Spam problem: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

I've recently had literally thousands of spam messages posted as comments on my site. They have to have been generated by bots, no human could have posted so many messages.

The problem seems to be that the image validation code can be read by bots, is there any way to make it more challenging for them?

I've tried using email validation in the past, but that causes more problems than it solves. Many people who tried to register said they didn't receive the confirmation mail, and I suspect it's often ended up in people's spam bins without them noticing.

0 replies

Quote

Lasse Jensen wrote:
I checked my site for members as written above after a few spam-bot attacks, and i found this user:

username: Lorder
email: jurox@walla.com
Ip add: 88.118.83.158

Can anyone confirm that these walla.com accounts has(or dont) something to do with the spambots?

Edit: This guy (Lorder) havn't made any spam on my website at all, just for the record :)

Hey Lasse Jensen and members,
try this free service:
http://www.yellowpipe.com/yis/tools/email-validator/verify_email.php?seenIEPage=1#
All you do is input the email and click verify. Instantly it can back with "this email seems to be invalid" It can help figure out those clever new memberships by these guys.
Anything helps i guess. ;)

0 replies

IP banning will not work because they hide behind proxys. There are thousands of proxys they can use. By banning the IP's you also ban other innocent visitors to visit your site.

0 replies

Falk

answered 28 Mar 2007 at 03:40 PM

Super Admin

What if we just block comments containing [url] bbcode? i can sort out a line of code to see if it stops the spam? It is a darn pain in the neck.

0 replies

Falk

answered 28 Mar 2007 at 05:37 PM

Super Admin

Ah, you've hit a nail there Tammy, i'll look into the storage of the vcode data. the data only exists for a max of 5 minutes though (footer.php). Hmm, if no admin logs in, it wont be purged.

Code Download source

if (iADMIN) {
   $result = dbquery("DELETE FROM ".$db_prefix."flood_control WHERE flood_timestamp < '".(time()-360)."'");
   $result = dbquery("DELETE FROM ".$db_prefix."thread_notify WHERE notify_datestamp < '".(time()-1209600)."'");
   $result = dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < '".(time()-360)."'");
   $result = dbquery("DELETE FROM ".$db_prefix."new_users WHERE user_datestamp < '".(time()-86400)."'");
}

Perhaps moving

Code Download source

$result = dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < '".(time()-360)."'");

outside the ADMIN set, i.e.

Code Download source

if (iADMIN) {
   $result = dbquery("DELETE FROM ".$db_prefix."flood_control WHERE flood_timestamp < '".(time()-360)."'");
   $result = dbquery("DELETE FROM ".$db_prefix."thread_notify WHERE notify_datestamp < '".(time()-1209600)."'");
   $result = dbquery("DELETE FROM ".$db_prefix."new_users WHERE user_datestamp < '".(time()-86400)."'");
}
$result = dbquery("DELETE FROM ".$db_prefix."vcode WHERE vcode_datestamp < '".(time()-360)."'");

0 replies

How about using WWW-Authenticate to protect the register.php?

Will bots be able to do automated access to a WWW-Authenticate window as for a form fields?

0 replies

This is just a thought...but if they are changing there mail address..after registration....wouldent it then stop them if we lock the changing of mail address...
We would atleast have a valid mail address to the person then...

If nomal users would like to chance there mail...we could have an admin to say ok before it´s done...

Edited by PCkaos on 28-03-2007 18:50, 17 y

0 replies

Quote

PCkaos wrote:
If nomal users would like to chance their mail...we could have an admin to say ok before it´s done...

This would be a pain, but if this is what would stop it then ok with me.
Its actually the same issue about having an admin activating a new member.
I see no problem in having a yes/no in the settings for admin acknowldge of email changes, just like we have it with admin member activation.
After all, people changing their email addresses probably happen more rarely than new members signing up.

Edited by Yxos on 28-03-2007 19:10, 17 y

0 replies

On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

Code Download source

if ($settings['enable_registration']) {

Add below it:

Code Download source

// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##

0 replies

Just a little sidecomment when we are all having so much fun *doh* with all the spam comments:

- Now I also get lots of spamemails from the contact.php site. I used the modified contact.php file with the picture code confimation on and it must have worked, because after I upgraded to latest version (6.01.9) the contact.php was replaced and the spam come running in again.

I'm not sure if the contact.php with picture code confirmation is updated. Anybody know? I would like to put it back on. I will have a look in the Mods site...

0 replies

hmm... it seems like "never ending story"

my site uses the latest version, v6.01.9
lucky not get attacked again
- it's only a portal for primary school children (aged 7-12)
- most of members registered are teachers & parents
- being attacked by this spammers, make me feel very disgusted
really hope this matter will be resolved soon

just one question:
does it possible to add another password code for registration
(an extra code, like validation code)
and this code can be changed manually
- thinking to write down the passcode on the banner promoting the school website

thank you

regards,
bart

FYI, the website will be lauched officially this 31st March 2007

0 replies

Quote

HangJebat wrote:
hmm... it seems like "never ending story"

- being attacked by this spammers, make me feel very disgusted
really hope this matter will be resolved soon

You can set the registration is complete after the admin confirmation... It is not so comfortable, but, I hope, it is functional

0 replies

Quote

WEC wrote:
On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

Code Download source

if ($settings['enable_registration']) {

Add below it:

Code Download source

// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##

So far this type of protection has stopped the registration bots for a test i'm running on a phpBB forum that used to get a lot of spam registrations.

0 replies

seems to be ok for now - at least on my site. something around 2 spambots register a weel ago and its ok now (deleted them)

0 replies

Our site too has also been hit with some porn spams. They were originally using .info to spam comments in the news articles which were quickly deleted and stopped by adding admin verification. We have since received some e-mails with links using hotmail.com addresses, i don't know if this is a bot or a legitimate member's idea of a joke since we made them aware.

Some info and useful links i used

member; peter951
e-mail: u95.4.280.peter@vstakf.info
IP: 69.61.55.52

member: david7462
e-mail: u74.17.640.david@hentai-porn-video.info
IP: 69.61.55.62

ines@hotmail.com
bill@hotmail.com

http://www.ip2location.com is useful for tracking down IP locations
http://www.afilias.info for tracking the account holder details of .info addresses.
http://www.scamfraudalert.com a discussion forum that has a thread that has been tracking these spammers for quite a while now.

Hope you find them useful in some way.

Is there some way of reporting these people once their identity has been tracked as we believe we have the exact address of the above culprit who is US based?

0 replies

Hey WEC, I am trying your realm authentication and it looks good, however I have 1 small problem. The password comes up as opensesame-0

see attached

:)

Edited by christo78 on 16-04-2007 13:23, 17 y

0 replies

Looks strange. Which OS and browser are you using?

Do you test it on a local server?

When i test the code on IE7 and FF 2.0.0.3 i get the results below.

0 replies

Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in

0 replies

Falk

answered 17 Apr 2007 at 02:51 PM

Super Admin

Another solution is to stop comments with url bbcode, open comments_include and look for:

Code Download source

if ($comment_name != "" && $comment_message != "") {

Replace with:

Code Download source

if ($comment_name != "" && $comment_message != "" && !preg_match("#\[url\](.*?)\[/url\]#si", $message)) {

0 replies

Quote

christo78 wrote:
Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in

The tests i have made are on Apache servers. I think your problem is caused by you IIS configuration.

This is a quote from php.net that might help you:

Quote

Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.

Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

IIS Note:: For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).

Quote from this url: http://www.php.net/manual/en/features...p-auth.php

0 replies

Well, another hit. I came up with one solution, I don't know is it helpfull.

I managed to change in edit_profile.php that members cannot change theirs emaill address until they have 50 forums posts. Before that I get few of them registered and they spamed news and article comments with few comments. One time I sow one when he was online. I was banned him and delete him. After that I made changes in edit_profile.php and found one just register but without comments. Maybe it is good idea to leave theirs usernames, but change everything for them, like pass and mail? This is code. I don't know is it compatible with other versions becouase my files are moded a lot.

Anywhere in edit_profile.php found form for edit e-mail address and change end of the row (tr) before that form, e-mail form and just start of the tr code after email form in something like that. So after all only admin will be able to edit members emails all the time. Members must have 50 (less or more) forum posts to have ability to edit theirs email. Why should anywhere they change mails before that?

Code Download source

 </tr>";



if ($userdata['user_posts'] <= 50) {

echo "<tr>
<td class='tbl'>".$locale['u005']."</td>
<td class='tbl'><input type='hidden' name='user_email' value='".$userdata['user_email']."'>".$userdata['user_email']."</td>
</tr>";


} else { 

echo "<tr>
<td class='tbl'>".$locale['u005']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='user_email' value='".$userdata['user_email']."' maxlength='100' class='textbox' style='width:200px;'></td>
</tr>";


}

echo "<tr>

You must made backup of the edit_profil.php. Than test this code.

Anywhere this is good mod, BUT STILL WE NEED EMAIL CONFIRMATION MOD IF MEMBERS WANT TO EDIT MAIL ADDRESS.

Before some time I was opened that thread even I didn't know anything about that spams, becouse this is security issue, and now it was proven it is security issue.

Edited by Jock on 18-04-2007 00:47, 17 y

0 replies

Category Forum

Official Core Support - 6

Labels

None yet

Statistics

Views 0 views
Posts 169 posts
Votes 0 votes
Topic users 55 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Spam problem

169 posts

PHPFusion

Resources

Community

Development