Spam problem: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

I've recently had literally thousands of spam messages posted as comments on my site. They have to have been generated by bots, no human could have posted so many messages.

The problem seems to be that the image validation code can be read by bots, is there any way to make it more challenging for them?

I've tried using email validation in the past, but that causes more problems than it solves. Many people who tried to register said they didn't receive the confirmation mail, and I suspect it's often ended up in people's spam bins without them noticing.

0 replies

whew... at last I had finished read this thread until end.
thanks guys, keep it up.

_____________________________________________
There Is A Not Solution Without Problems

0 replies

I know this thread is sort of old, but I need to let people know what I've experienced.

I was getting spammed like everyone else until I downloaded the Security System infusion.

Ever since then I have no problems whatsoever...

I suggest you all give it try.

Edited by bikerbones on 22-08-2007 00:00, 17 y

0 replies

— 1 month earlier —

There is a disclaimer mod over at venue, just download that and install it. Users have to accept the disclaimer to register, I am hoping it will work.

http://www.venue.nu/frontpage.php

0 replies

i didn't try it because i'm using amra's colorfull one..
but scorp have had another possible solution,
he'd posted it here:
http://www.php-fusion.it/forum/viewth...#post_6326
and i've posted it here..
http://www.php-fusion.co.uk/forum/vie...post_97024

0 replies

Quote

MutantCheese wrote:
What is that validation image? two "S"s?

Something like that... I made it in 'M$Paint' with a 'curve'

...still working :D

anyone else tried it?

(Attaching it again since it's a new page) hope its ok

Edited by Kajak on 02-07-2007 15:41, 17 y

0 replies

What is that validation image? two "S"s?

0 replies

I went for the easiest solution...

For almost a week now, i havnt had any spams (usually have a few/day)

My solution is simply to edit the image "validate_bg.jpg"

I'm attaching my 'edit' here for anyone to use

------------------------------------
Don't thank me, send money ;)

Edited by Kajak on 01-07-2007 21:46, 17 y

0 replies

just got attacked from this ip
200.50.66.98

maybe
i've to activate again the web authentification
- antispammer & opensesame as password

0 replies

— 1 month earlier —

Just a further note:
After getting yet another variation of the .info mail addy trying to register on my site I decided to do a reverse dns which pointed to "client-151-204-179-29.hamilton.k12.nj.us". A quick Whois revealed the registrant authority is : "neustar.us" and their support e-mail was of course listed.

So I mailed them and they replied with the details of the machine on that ip. It's a School in New Jersey !!!

Quote

As with all K12.NJ.US delegates (per RFC 1480), this is a school district or school in New Jersey.

According to the New Jersey Department of Education, the proper contacts for this school are:

Hamilton Township
90 Park Avenue
Hamilton Square, NJ 08690

Mr. Neil Bencivengo, Superintendent 609-631-2102
Mrs. Carol Chiacchio, Board Secretary/Business Administrator 609-631-4100

Please contact them for further assistance.

The server is "infected" perhaps if we find out what it's infected with we might get a clue how it works ?

0 replies

Also for security reason isn't good thing to put users agreement text and button before they see registration form? On my test site I have that also. Don't have a spam but also that site is mostly in maintance, just sometimes I open her. But in the statistic I saw that IP numbers with 6...... visited that site.

0 replies

Well, another hit. I came up with one solution, I don't know is it helpfull.

I managed to change in edit_profile.php that members cannot change theirs emaill address until they have 50 forums posts. Before that I get few of them registered and they spamed news and article comments with few comments. One time I sow one when he was online. I was banned him and delete him. After that I made changes in edit_profile.php and found one just register but without comments. Maybe it is good idea to leave theirs usernames, but change everything for them, like pass and mail? This is code. I don't know is it compatible with other versions becouase my files are moded a lot.

Anywhere in edit_profile.php found form for edit e-mail address and change end of the row (tr) before that form, e-mail form and just start of the tr code after email form in something like that. So after all only admin will be able to edit members emails all the time. Members must have 50 (less or more) forum posts to have ability to edit theirs email. Why should anywhere they change mails before that?

