tramadol buy cialis
-------------------------------------

the above are links to sites

evaders99 · Posted: Thu Oct 26, 2006 11:09 am

First make sure you have "Allow Anonymous to Post?" in your Preferences turned off

Next try going to this URL on your Nuke site
modules.php ? name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

If that doesn't give you a "Restricted users" page, then something is wrong