Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

Spam problem

whew... at last I had finished read this thread until end.
thanks guys, keep it up.

_____________________________________________
There Is A Not Solution Without Problems
I know this thread is sort of old, but I need to let people know what I've experienced.

I was getting spammed like everyone else until I downloaded the Security System infusion.

Ever since then I have no problems whatsoever...

I suggest you all give it try.
There is a disclaimer mod over at venue, just download that and install it. Users have to accept the disclaimer to register, I am hoping it will work.

http://www.venue.nu/frontpage.php

Quote

MutantCheese wrote:
What is that validation image? two "S"s?


Something like that... I made it in 'M$Paint' with a 'curve'

...still working :D

anyone else tried it?

(Attaching it again since it's a new page) hope its ok
What is that validation image? two "S"s?
I went for the easiest solution...

For almost a week now, i havnt had any spams (usually have a few/day)

My solution is simply to edit the image "validate_bg.jpg"

I'm attaching my 'edit' here for anyone to use

------------------------------------
Don't thank me, send money ;)
just got attacked from this ip
200.50.66.98

maybe
i've to activate again the web authentification
- antispammer & opensesame as password
Just a further note:
After getting yet another variation of the .info mail addy trying to register on my site I decided to do a reverse dns which pointed to "client-151-204-179-29.hamilton.k12.nj.us". A quick Whois revealed the registrant authority is : "neustar.us" and their support e-mail was of course listed.

So I mailed them and they replied with the details of the machine on that ip. It's a School in New Jersey !!!

Quote

As with all K12.NJ.US delegates (per RFC 1480), this is a school district or school in New Jersey.

According to the New Jersey Department of Education, the proper contacts for this school are:

Hamilton Township
90 Park Avenue
Hamilton Square, NJ 08690

Mr. Neil Bencivengo, Superintendent 609-631-2102
Mrs. Carol Chiacchio, Board Secretary/Business Administrator 609-631-4100

Please contact them for further assistance.



The server is "infected" perhaps if we find out what it's infected with we might get a clue how it works ?
Also for security reason isn't good thing to put users agreement text and button before they see registration form? On my test site I have that also. Don't have a spam but also that site is mostly in maintance, just sometimes I open her. But in the statistic I saw that IP numbers with 6...... visited that site.
Well, another hit. I came up with one solution, I don't know is it helpfull.

I managed to change in edit_profile.php that members cannot change theirs emaill address until they have 50 forums posts. Before that I get few of them registered and they spamed news and article comments with few comments. One time I sow one when he was online. I was banned him and delete him. After that I made changes in edit_profile.php and found one just register but without comments. Maybe it is good idea to leave theirs usernames, but change everything for them, like pass and mail? This is code. I don't know is it compatible with other versions becouase my files are moded a lot.

Anywhere in edit_profile.php found form for edit e-mail address and change end of the row (tr) before that form, e-mail form and just start of the tr code after email form in something like that. So after all only admin will be able to edit members emails all the time. Members must have 50 (less or more) forum posts to have ability to edit theirs email. Why should anywhere they change mails before that?

CodeDownload  
 </tr>";



if ($userdata['user_posts'] <= 50) {

echo "<tr>
<td class='tbl'>".$locale['u005']."</td>
<td class='tbl'><input type='hidden' name='user_email' value='".$userdata['user_email']."'>".$userdata['user_email']."</td>
</tr>";


} else {

echo "<tr>
<td class='tbl'>".$locale['u005']."<span style='color:#ff0000'>*</span></td>
<td class='tbl'><input type='text' name='user_email' value='".$userdata['user_email']."' maxlength='100' class='textbox' style='width:200px;'></td>
</tr>";


}

echo "<tr>

You must made backup of the edit_profil.php. Than test this code.



Anywhere this is good mod, BUT STILL WE NEED EMAIL CONFIRMATION MOD IF MEMBERS WANT TO EDIT MAIL ADDRESS.

Before some time I was opened that thread even I didn't know anything about that spams, becouse this is security issue, and now it was proven it is security issue.

Quote

christo78 wrote:
Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in


The tests i have made are on Apache servers. I think your problem is caused by you IIS configuration.

This is a quote from php.net that might help you:

Quote


Also note that until PHP 4.3.3, HTTP Authentication did not work using Microsoft's IIS server with the CGI version of PHP due to a limitation of IIS. In order to get it to work in PHP 4.3.3+, you must edit your IIS configuration "Directory Security". Click on "Edit" and only check "Anonymous Access", all other fields should be left unchecked.

Another limitation is if you're using the IIS module (ISAPI) and PHP 4, you may not use the PHP_AUTH_* variables but instead, the variable HTTP_AUTHORIZATION is available. For example, consider the following code: list($user, $pw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));

IIS Note:: For HTTP Authentication to work with IIS, the PHP directive cgi.rfc2616_headers must be set to 0 (the default value).


Quote from this url: http://www.php.net/manual/en/features...p-auth.php
Another solution is to stop comments with url bbcode, open comments_include and look for:
CodeDownload  
if ($comment_name != "" && $comment_message != "") {



Replace with:
CodeDownload  
if ($comment_name != "" && $comment_message != "" && !preg_match("#\[url\](.*?)\[/url\]#si", $message)) {

Hi WEC, thanks for having a look. I'm using PHP 5.0.5 on MySQL 4.1.7
The site is running on a W2K3 Server, IIS, and the browser is IE 6.0

I double checked I copied the extra code and it all looks fine ??

:|

I just installed FF and still get opensesame-0. If I put opensesame-0 it doesnt log in
Looks strange. Which OS and browser are you using?

Do you test it on a local server?

When i test the code on IE7 and FF 2.0.0.3 i get the results below.
Hey WEC, I am trying your realm authentication and it looks good, however I have 1 small problem. The password comes up as opensesame-0

see attached

:)
Our site too has also been hit with some porn spams. They were originally using .info to spam comments in the news articles which were quickly deleted and stopped by adding admin verification. We have since received some e-mails with links using hotmail.com addresses, i don't know if this is a bot or a legitimate member's idea of a joke since we made them aware.

Some info and useful links i used

member; peter951
e-mail: u95.4.280.peter@vstakf.info
IP: 69.61.55.52

member: david7462
e-mail: u74.17.640.david@hentai-porn-video.info
IP: 69.61.55.62

ines@hotmail.com
bill@hotmail.com

http://www.ip2location.com is useful for tracking down IP locations
http://www.afilias.info for tracking the account holder details of .info addresses.
http://www.scamfraudalert.com a discussion forum that has a thread that has been tracking these spammers for quite a while now.

Hope you find them useful in some way.

Is there some way of reporting these people once their identity has been tracked as we believe we have the exact address of the above culprit who is US based?
seems to be ok for now - at least on my site. something around 2 spambots register a weel ago and its ok now (deleted them)

Quote

WEC wrote:
On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

CodeDownload  
if ($settings['enable_registration']) {



Add below it:

CodeDownload  
// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##



So far this type of protection has stopped the registration bots for a test i'm running on a phpBB forum that used to get a lot of spam registrations.

Quote

HangJebat wrote:
hmm... it seems like "never ending story"

- being attacked by this spammers, make me feel very disgusted
really hope this matter will be resolved soon


You can set the registration is complete after the admin confirmation... It is not so comfortable, but, I hope, it is functional
Thread Information
Author
Replies
170 posts
Views
66,244 times
Last Post
Last updated on 12 years ago
Related Threads
You can view all discussion threads in this forum.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You cannot download attachments in this forum.