[2.0.13] disable spambots

The cleanup is complete. This forum is now read only.

Rating:

Excellent!
17
47%
Very Good
3
8%
Good
8
22%
Fair
2
6%
Poor
6
17%
 
Total votes: 36

Geeque
Registered User
Posts: 2
Joined: Thu Dec 21, 2006 4:57 am

Post by Geeque » Thu Dec 21, 2006 5:08 am

Porutchik wrote:
okeezes wrote:
antd2000 wrote:Bots continue to _register_ in forum and appear in userlist :(
(a not like visual confirmation and not setup it)

How a can install this mod (or use this principe/ideology - "hidden fields in forms") for _disable_to_register_ for bots ?

Thanks

I would also like to know

Hi! Sorry for offtop.
Try to install this mine mod. Block spambots in registration
This mod is based on the disable-spambots mod.

I installed your mod Porutchik but I'm gettin an error below when users click Register's button.

Parse error: syntax error, unexpected T_ELSE in /home/bongorad/public_html/discussion/includes/usercp_register.php on line 384

Your help is appreciated.

User avatar
GoleyC
Registered User
Posts: 374
Joined: Thu Mar 14, 2002 5:22 pm
Location: Ohio
Contact:

Post by GoleyC » Thu Dec 21, 2006 2:10 pm

The mod by Proutchik doesn't seem to work properly so I'm posting a fix here: (Fix provided by Snailsource)

Replace this code modification:

Code: Select all

#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_register.php

#
#-----[ FIND ]------------------------------------------
#
	$passwd_sql = '';
	if ( !empty($new_password) && !empty($password_confirm) )

#
#-----[ BEFORE, ADD ]------------------------------------------
#
	if ($board_config['enable_block_spambots'] && $userdata['user_level'] != ADMIN && ($mode == 'register' || $mode == 'editprofile'))
	{
		$secretkey = $board_config['board_startdate'];
		
		// IMPORTANT!!!:
		// For added security, you should change the "nana" and "foofoo" 
		// so that spambots can't simply spoof the form values as well.
		$authkey = md5("nana" . $secretkey . "foofoo"); 
		$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
		$timekey = md5("time" . $secretkey); 
		$timeval = time(); 
		
		# If this is a registration which doesn't give with the above, turn it into a error.
		if ((!isset($HTTP_POST_VARS[$authkey]) || $HTTP_POST_VARS[$authkey] != $authval || !isset($HTTP_POST_VARS[$timekey]) || $HTTP_POST_VARS[$timekey] > time() - 5)) 
		{ 
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
		}
	}
... with this code modification

Code: Select all

#
#-----[ OPEN ]------------------------------------------
#
includes/usercp_register.php

#
#-----[ FIND ]------------------------------------------
#

//
// Did the user submit? In this case build a query to update the users profile in the DB
//
if ( isset($HTTP_POST_VARS['submit']) )

#
#-----[ BEFORE, ADD ]------------------------------------------
#
if ($board_config['enable_block_spambots'] && $userdata['user_level'] != ADMIN && ($mode == 'register' || $mode == 'editprofile'))
{
	$secretkey = $board_config['board_startdate'];
		
	// IMPORTANT!!!:
	// For added security, you should change the "nana" and "foofoo" 
	// so that spambots can't simply spoof the form values as well.
	$authkey = md5("nana" . $secretkey . "foofoo"); 
	$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
	$timekey = md5("time" . $secretkey); 
	$timeval = time(); 
}



#
#-----[ FIND ]------------------------------------------
#
	$passwd_sql = '';
	if ( !empty($new_password) && !empty($password_confirm) )

#
#-----[ BEFORE, ADD ]------------------------------------------
#
	if ($board_config['enable_block_spambots'] && $userdata['user_level'] != ADMIN && ($mode == 'register' || $mode == 'editprofile'))
	{
		# If this is a registration which doesn't give with the above, turn it into a error.
		if ((!isset($HTTP_POST_VARS[$authkey]) || $HTTP_POST_VARS[$authkey] != $authval || !isset($HTTP_POST_VARS[$timekey]) || $HTTP_POST_VARS[$timekey] > time() - 5)) 
		{ 
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Confirm_code_wrong'];
		}
	}


CG

Geeque
Registered User
Posts: 2
Joined: Thu Dec 21, 2006 4:57 am

Post by Geeque » Thu Dec 21, 2006 5:23 pm


WebSnail
Registered User
Posts: 524
Joined: Sun Nov 11, 2001 2:20 pm
Location: South Yorkshire, UK
Contact:

Post by WebSnail » Thu Dec 21, 2006 10:31 pm

the problem is between lines 346 and 364... with the main line being 353 where you have this:

Code: Select all

	}	{
You appear to have overwritten, or just deleted some key code.


My advice.. get your original file back and then re-edit being a whole lot more careful and paranoid.

mikesukat
Registered User
Posts: 1
Joined: Mon Dec 25, 2006 10:00 pm

Scorched Earth DL

Post by mikesukat » Mon Dec 25, 2006 10:05 pm

Hello, If you want to download this cool game, I´ve solution for ya!
Scorched Earth download

subcultist
Registered User
Posts: 3
Joined: Tue Dec 26, 2006 2:41 am

Post by subcultist » Tue Dec 26, 2006 2:58 am

I whipped up some code to use this MOD in conjunction with the Simple Quick Reply MOD. Without adding this code, the Simple Quick Reply will always show a preview.

Code: Select all

##############################################################
## MOD Title: Use disable-spambots and Simple Quick Reply MOD together
## MOD Author: subcultist
## MOD Description: Fixes problem where Simple Quick Reply results in a Preview when disable-spambots is installed
## MOD Version: 1.0.0
##
## Installation Level: Easy
## Installation Time: 5 minutes
## Files To Edit: viewtopic.php
##                templates/subSilver/viewtopic_body.tpl
## Included Files: n/a
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered
## in our MOD-Database, located at: http://www.phpbb.com/mods/
##############################################################
## Author Notes:
##
## This MOD has been tested on phpBB 2.0.21.
## This MOD is based on code by magenta & Merri (Vesa Piittinen): modified simple quick reply to make it work with disable-spambots
##
##############################################################
##
## MOD History:
##
##    2006-12-25 - Version 1.0.0
##       - Initial release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################


#
#-----[ OPEN ]------------------------------------------
#
viewtopic.php

#
#-----[ FIND ]------------------------------------------
#
	$template->assign_vars(array(
		'L_EMPTY_MSG' => $lang['Empty_message'],

#
#-----[ BEFORE, ADD ]------------------------------------
#
# Be sure to change nana and foofoo to the unique values you used when installing disable-spambots
#
	$secretkey = 't' . $topic_id;

	// Generate a signature to validate this page
	$authkey = md5("nana" . $secretkey . "foofoo");
	$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);
	$timekey = md5("time" . $secretkey);
	$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
	$timeval = time() ^ $timepad;

#
#-----[ FIND ]------------------------------------------
#
		'S_TOPIC_ID' => $topic_id)

#
#-----[ REPLACE WITH ]------------------------------------------
#
		'S_TOPIC_ID' => $topic_id,
		'S_AUTHKEY' => $authkey,
		'S_AUTHVAL' => $authval,
		'S_TIMEKEY' => $timekey,
		'S_TIMEVAL' => $timeval)

#-----[ OPEN ]------------------------------------------
#
viewtopic_body.tpl

#
#-----[ FIND ]------------------------------------------
#
					<input type="hidden" name="notify" value="{S_NOTIFY}" /><br />

#
#-----[ AFTER, ADD ]------------------------------------
#
					<input type="hidden" name="{S_AUTHKEY}" value="{S_AUTHVAL}">
					<input type="hidden" name="{S_TIMEKEY}" value="{S_TIMEVAL}">

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

www.cougar.it
Registered User
Posts: 1
Joined: Thu Dec 28, 2006 4:32 pm
Location: Italy
Contact:

Post by www.cougar.it » Thu Dec 28, 2006 4:53 pm

PAY ATTENTION!!!
In modify the includes/usercp_register.php

I have 20 to 30 Bots registering attempts per day, so I've modified my usercp_register to send me an e-mail with user info details, in first when there is a registration with a "strange" site and e-mail, and in a second time all who specify the whole site field, and in last EVERYONE!

I find a lot of registrations WITHOUT the email sent to me, that means that some registretion-abuse Bots BYPASS the usercp_register.php .

PLEASE, HELP! I hope that phpbb had a VALID method to DENY this kind of accesses (that I think can be follow in a dangerous security hole...).

I paste here the code that I've inserted from line 452:

Code: Select all

	if ( $website != '' )
	{
		rawurlencode($website);
		//GLC 20060623
		//if ($mode == 'register' || $mode == 'editprofile') {
		if ($mode == 'register') {
			if (
				(strpos($website,"cialis") 	!== false)||	(strpos($website,"sex") 	!== false)||
				(strpos($website,"girl") 	!== false)||	(strpos($website,"anal") 	!== false)||
				(strpos($website,"hard") 	!== false)||	(strpos($website,"xxx") 	!== false)||
				(strpos($website,"hot") 	!== false)||	(strpos($website,"chin") 	!== false)||
				(strpos($website,"core") 	!== false)||	(strpos($website,"fuck") 	!== false)||
.......
				(strpos($website,"acti") 	!== false)||	(strpos($website,"suck") 	!== false)
			) { 
				mail("maranzana@cougar.it","WWW.COUGAR.IT - Porno Hacking Attempt Blocked!",$website."\nINFO Da: http://www.nwtools.com/default.asp?prog=network&host=".decode_ip($user_ip)."\nFrom User: ".$username."\nDomain: ".GetHostByAddr(decode_ip($user_ip))."\nSession: ".$user_ip."\nGetDecoded: ".decode_ip($userdata['session_ip'])."\n - Connection on: ".decode_ip($user_ip)."\n - subscribed email: ".$email ); 
				//die ("Porno Hacking Attempt Blocked!"); }
				$error = TRUE;
				$error_msg .= "<br />Porno Hacking Attempt Blocked! Personal Website NOT ALLOWED, AND IP TRACKED AT " + decode_ip($user_ip);
				$website = "";
			  } else {
				//mail("maranzana@cougar.it","WWW.COUGAR.IT - Registration w/ Personal Site Information!",$website."\nDa:".$REMOTE_ADDR."\nFrom User:".$username."\nDomain:".GetHostByName($REMOTE_ADDR)."\nSession: ".$user_ip."\nGetDecoded: ".decode_ip($userdata['session_ip'])." - ".decode_ip($user_ip) ); 
				mail("maranzana@cougar.it","WWW.COUGAR.IT - Registration w/ Personal Site Information!",$website."\nINFO Da: http://www.nwtools.com/default.asp?prog=network&host=".decode_ip($user_ip)."\nFrom User: ".$username."\nDomain: ".GetHostByAddr(decode_ip($user_ip))."\nSession: ".$user_ip."\nGetDecoded: ".decode_ip($userdata['session_ip'])."\n - Connection on: ".decode_ip($user_ip)."\n - subscribed email: ".$email ); 
				$website = "";
			  }		
		} //GLC 20060623 Fine
	  if ($mode == 'editprofile') {
				mail("maranzana@cougar.it","WWW.COUGAR.IT - MODIFY Personal Site",$website."\nDa:".$user_id."\nFrom User:".$username."\nDomain:".$current_email."\nSession: ".$user_ip."\nGetDecoded: ".decode_ip($userdata['session_ip'])." - ".decode_ip($user_ip) ); 
	  } //GLC 20060623 Fine
	}


WebSnail
Registered User
Posts: 524
Joined: Sun Nov 11, 2001 2:20 pm
Location: South Yorkshire, UK
Contact:

Post by WebSnail » Fri Dec 29, 2006 3:03 pm

Well for one thing you don't want to be posting your url and email in any post because, guess what... the spammers will now be happily sending you tons of cr*p.

As for your request it's a whole other mod and there are plenty of others out there that don't use your hard coded approach...

Seriously edit out your post and go on a hunt for the "anti spam" mod.

PTRACER
Registered User
Posts: 166
Joined: Sun Dec 07, 2003 2:54 am

Post by PTRACER » Sun Dec 31, 2006 10:22 am

I don't know anything about spambots or anything, but I'm assuming they automatically fill out profile fields and then submit the information into the database.

Therefore, if you add an extra field to the Profile, such as a text box or even just a simple Checkbox that you need to fill before signing up, won't that stop them from joining?

O0Pat0O
Registered User
Posts: 32
Joined: Sun Mar 05, 2006 8:09 pm

Post by O0Pat0O » Thu Jan 18, 2007 1:03 am

They would simply reprogram the bot to look for that check box if its avalable and mark it. It may be good for a while though untill they figure it out. :D
~thanks! -patricia~

**Homy
Registered User
Posts: 12
Joined: Thu Oct 14, 2004 12:30 pm

Post by **Homy » Wed Jan 24, 2007 7:16 pm

Well, I recently was asked to improve the forum of a auto mag and my first worry is spam bots.

My strategy in dealing with them is as good as it gets, considering the software I have to work with, phpBB.

1. Enabled captcha
2. Enabled e-mail verification
3. Installing a mod for quick review and delete suspicious users
4. This mod to prevent posting (the original code in first post)
5. well, I don't know. Yet.

I read some tips on robot.txt and other stuff here that will be tested.

Thanks for Your efforts, guys.

User avatar
HaL[1338]
Registered User
Posts: 10
Joined: Sun May 08, 2005 10:04 pm
Location: Forum admin @ nokaut.com ~ Mixed Martial Arts
Contact:

Post by HaL[1338] » Mon Jan 29, 2007 2:01 am

What do I need to change so edit post is not affected with this script?
"Hey, Dave," said Hal. "What are you doing?"
w3.r.b0rg

O0Pat0O
Registered User
Posts: 32
Joined: Sun Mar 05, 2006 8:09 pm

Post by O0Pat0O » Fri Feb 02, 2007 5:06 pm

subcultist wrote: I whipped up some code to use this MOD in conjunction with the Simple Quick Reply MOD. Without adding this code, the Simple Quick Reply will always show a preview.

Code: Select all

##############################################################
## MOD Title: Use disable-spambots and Simple Quick Reply MOD together
## MOD Author: subcultist
## MOD Description: Fixes problem where Simple Quick Reply results in a Preview when disable-spambots is installed
## MOD Version: 1.0.0
##
## Installation Level: Easy
## Installation Time: 5 minutes
## Files To Edit: viewtopic.php
##                templates/subSilver/viewtopic_body.tpl
## Included Files: n/a
##############################################################
## For Security Purposes, Please Check: http://www.phpbb.com/mods/ for the
## latest version of this MOD. Downloading this MOD from other sites could cause malicious code
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered
## in our MOD-Database, located at: http://www.phpbb.com/mods/
##############################################################
## Author Notes:
##
## This MOD has been tested on phpBB 2.0.21.
## This MOD is based on code by magenta & Merri (Vesa Piittinen): modified simple quick reply to make it work with disable-spambots
##
##############################################################
##
## MOD History:
##
##    2006-12-25 - Version 1.0.0
##       - Initial release
##
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################


#
#-----[ OPEN ]------------------------------------------
#
viewtopic.php

#
#-----[ FIND ]------------------------------------------
#
	$template->assign_vars(array(
		'L_EMPTY_MSG' => $lang['Empty_message'],

#
#-----[ BEFORE, ADD ]------------------------------------
#
# Be sure to change nana and foofoo to the unique values you used when installing disable-spambots
#
	$secretkey = 't' . $topic_id;

	// Generate a signature to validate this page
	$authkey = md5("nana" . $secretkey . "foofoo");
	$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);
	$timekey = md5("time" . $secretkey);
	$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
	$timeval = time() ^ $timepad;

#
#-----[ FIND ]------------------------------------------
#
		'S_TOPIC_ID' => $topic_id)

#
#-----[ REPLACE WITH ]------------------------------------------
#
		'S_TOPIC_ID' => $topic_id,
		'S_AUTHKEY' => $authkey,
		'S_AUTHVAL' => $authval,
		'S_TIMEKEY' => $timekey,
		'S_TIMEVAL' => $timeval)

#-----[ OPEN ]------------------------------------------
#
viewtopic_body.tpl

#
#-----[ FIND ]------------------------------------------
#
					<input type="hidden" name="notify" value="{S_NOTIFY}" /><br />

#
#-----[ AFTER, ADD ]------------------------------------
#
					<input type="hidden" name="{S_AUTHKEY}" value="{S_AUTHVAL}">
					<input type="hidden" name="{S_TIMEKEY}" value="{S_TIMEVAL}">

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM



I can't find:

Code: Select all

	$template->assign_vars(array(
		'L_EMPTY_MSG' => $lang['Empty_message'],
Is this a version mismatch??

None of the search terms are in a vanilla install of 2.0.21

Is there a logical explanation of this?
~thanks! -patricia~

pcs800
Registered User
Posts: 54
Joined: Tue Jan 17, 2006 9:27 pm

error

Post by pcs800 » Tue Feb 06, 2007 2:26 am

Since I have put in this mod, I get an error when I try to delete a post.
the error is:
Parse error: parse error, unexpected $end in path\posting.php on line 1135

In the file posting.php, there is no line 1135, only 1134 lines.

help?

User avatar
JLA
Registered User
Posts: 458
Joined: Tue Nov 16, 2004 5:23 pm
Location: USA
Name: JLA FORUMS
Contact:

Post by JLA » Wed Feb 07, 2007 3:07 am

How does this affect when someone only votes in a poll?

Is that affected in any way?

Post Reply

Return to “[2.0.x] MOD Database Cleanup”

Who is online

Users browsing this forum: No registered users and 7 guests