Houdini 0 Report post Posted January 14, 2006 Last week I started getting some spam on my PHP-Nuke in the forums. These were obvously SPAM. Poker, casino, and prescriptions and stuff of that sort. At first I just made a couple of new forums where I placed these posts, then edited out all the links. Some of them used e-mail addresses as a poster and some merely used guest.Then after I had placed these posts in their own new forum iwth the links removed, I did an IP BAN on eall the various IPs they were using. But that wasn't good enough for me so I found a Spam eliminator MOD on the phpBB Hacks site. I downloaded and installed it, and I have since not had any more spam posts in my forums.The MOD is real ssimple and you only edit one file so it will be included with this post for you to copy and paste so you can prevent this sort of annoyance from happening or stopping it if you are currently getting this type of KRUD on your site. What the program does is add an auth encrypted signature and looks for a post that took more than 5 seconds after the posting area was generated other wise if a post was made within the 5 second time frame (faster than a human) it just shows a preview and not the actual post, so the bot never really posts and you don't ever see it.Below is the code for both PHP-Nuke with phpBB forums and also the phpBB2 stand alone bulletin board. Hope this help other PHP-Nuke users like it did me! #-----[ OPEN ]------------------------------------------ #posting.php# #-----[ FIND ]------------------------------------------ # $refresh = $preview || $poll_add || $poll_edit || $poll_delete;# #-----[ BEFORE, ADD ]------------------------------------------ # switch ($mode) {case 'newtopic': $secretkey = 'f' . $forum_id; break;case 'quote': // If we're quoting, we need to determine the topic ID $sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id=' . $post_id; if (!($query = $db->sql_query($sql))) { message_die(GENERAL_MESSAGE, 'Could not obtain quoted topic information', '', __LINE__, __FILE__, $sql); } if (($row = $db->sql_fetchrow($query))) { $topic_id = $row['topic_id']; } else { message_die(GENERAL_MESSAGE, 'No_such_post'); } // Fall through to 'reply' casecase 'reply':case 'vote': $secretkey = 't' . $topic_id; break;case 'editpost': $secretkey = 'p' . $post_id; break;}// Generate a signature to validate this page$authkey = md5("nana" . $secretkey . "foofoo");$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']); $timekey = md5("time" . $secretkey);$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;$timeval = time() ^ $timepad;// Check the signature - if this is a submit which doesn't jive with the above, turn it into a previewif ($submit && (!isset($HTTP_POST_VARS[$authkey]) || $HTTP_POST_VARS[$authkey] != $authval || !isset($HTTP_POST_VARS[$timekey]) || ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5)){ $submit = false; $preview = true;}# #-----[ FIND ]------------------------------------------ # // Generate smilies listing for page outputgenerate_smilies('inline', PAGE_POSTING);# #-----[ BEFORE, ADD ]------------------------------------------ # // Insert our signature into the form$hidden_form_fields .= '<input type="hidden" name="' . $authkey . '" value="' . $authval . '">';$hidden_form_fields .= '<input type="hidden" name="' . $timekey . '" value="' . $timeval . '">';# #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ Share this post Link to post Share on other sites
HellFire121 0 Report post Posted January 29, 2006 hmm that's a good idea, when i get my hosting here i'll take a look at that Share this post Link to post Share on other sites
iGuest 3 Report post Posted September 23, 2009 Link Spams PreventionHow To Prevent Spam Bots In Your Forums!Hello All, I need help for vital tool required to prevent link spam on my forum Thanks. -reply by Adewale Share this post Link to post Share on other sites
8ennett 0 Report post Posted July 24, 2011 I had similar troubles on my phpBB forums. That's the problem with a lot of these open-source forums out there, it's great that people create them and hand them out for free but the wrong people get a hold of the code and create ways of defacing them using Xrumer blasts and such.There are loads of great modules out there now for phpBB systems for combating spam the only trouble is eventually the spammers find ways around them and you're back to square one. So many man hours are wasted just removing spam from forums, and many of the companies that are being advertised have no idea their SEO companies are doing it. I've had quite a few SEO's fired from various companies after complaining to the people on the other end of the links. Of course there are those who don't care about how they are advertised as their websites contain immoral content as it is, such as pornography and illegal medication.One way I found of keeping them at bay was to create my own anti-spam methods. This way they aren't a public distribution which means the spammers can't get their hands on the code and find weaknesses in it. My favourite method creating a random array of four colours and four numbers, applying each number to a colour and displaying them in a random order, a square block of colour with a number written inside it. Next it gives you a mathematical question using the colours instead of the numbers, and the operators (+, - etc.) having many different variants including using words like multiplied by, subtracted from and so on. The names of the styles that have the colour content in them is also a randomised named so it isn't as easy to disassemble the source code and automate it that way. Because of the highly complex nature of the anti spam code and considering it's completely unique and only displayed on my site, the odds of someone building it in to software such as xrumer is very low, why go to all the work just for one forum when there are thousands more out there right?Unfortunately many people who own and operate the forums out there don't know how to program their own anti spam methods, which means they have to rely on publicly released methods. It's a shame really, I know it wouldn't be possible but if everyone who owned and operated a forum could create their own anti spam systems then the spammers would be forced in to doing it all manually again like back in the 90's. It was thanks to spammers have no automated means of sending out their garbage that widely discouraged the practice and you were left with little to no spam on any BBS system (then again forum systems weren't as popular as chatrooms back in those days). If only we could force them back in to manual techniques again the internet would be a much better place. Share this post Link to post Share on other sites