Bot Spamers
Asked Modified Viewed 7,414 times
MutantCheese
MutantCheese 10
- Junior Member, joined since
- Contributed 42 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
I have had to regulate registration on all of my sites because of bot spammers. Most of my unactivated users are spammers with ids like "jerimiah12739" or "rebecca10385", etc. These seem to be spam bots. Is anyone else getting this type of spam? Then they post comments to news and articles loaded with porn are drug links.
Falk
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
Yes it is a common issue (not just php-fusion), we are working on a solution.
MutantCheese
MutantCheese 10
- Junior Member, joined since
- Contributed 42 posts on the community forums.
- Started 5 threads in the forums
- Started this discussions
That would be nice. They are a pain, but thanks for addressing it.
answered
Edited by dewa5227 on 25-06-2007 17:32,
answered
I've been suffering this on all my PHP Fusion sites, even one that doesn't have a credit to PHP Fusion on the bottom of the page.
However, I have some observations to make about this spamming which may help provide a solution:
-100% of the spam comes from members registered at a .info address, but none of my legitimate members have .info addresses. If there's a way to block all registrations using a .info email address, that would kill all of the current spam registrations. I would love to see this feature available, it would be quick and easy and end (until they use a different TLD) all the spam.
-If you set the membership to be admin approved, the spammers never get through because they're always something in the form name11111 and very easy to spot.
-The domain of a spammer's email address looks like it's fake and autogenerated, but it isn't. All of the domains used by the spammer are real, you can check them on a WHOIS service. One of them I checked was registered to "Mike Tyson Boxer" so they've clearly faked the name when registering the domains. The links in the spammers' actual spam are often hosted by these domains as well.
If you add that domain to the blacklist it will prevent any more registrations from that domain. If the number of domains run by the spammers is small, we could assemble a list of spammer domains on here and people could preemptively block them on their blacklists.
Some domains have been reused by spammers on different sites before I blocked them, which suggests the number of domains they own is limited.
Here's all the domains I've spotted so far:
aacwmrzb.info
cwwsjxsk.info
ftajpqsj.info
hpfnro.info
ijzezd.info
jaqois.info
kspdtd.info
ktimpwi.info
kxqvtjv.info
mrfcju.info
npqisc.info
pqiiip.info
uxvvlhtw.info
vflnesac.info
vjzaar.info
wzllgqv.info
ydsqdiyf.info
zbzdpmss.info
zfkvtrs.info
However, I have some observations to make about this spamming which may help provide a solution:
-100% of the spam comes from members registered at a .info address, but none of my legitimate members have .info addresses. If there's a way to block all registrations using a .info email address, that would kill all of the current spam registrations. I would love to see this feature available, it would be quick and easy and end (until they use a different TLD) all the spam.
-If you set the membership to be admin approved, the spammers never get through because they're always something in the form name11111 and very easy to spot.
-The domain of a spammer's email address looks like it's fake and autogenerated, but it isn't. All of the domains used by the spammer are real, you can check them on a WHOIS service. One of them I checked was registered to "Mike Tyson Boxer" so they've clearly faked the name when registering the domains. The links in the spammers' actual spam are often hosted by these domains as well.
If you add that domain to the blacklist it will prevent any more registrations from that domain. If the number of domains run by the spammers is small, we could assemble a list of spammer domains on here and people could preemptively block them on their blacklists.
Some domains have been reused by spammers on different sites before I blocked them, which suggests the number of domains they own is limited.
Here's all the domains I've spotted so far:
aacwmrzb.info
cwwsjxsk.info
ftajpqsj.info
hpfnro.info
ijzezd.info
jaqois.info
kspdtd.info
ktimpwi.info
kxqvtjv.info
mrfcju.info
npqisc.info
pqiiip.info
uxvvlhtw.info
vflnesac.info
vjzaar.info
wzllgqv.info
ydsqdiyf.info
zbzdpmss.info
zfkvtrs.info
Edited by tapaga on 04-07-2007 19:11,
Falk
Falk 146
Need help?, Having trouble?
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
• View our Documentation for Guides, Standards and Functions
• Name and Organize your Topics and Content correctly in the corresponding Forums for best support results
• Attaching Log Files and Screenshots when reporting issues will help
• Provide with an URL to live example if one exists
• Please read the How to Report an Error post
• Please read and comply with the Code of Conduct
(¯·._.·(¯°·._.·°º*[ Project Manager ]*º°·._.·°¯)·._.·¯)
- Super Admin, joined since
- Contributed 6,201 posts on the community forums.
- Started 639 threads in the forums
- Answered 12 questions
Thanks for the info :)
answered
here a possible solution by scorp
http://www.php-fusion.it/forum/viewth...#post_6326
[/quote]
http://www.php-fusion.it/forum/viewth...#post_6326
Quote
Edit register.php
Find line 46Code Download source$password1 = stripinput(trim(eregi_replace(" +", "", $_POST['password1'])));
After add:Code Download source$user_antispam = stripinput(trim($_POST['user_antispam']));
Change next line from:Code Download sourceif ($username == "" || $password1 == "" || $email == "") $error .= $locale['402']."<br>\n";
in:Code Download sourceif ($username == "" || $password1 == "" || $email == "" || $user_antispam=="") $error .= $locale['402']."<br>\n";
and add below:Code Download sourceif (strcasecmp($user_antispam,"CORRECT ANSWER HERE")!=0) {
$error .= "Error in Text Antispam Confirmation<br>";
}
Now you should add the textbox in the registration form:
Find:Code Download source<tr>
<td class='tbl'>".$locale['u006']."</td>
<td class='tbl'><input type='radio' name='user_hide_email' value='1' checked>".$locale['u007']."
<input type='radio' name='user_hide_email' value='0' >".$locale['u008']."</td>
</tr>
After add:Code Download source<tr>
<td class='tbl'><strong>AntiSpam</strong>:<br>VERY-SIMPLE-QUESTION-HERE? <span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='user_antispam' maxlength='100' class='textbox' style='width:200px;'></td>
</tr>
Insert at your choice an easy question&anwser.
Very simple (and too much hardcoded) but works greatly.
answered
That's probably the best solution, but a block on .info addresses would also be a good alternative for those who aren't comfortable alterting the scripts.
answered
OK I have implemented it and now there is no bots anymore, at least for last 2 days - before that there was 1 or 2 a day.
However I have another problem, similar to this one - my contact.php is getting attacked and my inbox is full of c*** daily! I wonder do you have same problems and is there a solution similar to this one?
thanks
However I have another problem, similar to this one - my contact.php is getting attacked and my inbox is full of c*** daily! I wonder do you have same problems and is there a solution similar to this one?
thanks
I have had the exact same problem but on my site i noticed all the spam users had been signing up using email addresses in the same format.
All the emails start with u[number].[number].[number][name] (u168.37.283.robt@esdjuhx.info is an example of one i had)
so to stop this i created this and added it to the register.php file
It checks the format of the email, if it matches the same format as the spam emails it adds the error. So far it has compleatly stopped all spam registrations (i also log the failed ones along with the ip to keep a record).
So if anyone wants to try this out feel free.
All the emails start with u[number].[number].[number][name] (u168.37.283.robt@esdjuhx.info is an example of one i had)
so to stop this i created this and added it to the register.php file
Code Download source
if (preg_match("/[u]+[0-9]+\.[0-9]+\.[0-9]+.[a-zA-Z]+@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i",$email)){
$error .= '<br /><b>
Your E-Mail address has been identified as a spam email account, and therefore have
not been registered. If you beleve this is an error,
<a href="contact.php">Please contact us.</a></b><br /><br />';
}
It checks the format of the email, if it matches the same format as the spam emails it adds the error. So far it has compleatly stopped all spam registrations (i also log the failed ones along with the ip to keep a record).
So if anyone wants to try this out feel free.
answered
problems only aroun contact.php? take a look: http://www.phpfusion-mods.com/forum/v...post_24378
Quote
lelebart wrote:
take a look at
http://www.php-fusion.it/forum/viewth...#post_5173
it works, mates!* * *
step 1] find in the /maincore.phpCode Download sourceif (eregi("register.php", $check_url)&& preg_match("/^[0-9a-z]{32}$/", $vimage)) {
and replace it withCode Download sourceif (eregi("register.php", $check_url)&& preg_match("/^[0-9a-z]{32}$/", $vimage) [color=red]or eregi("contact.php", $check_url)[/color]) {
step 2] open /locale/English/contact.php and add:Quote
//vcode-captcha
$locale['430'] = "Incorrect validation code.";
$locale['431'] = "Validation Code:";
$locale['432'] = "Enter Validation Code:";
step 3] delete or rename your /contact.php, and create a new /contact.php with this code (new parts are red)Code Download source<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright © 2002 - 2006 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";
include LOCALE.LOCALESET."contact.php";
if (isset($_POST['sendmessage'])) {
$error = "";
$mailname = substr(stripinput(trim($_POST['mailname'])),0,50);
$email = substr(stripinput(trim($_POST['email'])),0,100);
$subject = substr(str_replace(array("\r","\n","@"), "", descript(stripslash(trim($_POST['subject'])))),0,50);
$message = descript(stripslash(trim($_POST['message'])));
if ($mailname == "") {
$error .= "· <span class='alt'>".$locale['420']."</span><br>\n";
}
if ($email == "" || !preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $email)) {
$error .= "· <span class='alt'>".$locale['421']."</span><br>\n";
}
if ($subject == "") {
$error .= "· <span class='alt'>".$locale['422']."</span><br>\n";
}
if ($message == "") {
$error .= "· <span class='alt'>".$locale['423']."</span><br>\n";
}
[color=red] if(iGUEST) {
$user_code = stripinput($_POST['user_code']);
$temp_num = stripinput($_POST['temp_num']);
$result = dbquery("SELECT * FROM ".$db_prefix."vcode WHERE vcode_1='$user_code'");
if (dbrows($result) == 0) {
$error .= "· <span class='alt'>".$locale['430']."</span><br>\n";
} else {
$result = dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_1='$user_code'");
}
}[/color]
if (!$error) {
require_once INCLUDES."sendmail_include.php";
sendemail($settings['siteusername'],$settings['siteemail'],$mailname,$email,$subject,$message);
opentable($locale['400']);
echo "<center><br>\n".$locale['440']."<br><br>\n".$locale['441']."</center><br>\n";
closetable();
} else {
opentable($locale['400']);
echo "<center><br>\n".$locale['442']."<br><br>\n$error<br>\n".$locale['443']."</center><br>\n";
closetable();
}
} else {
opentable($locale['400']);
echo $locale['401']."<br><br>
<form name='userform' method='post' action='".FUSION_SELF."'>
<table align='center' cellpadding='0' cellspacing='0' class='tbl'>
<tr>
<td width='100'>".$locale['402']."</td>
<td><input type='text' name='mailname' maxlength='50' class='textbox' style='width: 200px;'></td>
</tr>
<tr>
<td width='100'>".$locale['403']."</td>
<td><input type='text' name='email' maxlength='100' class='textbox' style='width: 200px;'></td>
</tr>
<tr>
<td width='100'>".$locale['404']."</td>
<td><input type='text' name='subject' maxlength='50' class='textbox' style='width: 200px;'></td>
</tr>
<tr><td valign='top' width='90'>".$locale['405']."</td>
<td><textarea name='message' rows='10' class='textbox' style='width: 320px'></textarea></td>
</tr>";
[color=red] if(iGUEST) {
srand((double)microtime()*1000000);
$temp_num = md5(rand(0,9999));
$vcode_1 = substr($temp_num, 17, 5);
$vcode_2 = md5($vcode_1);
unset($temp_num);
$result = dbquery("INSERT INTO ".$db_prefix."vcode VALUES('".time()."', '$vcode_1', '$vcode_2')");
echo "<tr>
<td width='100'>".$locale['431']."</td>
<td>";
if ($settings['validation_method'] == "image") {
echo "<img src='?vimage=$vcode_2'>\n";
} else {
echo "<b>$vcode_1</b>\n";
}
unset($vcode_1,$vcode_2);
echo "</td>
</tr>
<tr>
<td width='100'>".$locale['432']."</td>
<td><input type='text' name='user_code' class='textbox' style='width:100px' /></td>
</tr>";
}[/color]
echo "<tr>
<td align='center' colspan='2'>
<input type='submit' name='sendmessage' value='".$locale['406']."' class='button'>
</td>
</tr>
</table>
</form>\n";
closetable();
}
require_once "side_right.php";
require_once "footer.php";
?>* * *
what changes from that previous one to this:
- not (or easier) hard-coded;
- captcha required only for guests;
- better integration with language(s);
- just a script for all the captchas for your site!! (if you choose the amra's captcha code, maincore remains lighter!!)
answered
I too am having issues on my site with these crappy bots. I'll try using the info above and see if it keeps the bots off my back for a while. :@
sixerssfan
sixerssfan 10
Kansas City Player
- Newbie, joined since
- Contributed 2 posts on the community forums.
- Started 1 thread in the forums
Quote
Taylor wrote:
I have had the exact same problem but on my site i noticed all the spam users had been signing up using email addresses in the same format.
All the emails start with u[number].[number].[number][name] (u168.37.283.robt@esdjuhx.info is an example of one i had)
so to stop this i created this and added it to the register.php fileCode Download sourceif (preg_match("/[u]+[0-9]+\.[0-9]+\.[0-9]+.[a-zA-Z]+@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i",$email)){
$error .= '<br /><b>
Your E-Mail address has been identified as a spam email account, and therefore have
not been registered. If you beleve this is an error,
<a href="contact.php">Please contact us.</a></b><br /><br />';
}
It checks the format of the email, if it matches the same format as the spam emails it adds the error. So far it has compleatly stopped all spam registrations (i also log the failed ones along with the ip to keep a record).
So if anyone wants to try this out feel free.
But where can i add this code in register.php?