Code Download source

 </tr>";



if ($userdata['user_posts'] <= 50) {

echo "<tr>
<td class='tbl'>".$locale['u005']."</td>
<td class='tbl'><input type='hidden' name='user_email' value='".$userdata['user_email']."'>".$userdata['user_email']."</td>
</tr>";


} else { 

echo "<tr>
<td class='tbl'>".$locale['u005']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='user_email' value='".$userdata['user_email']."' maxlength='100' class='textbox' style='width:200px;'></td>
</tr>";


}

echo "<tr>

You must made backup of the edit_profil.php. Than test this code.

Anywhere this is good mod, BUT STILL WE NEED EMAIL CONFIRMATION MOD IF MEMBERS WANT TO EDIT MAIL ADDRESS.

Before some time I was opened that thread even I didn't know anything about that spams, becouse this is security issue, and now it was proven it is security issue.

Edited by Jock on 18-04-2007 00:47, 17 y

0 replies

Quote

christo78 wrote:
Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in

The tests i have made are on Apache servers. I think your problem is caused by you IIS configuration.

This is a quote from php.net that might help you:

Quote

Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.

Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

IIS Note:: For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).

Quote from this url: http://www.php.net/manual/en/features...p-auth.php

0 replies

Falk

answered 17 Apr 2007 at 02:51 PM

Super Admin

Another solution is to stop comments with url bbcode, open comments_include and look for:

Code Download source

if ($comment_name != "" && $comment_message != "") {

Replace with:

Code Download source

if ($comment_name != "" && $comment_message != "" && !preg_match("#\[url\](.*?)\[/url\]#si", $message)) {

0 replies

Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in

0 replies

Looks strange. Which OS and browser are you using?

Do you test it on a local server?

When i test the code on IE7 and FF 2.0.0.3 i get the results below.

0 replies

Hey WEC, I am trying your realm authentication and it looks good, however I have 1 small problem. The password comes up as opensesame-0

see attached

:)

Edited by christo78 on 16-04-2007 13:23, 17 y

0 replies

Our site too has also been hit with some porn spams. They were originally using .info to spam comments in the news articles which were quickly deleted and stopped by adding admin verification. We have since received some e-mails with links using hotmail.com addresses, i don't know if this is a bot or a legitimate member's idea of a joke since we made them aware.

Some info and useful links i used

member; peter951
e-mail: u95.4.280.peter@vstakf.info
IP: 69.61.55.52

member: david7462
e-mail: u74.17.640.david@hentai-porn-video.info
IP: 69.61.55.62

ines@hotmail.com
bill@hotmail.com

http://www.ip2location.com is useful for tracking down IP locations
http://www.afilias.info for tracking the account holder details of .info addresses.
http://www.scamfraudalert.com a discussion forum that has a thread that has been tracking these spammers for quite a while now.

Hope you find them useful in some way.

Is there some way of reporting these people once their identity has been tracked as we believe we have the exact address of the above culprit who is US based?

0 replies

seems to be ok for now - at least on my site. something around 2 spambots register a weel ago and its ok now (deleted them)

0 replies

Quote

WEC wrote:
On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

Code Download source

if ($settings['enable_registration']) {

Add below it:

Code Download source

// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##

So far this type of protection has stopped the registration bots for a test i'm running on a phpBB forum that used to get a lot of spam registrations.

0 replies

Quote

HangJebat wrote:
hmm... it seems like "never ending story"

- being attacked by this spammers, make me feel very disgusted
really hope this matter will be resolved soon

You can set the registration is complete after the admin confirmation... It is not so comfortable, but, I hope, it is functional

0 replies

Category Forum

Official Core Support - 6

Labels

None yet

Statistics

Views 0 views
Posts 169 posts
Votes 0 votes
Topic users 55 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Spam problem

169 posts

PHPFusion

Resources

Community

Development