Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Spam problem

Looks like we need to change the verification image structure a bit, we'll look into it folks, no worries.
Had one on my site as well:

200.88.223.98

Banned IP, email address and deleted user account.

Although there are no spam comments or any other spam that I can find.



Thanks for the warnings! :@
Another: 60.244.124.101
Ok folks, if you'd like to try a new image validation routine, try this, open maincore.php, look for the validation code:

CodeDownload  
// Create Validation image if $vimage is set and die();
if (isset($vimage)) {
   $check_url = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']);
   if (eregi("register.php", $check_url) && preg_match("/^[0-9a-z]{32}$/", $vimage)) {
      $vres = dbquery("SELECT * FROM ".$db_prefix."vcode WHERE vcode_2='$vimage'");
      if (dbrows($vres)) {
         $vdata = dbarray($vres);
         $imf = rand(3,5); $imx = rand(15,40); $imy = rand(2,7);
         $im = ImageCreateFromJPEG("images/validate_bg.jpg");
         $tcolor = ImageColorAllocate($im, 40, 40, 40);
         Header("Content-type: image/jpeg");
         ImageString ($im, $imf, $imx, $imy, $vdata['vcode_1'], $tcolor);
         ImageJPEG($im, '', 80);
         ImageDestroy($im);
      }
   }
   die();
   break;
}


Replace the above with this code:

CodeDownload  
// Create Validation image if $vimage is set and die();
// colorful capcha image generator by amra (www.sumotoy.net)
$check_url = (isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']);
if (isset($vimage)) {
   if (eregi("register.php", $check_url) && preg_match("/^[0-9a-z]{32}$/", $vimage)) {
      function rgb_grayscale( $rgb ) {
         $color['r'] = 0.299 * $rgb['r'] + 0.587 * $rgb['g'] + 0.114 * $rgb['b'];
         $color['g'] = 0.299 * $rgb['r'] + 0.587 * $rgb['g'] + 0.114 * $rgb['b'];
         $color['b'] = 0.299 * $rgb['r'] + 0.587 * $rgb['g'] + 0.114 * $rgb['b'];
         return $color;
      }
      function rgb_complementary($rgb) {
         $color['r'] = 255 - $rgb['r'];
         $color['g'] = 255 - $rgb['g'];
         $color['b'] = 255 - $rgb['b'];
         return $color;
      }
      function rgb_rand($min=0,$max=255) {
         $color['r'] = rand($min,$max);
         $color['g'] = rand($min,$max);
         $color['b'] = rand($min,$max);
         return $color;
      }
      function rgb_create($r=0,$g=0,$b=0) {
         $color['r'] = $r;
         $color['g'] = $g;
         $color['b'] = $b;
         return $color;
      }
      function rgb_merge($lhs, $rhs ) {
         $color['r'] = ($lhs['r'] + $rhs['r']) >> 1;
         $color['g'] = ($lhs['g'] + $rhs['g']) >> 1;
         $color['b'] = ($lhs['b'] + $rhs['b']) >> 1;
         return $color;
      }
      $vres = dbquery("SELECT * FROM ".$db_prefix."vcode WHERE vcode_2='$vimage'");
      if (dbrows($vres)) {
         $vdata = dbarray($vres);
         //srand((double) microtime() * 1000000);
         $im = imagecreate(120,30);
         $strt = 0;
         $rgb = array();
         $rgb['background'] = rgb_rand(0,255);
         $rgb['foreground'] = rgb_grayscale(rgb_complementary($rgb['background']));
         if ( $rgb['foreground']['r'] > 127) {
            $strt = -127;
            $rgb['foreground'] = rgb_merge($rgb['foreground'],rgb_create(255,255,255));
            $rgb['shadow'] = rgb_merge(rgb_complementary($rgb['foreground']),rgb_create(0,0,0 ));
         } else {
            $strt = 0;
            $rgb['foreground'] = rgb_merge($rgb['foreground'],rgb_create(0,0,0));
            $rgb['shadow'] = rgb_merge(rgb_complementary($rgb['foreground']),rgb_create(255,255,255));
         }
         $color = array();
         foreach($rgb as $name => $value) {
            $color[$name] = imagecolorallocate($im,$value['r'],$value['g'],$value['b']);
         }
         imagefilledrectangle($im,0,0,120,30,$color['background']);
         for ($i = 0; $i < rand(5,9); $i++ ) {
            $x = rand(0,120);
            $y = rand(0,30);
            $f = rand(0,5);
            $c = rgb_grayscale(rgb_rand(127 - $strt,254 - $strt));
            $color[$i] = imagecolorallocate($im,$c['r'],$c['g'],$c['b']);
            imagestring($im,$f,$x,$y,$vdata['vcode_1'],$color[$i] );
         }
         $x = (120 - (ImageFontWidth(7) * strlen($vdata['vcode_1']))) >> 1;
         $y = (30 - ImageFontHeight(7)) >> 1;
         imagestring($im,7,$x + 1,$y + 1,$vdata['vcode_1'],$color['shadow'] );
         imagestring($im,7,$x,$y,$vdata['vcode_1'],$color['foreground'] );
         header('Content-type: image/png');
         imagepng($im);
         foreach($color as $name => $value) {
            imagecolordeallocate($im,$value);
         }
         ImageDestroy($im);
      }
   }
   die();
   break;
}


Please report back if this helps or not, thanks.
I've been having the same problem, I've just implemented Digi's new code, now time will tell!

Adnan.
Testing it...
Thanks Digi. ;)
I have been having the same problem. I have one email address & one IP address for you all.

This IP spammed my guestbook a couple dozen times.
195.239.159.60

This Email address attemtped to register.
u72.6.481.john@olmxverq.info

I've also just implemented Digi's new code. Hopefully, this works.

Thanks Digi!
Added new image verify.

Also added comment url limiter to comments_include.php. Noticed that the flood control code in showcomments() seems to be incorrectly using $db_prefix rather than the constant DB_PREFIX.

Robin
Would it be possible to insert a "drop down box" aswell into the registration page?

We run IPB forum and just inserted the following extra field:
"Are you human" with the choices of No and Yes with No first. So they litterally have to choose Yes to be able to register.

That has made alot of difference for us.

PS. I dont know anything about coding but there must be heeps of good coders on this page to come up with a simple code for this.

/Aure:|
I don't see why a dropdown would help, the script they are using is likely to just be posting the required fields directly. It's probably more that an extra field was required that their script didn't submit.

I've just added a confirm email field to hopefully prevent automated register form submission and prevent those annoying typos of legit registering users.

Quote

RobinG wrote:
Noticed that the flood control code in showcomments() seems to be incorrectly using $db_prefix rather than the constant DB_PREFIX.

Robin


I thought i fixed that, hmm maybe not, i'll check.

Quote

RobinG wrote:
I've just added a confirm email field to hopefully prevent automated register form submission and prevent those annoying typos of legit registering users.


They still spammed one of my sites that had email confirmation switched on, I don't know if it makes any difference.
They're only spamming comments, right? it points to a problem in flood control if so.
Yes, only comments.

Applied the new image validation routine to four sites now, on witch three were spammed. Crossing fingers, and thanks again Nick the Quick! :)

@tapaga: you've included the new validation routine, or what?

Quote

Digitanium wrote:
They're only spamming comments, right? it points to a problem in flood control if so.


Yes, my news and article comments have received literally thousands of spams in a day. I haven't had anything like these problems from bots on forums.

There have been occasional spammers on forums, but they've always been literally one or two messages a day.

Now you come to mention it, it does seem like there's a flood control problem on news and article comments that doesn't exist on the forums.


Quote

sveinungs wrote:
@tapaga: you've included the new validation routine, or what?


You mean the new picture validation routine? Not yet, I just meant that email validation on its own may not make any difference to these spammers as they seemed to have just as much effect on sites where email validation is switched on.
I also believe the "Blacklist IP" is not working properly in PHP....

I put in to block all the IP addresses of
69.154.
When I got up this morning, a new person , Peter7416 had joined with the IP address of 69.154.X.X
How can that be if the entire line of addresses were blocked?
He should not have been able to sign up or even get to the website.
Apparently the Blacklist IP is not working properly or I am doing something wrong.
I put in a dot after the 154. like the directions show.
Is this correct?

Quote

Joe Kriz wrote:
I also believe the "Blacklist IP" is not working properly in PHP....

I put in to block all the IP addresses of
69.154.


I think you're meant to write 69.154 not 69.154. (take away the full stop).

The instructions on the blacklist page are a bit deceptive, because the end of a sentence coincides with one of the examples, so it looks like you're meant to put a full stop on the end of the numbers.


Quote

I put in a dot after the 154. like the directions show.
Is this correct?


The instructions don't actually show this, the extra dot is just the end of the sentence.
tapaga,

Thanks.... Yes, it can be deceiving with those dots or periods.............
Will remove the last dot.

Quote

Stefan wrote:
Until this is solved, my site will run without the link to PHP-Fusion.

It seems that they search for the POWERED BY link.

When there's a proper solution to this, I will put the link back on ...

Aren't they just looking for the <a href> in the image link rather than the "Powered By" text?
I removed the <a href> link and see what happens. This way I still have the PHP fusion image....

Quote

Joe Kriz wrote:
Aren't they just looking for the <a href> in the image link rather than the "Powered By" text?
I removed the <a href> link and see what happens. This way I still have the PHP fusion image....


It depends on the theme being used, some of them just have a text link.
OK...

You say a text link.... The text link still has an <a href> correct????

Lot's of sites have Powered By something... If they are just looking for text and not a linked text, then these other sites might be getting hit also even though they may not be vulnerable to comments like PHP fusion is at this time.
Thread Information
Author
Replies
170 posts
Views
66,243 times
Last Post
Last updated on 12 years ago
Related Threads
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.