what question have you been using?bluematttkz wrote:We normally get 5 per week
yesterday and today we have had 80 new spambots sign up
time to change the Q&A
DoneMick wrote:Would you mind PM'ing me the email addresses of the ones that posted please?
I might have gone with this initially. However, over the last week the spam registrations have continued to increase and are spread pretty evenly throughout the day at all hours. The names also are completely random letters again (at least the human spammers of the past at least tried to make a reasonable name).Mick wrote:I'm of the opinion it's a coincidence as well along with an increase in human spammers.
My story would be: I don't trust my ISP to not read plaintext e-mails from/to me - not to mention any government raid (for whichever true or false reason) which will automatically also get all your e-mails. Other stories would be: the ISP changes more often than an e-mail-address should. Or just the freedom to be AAAP (as anonymous as possible).Orange Air wrote:we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story
Code: Select all
function check_answer()
{
global $db;
$answer = ($this->question_strict) ? utf8_normalize_nfc(request_var('qa_answer', '', true)) : utf8_clean_string(utf8_normalize_nfc(request_var('qa_answer', '', true)));
Code: Select all
/*** 2012-05-22 BEGIN AmigoJack
Log all Q&A validations ***/
define( 'QA_DEBUG_FILE', $_SERVER['DOCUMENT_ROOT']. '/store/qa_debug.log' );
global $user;
$sText= "\n"
. "\nTime:\t". date( 'Y-m-d H:i:s O' )
. "\nAddress:\t". ( isset( $_SERVER['REMOTE_ADDR'] )? $_SERVER['REMOTE_ADDR']: '' )
. "\nUser agent:\t". ( isset( $_SERVER['HTTP_USER_AGENT'] )? $_SERVER['HTTP_USER_AGENT']: '' )
. "\nHost:\t". ( isset( $_SERVER['REMOTE_HOST'] )? $_SERVER['REMOTE_HOST']: '' )
. "\nReferer:\t". ( isset( $_SERVER['HTTP_REFERER'] )? $_SERVER['HTTP_REFERER']: '' )
. "\nUser:\t#". $user-> data['user_id']. ' = '. $user-> data['username']
. "\nAnswer:\t". $answer
;
/*** 2012-05-22 END ***/
Code: Select all
$sql = 'SELECT answer_text
FROM ' . CAPTCHA_ANSWERS_TABLE . '
WHERE question_id = ' . (int) $this->question;
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$solution = ($this->question_strict) ? $row['answer_text'] : utf8_clean_string($row['answer_text']);
if ($solution === $answer)
{
$this->solved = true;
break;
}
}
$db->sql_freeresult($result);
Code: Select all
/*** 2012-05-22 BEGIN AmigoJack
Log all Q&A validations ***/
$hLog= fopen( QA_DEBUG_FILE, 'ab' );
fwrite( $hLog, $sText
. "\nSolved:\t". ( $this-> solved? 'yes', 'no' )
);
fclose( $hLog );
/*** 2012-05-22 END ***/
That's fine until you move ISPs. You might not be able to take a long standing address with you. There's nothing at all wrong with allowing gmail, hotmail etc.Orange Air wrote:2] Ban all" *@yahoo.*", "*@gmail.*" and "*@hotmail.*" email addresses. (I know some of you won't do this. But the truth is we ALL have "real" email addresses provided by our ISP's. The fact that some choose to hide behind another address tells its own story)
This is largely pointless.Orange Air wrote:3] Ban the IP address "188.*.*.*" The entry(s) in "WhoIs" are false. I am 95% certain this is a major spamming/porn operation. (100% certain if it comes from "188.24.*.*" through "188.27.*.*" and "188.143.*.*") Just this one change alone reduced my SPAM from a flood to a trickle![]()
Shouldn't that read /store/qa_debug.log, according to the code in the 'After, add;' block?AmigoJack wrote:
- Create a file /store/qa_debug.txt and set their permissions to 777 or likewise (the .htaccess in that directory should already prevent outsiders from reading that file).
Yes, thanks.fade2gray wrote:Shouldn't that read /store/qa_debug.logAmigoJack wrote:/store/qa_debug.txt