If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Total rewrite of simple antispam.  XML
Forum Index » Support Forum
Author Message
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Ok first instructions for 2.3.1. Instructions for 2.2 will be in second post.

First you need to decide on a simple word to use such as 123 or spamless and where I put WORD you put the word you have chosen.

open up addentry.php

find

if (isset($HTTP_POST_VARS["gb_action"])) {

replace it with

if (isset($_POST["gb_actionWORD"])) {

then replace

echo $gb_post->process($HTTP_POST_VARS["gb_action"]);

with

echo $gb_post->process($_POST["gb_actionWORD"]);

close and save the file

open index.php and do exactly the same as you did above.

open templates/form.php

replace BOTH instances of

name="gb_action"

with

name="gb_actionWORD"

save and close the file

open templates/preview_entry.php and again replace

name="gb_action"

with

name="gb_actionWORD"

Save and close the file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Here are the instructions for Advanced Guestbook 2.2

Again choose a simple word to use then put it where I put WORD

open up addentry.php

find

if ($HTTP_SERVER_VARS["REQUEST_METHOD"] == "POST") {

replace it with

if (isset($_POST["gb_actionWORD"])) {

then replace

echo $gb_post->process($HTTP_POST_VARS["gb_action"]);

with

echo $gb_post->process($HTTP_POST_VARS["gb_actionWORD"]);

close and save the file

open templates/form.php

replace BOTH instances of

name="gb_action"

with

name="gb_actionWORD"

save and close the file

open templates/preview_entry.php and again replace

name="gb_action"

with

name="gb_actionWORD"

Save and close the file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

I installed a new guestbook today using cPanel and now I'm adding fixes and mods.

In the addentry.php and index.php files, you say to replace this line.... if (isset($_POST["gb_action"])) {

I don't have that line exactly, but I do have this one.... if (isset($HTTP_POST_VARS["gb_action"])) {

would it be best to replace it as you suggested.... if (isset($_POST["gb_actionWORD"])) {

or should I use.... if (isset($HTTP_POST_VARS["gb_actionWORD"])) { ....instead? or maybe it wouldn't matter?

Thanks for all the work you do Carbonize

Deb

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Whoops my bad Forgot I had updated the HTTP vars in my script. Let me fix the instructions. $HTTP_POST_VARS is the deprecated method and has been replaced with $_POST but both do exactly the same thing.

BTW I have now been using this method for seven days on my own guestbook and logged all entries classed as spam. It has stopped 52 attempted automated postings (spam entries).

Oh and sorry for the delay in getting back to you but I never got an email saying this thread had received a reply

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

Thanks Carbonize for clearing that up and that's great it's blocked so many spam attempts

That's okay too for taking awhile....I was waiting very patiently

Deb

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

Btw in the eight days I have been using this method and logging the spam I have just hit 100 attempted spam entries. I think I just started logging in time to catch someone just starting to spam as the first entries are messed up with the date as their name and the date also in the urls. They are still messing up by puttig +'s in the names where spaces should be. You can also tell they are all from the same person due to the fact the ICQ number on all of them is 864530. I think it may be a worm or a trojan as all the posts come from different IP's.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
pmonahan
Beginner

Joined: 23/01/2004 03:47:28
Messages: 13
Offline

Greetings,

Is there a Spam Fix for those of us using v1.5

Thanks

Peter
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

No but i'm sure th esimple spam fix could be applied to Guestbook 1.5. If I get chance I will look at the code. All it requires is changing the name of a single input.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



I've tried to compare the commands in v2.2 vs 1.5 to make the changes, but they seem very different.

Is it something someone could have a look at and advise ?

I've come to learn to know what I don't know and this is one of those moments.

Thanks

Peter
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

unfortunately 1.5 is written in Perl where as 2.2 and 2.3.x are written in PHP.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



sorry, I don't fully understand how this works. does this word need to be a keyword found in common spam attempts or is it just a random word for the hell of it?
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

The guestbook, like all forms, works by having inputs for you to fill in. Each input has a name so it can be identified when submitted. The spam used to work by just sending a packet (how all information is sent over the net) to your server with the names of the inputs with the data they want posted. Some even sent the input names for both AG 2.2 and 2.3.1 in the same packets.

The simple anti spam method works by changing the name given to the submit button. If the buttons correct name is not sent in the packet the guestbook will just ignore the packet. Since I wrote this though a couple of the spammers have gotten wise to this (I guess they read this forum or my own). Their scripts/programs now visit the page first to get the names of the inputs before sending the data.

While this is still a valid method for stopping a large percentage of spam (I stopped 350 posts in a month using this method) I'd suggest using it in association with the human verification.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



I can not find the "addentry.php" file in ver. 2.2. Can anyone help out.
Anonymous



Anonymous wrote:I can not find the "addentry.php" file in ver. 2.2. Can anyone help out.


Nevermind.. I found it. Brain Fart! I've applied the new code and hope it works. I've been getting killed with spammers from Asia.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

It will stop some but not all. You are better off trying my Human Verification mod which is in the Advanced Guestbook forum.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum