[2.0.13] disable spambots

The cleanup is complete. This forum is now read only.

Rating:

Excellent!
17
47%
Very Good
3
8%
Good
8
22%
Fair
2
6%
Poor
6
17%
 
Total votes: 36

Phineus1
Registered User
Posts: 64
Joined: Sat Nov 08, 2003 11:55 pm

Post by Phineus1 »

Is this compatible with v2.0.11 ?
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Yeah, works great.
dilvie
Registered User
Posts: 4
Joined: Thu Mar 04, 2004 7:58 pm
Contact:

Post by dilvie »

Does this do anything to prevent automated registrations? I already set permissions to disallow guest posting.

- Eric
Phineus1
Registered User
Posts: 64
Joined: Sat Nov 08, 2003 11:55 pm

Post by Phineus1 »

I should probably have come back here and let you know how things went. I installed it and it works fine. However, if I click 'quote' message, then copy and paste that text into a text editor (because I like typing that way) and then when I copy and paste it back into the textbox several minutes later, I often see the preview screen rather than the post, even tho plenty of time has elapsed. I'm not complaining. Just letting you know.




dilvie, I'm not sure but this one might do what you want

http://www.phpbb.com/phpBB/viewtopic.php?t=213812
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Hm, the only thing I can think of is that maybe during the long delay between hitting "reply" and "post," your IP address changed.

ISPs which use rotating proxy servers (like AOL) might be problematic, as well.

dilvie: 2.0.11 comes with a vaguely-useful registration CAPTCHA which you can enable from the forum config.
`checho`
Registered User
Posts: 63
Joined: Fri Nov 12, 2004 7:08 pm
Contact:

Post by `checho` »

Phineus1 wrote: However, if I click 'quote' message, then copy and paste that text into a text editor (because I like typing that way) and then when I copy and paste it back into the textbox several minutes later, I often see the preview screen rather than the post, even tho plenty of time has elapsed.


I have exactly the same problem on 2.0.13. Sometimes when I click "Submit" I get the preview screen even though I have spent more than a minute on the message. It happened when I tried to quote an already published message.
And no IP address change has occured in my case. I am not using proxies either.
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Hm, okay, there might be a stupid bug or something. I'll look into it.
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Okay, it looks like in some circumstances, the hidden forum values don't actually get added to the form, which makes absolutely no sense because it gets inserted using the same code which adds other stuff which posting.php won't work without. If anyone else can figure out what might be causing that, please let me know!
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Hm, I just realized that there's a possibility that some browsers sometimes change their User-Agent on the fly for various reasons (like to try to spoof browser detection to prevent a site from breaking), and that might be what's going on here. The easiest fix is to just change the line:

Code: Select all

$authval = md5($_SERVER['HTTP_USER_AGENT'] . $secretkey . $_SERVER['REMOTE_ADDR']);
to:

Code: Select all

$authval = md5($secretkey . $_SERVER['REMOTE_ADDR']);
which should also help for some users who run specific user-agent cloaking things for some reason (privacy nuts can be a little, well, nuts).

If that fixes it for everyone then I'll just release a new version with that fix.
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Argh! I know *exactly* what's going on now. In quote mode, $topic_id isn't set when the secret key is determined. Whee! So this was always failing when a message was being quoted.
Phineus1
Registered User
Posts: 64
Joined: Sat Nov 08, 2003 11:55 pm

Post by Phineus1 »

I use netscape which should be pretty constant. However, I'll make the change and let you know in a couple days.
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Okay, I just submitted a fixed version which fixes the always-previews-on-quote problem and also adds a bit more security to the time value. Hopefully a mod admin can validate it soon. :)

The only change is to that BEFORE, ADD block, which now appears as:

Code: Select all

#
#-----[ BEFORE, ADD ]------------------------------------------ 
# 
switch ($mode) {
case 'newtopic':
        $secretkey = 'f' . $forum_id;
        break;

case 'quote':   // If we're quoting, we need to determine the topic ID
        $sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id='
                . $post_id;
        if (!($query = $db->sql_query($sql)))
                message_die(GENERAL_MESSAGE, 'Could not obtain quoted topic information', '', __LINE__, __FILE__, $sql);

        if (($row = $db->sql_fetchrow($query)))
                $topic_id = $row['topic_id'];
        else
                message_die(GENERAL_MESSAGE, 'No_such_post');
        // Fall through to 'reply' case

case 'reply':
        $secretkey = 't' . $topic_id;
        break;
case 'editpost':
        $secretkey = 'p' . $post_id;    
        break;                
}

$authkey = md5("nana" . $secretkey . "foofoo");
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
$timekey = md5("time" . $secretkey);
$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
$timeval = time() ^ $timepad;

# If this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
                || $HTTP_POST_VARS[$authkey] != $authval
                || !isset($HTTP_POST_VARS[$timekey])
                || ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
        $submit = false;
        $preview = true;
}
Phineus1
Registered User
Posts: 64
Joined: Sat Nov 08, 2003 11:55 pm

Post by Phineus1 »

So far so good. Thanks.
`checho`
Registered User
Posts: 63
Joined: Fri Nov 12, 2004 7:08 pm
Contact:

Post by `checho` »

No it's not so good. :cry: I still have that problem when I quote...
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Before

Code: Select all

$authkey = ...
add:

Code: Select all

if (! $secretkey ) message_die(GENERAL_MESSAGE, 'No secret key! get=' . getenv('QUERY_STRING');
and if an error comes up, just paste what it is here so I can debug it better.

Thanks.
Post Reply

Return to “[2.0.x] MOD Database Cleanup”