Following solutions can be used:
1. Antibot - add a simple question to register.php and to the corresponding scripts.
2. Antispam - rename contact.php to smth like contact1.php and change table sitelinks.
1. Antibot - add a simple question to register.php and to the corresponding scripts.
2. Antispam - rename contact.php to smth like contact1.php and change table sitelinks.
answered
@tapaga: Blocking based on domainextensions could be very dangerous. You say most of the spammers come from a .info domain. Well, I have a .info domain and I'm not a spammer! My bet is that there are a lot .info domains that have nothing to do with spammers....
— 2 months later —
answered
only for v6.01.12
step 1] open /locale/English/contact.php and add:
step 2] delete or rename your /contact.php, and create a new /contact.php with this code (new parts are red)
* * *
step 1] open /locale/English/contact.php and add:
Quote
//vcode-captcha
$locale['430'] = "Incorrect validation code.";
$locale['431'] = "Validation Code:";
$locale['432'] = "Enter Validation Code:";
step 2] delete or rename your /contact.php, and create a new /contact.php with this code (new parts are red)
Code Download source
<?php
/*---------------------------------------------------+
| PHPFusion 6 Content Management System
+----------------------------------------------------+
| Copyright © 2002 - 2006 Nick Jones
| http://www.php-fusion.co.uk/
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
require_once "maincore.php";
require_once "subheader.php";
require_once "side_left.php";
include LOCALE.LOCALESET."contact.php";
if (isset($_POST['sendmessage'])) {
$error = "";
$mailname = substr(stripinput(trim($_POST['mailname'])),0,50);
$email = substr(stripinput(trim($_POST['email'])),0,100);
$subject = substr(str_replace(array("\r","\n","@"), "", descript(stripslash(trim($_POST['subject'])))),0,50);
$message = descript(stripslash(trim($_POST['message'])));
if ($mailname == "") {
$error .= "· <span class='alt'>".$locale['420']."</span><br>\n";
}
if ($email == "" || !preg_match("/^[-0-9A-Z_\.]{1,50}@([-0-9A-Z_\.]+\.){1,50}([0-9A-Z]){2,4}$/i", $email)) {
$error .= "· <span class='alt'>".$locale['421']."</span><br>\n";
}
if ($subject == "") {
$error .= "· <span class='alt'>".$locale['422']."</span><br>\n";
}
if ($message == "") {
$error .= "· <span class='alt'>".$locale['423']."</span><br>\n";
}
[color=red] //captcha mod by lelebart
if (iGUEST && $settings['display_validation'] == "1") {
if (!check_captcha($_POST['captcha_encode'], $_POST['captcha_code'])) {
$error .= "· <span class='alt'>".$locale['430']."</span><br />\n";
}
}
//captcha mod by lelebart[/color]
if (!$error) {
require_once INCLUDES."sendmail_include.php";
sendemail($settings['siteusername'],$settings['siteemail'],$mailname,$email,$subject,$message);
opentable($locale['400']);
echo "<center><br>\n".$locale['440']."<br><br>\n".$locale['441']."</center><br>\n";
closetable();
} else {
opentable($locale['400']);
echo "<center><br>\n".$locale['442']."<br><br>\n$error<br>\n".$locale['443']."</center><br>\n";
closetable();
}
} else {
opentable($locale['400']);
echo $locale['401']."<br><br>
<form name='userform' method='post' action='".FUSION_SELF."'>
<table align='center' cellpadding='0' cellspacing='0' class='tbl'>
<tr>
<td width='100'>".$locale['402']."</td>
<td><input type='text' name='mailname' maxlength='50' class='textbox' style='width: 200px;'></td>
</tr>
<tr>
<td width='100'>".$locale['403']."</td>
<td><input type='text' name='email' maxlength='100' class='textbox' style='width: 200px;'></td>
</tr>
<tr>
<td width='100'>".$locale['404']."</td>
<td><input type='text' name='subject' maxlength='50' class='textbox' style='width: 200px;'></td>
</tr>
<tr><td valign='top' width='90'>".$locale['405']."</td>
<td><textarea name='message' rows='10' class='textbox' style='width: 320px'></textarea></td>
</tr>[color=red]";
//captcha mod by lelebart
if (iGUEST && $settings['display_validation'] == "1") {
echo "<tr>\n<td width='100'>".$locale['431']."</td>\n<td>";
echo make_captcha();
echo "</td>
</tr>
<tr>
<td width='100'>".$locale['432']."<span style='color:#ff0000'>*</span></td>
<td><input type='text' name='captcha_code' class='textbox' style='width:100px'></td>
</tr>\n";
}
//captcha mod by lelebart
echo "[/color]<tr>
<td align='center' colspan='2'>
<input type='submit' name='sendmessage' value='".$locale['406']."' class='button'>
</td>
</tr>
</table>
</form>\n";
closetable();
}
require_once "side_right.php";
require_once "footer.php";
?>Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 15 posts
- Votes 0 votes
- Topic users 11 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions