4images Forum & Community
4images Modifications / Modifikationen => Mods & Plugins (Requests & Discussions) => Topic started by: tsimmons on March 23, 2005, 08:35:47 PM
-
Dunno if anyone uses anonymous comments (I do). I started seeing comment spam show up about a week ago (tons of comments about poker and drugs), so I implemented a method based on a WordPress plugin that prevent's 100% of automatically generated comment spam.
If anyone is interested, you can read about it here: http://www.simmonsconsulting.com/wordpress/?p=165
I can post the mod here if anyone is interested.
Cheers,
Toby
-
I don't allow it, but guess it would be a nice addition to 4images for other users ;)
-
Me too would like to see how it works ;)
-
I finally wrote up the instructions. You can read them here http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php. It took longer to write up the instructions than to actually implement it!! :wink:
-
very nice!
I like the way u made the diffirential compare :)
there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.
P.S. with this method JavaScript must be turned on in the browsers in order to post a comment, correct?
-
Yes, javascript must be enabled on the user's browser or they will not be able to post comments.
-
The Spamlog Viewer doesn't work for me.
It just shows ... and if I click them I opens a "bar thingy" but witout any text :o
-
it takes quite some time to take out the code from the compare system/coloms from simonsconculting.com
( the diferential compare looks nice, but is not practical to copy the code from it -- all the numbers of the lines are in the code -- )
here is the last and biggest part of the code to add in details.php, easy to copy :
// create hash cash stuff by Toby551|
/*
Plugin Name: 4images Hashcash, based on a WordPress plugin
Plugin URI: http://dev.wp-plugins.org/wiki/wp-hashcash
Description: Comment submitters compute a special code using javascript before their comment is submitted. Very effective at blocking spambots and not noticable for commenters. XHTML 1.1 compliant.
Author: Toby Simmons, Matt Mullenweg, Elliott Back
Author URI: http://www.simmonsconsulting.com, http://photomatt.net/, http://elliottback.com557|Version: 1.7558|Hat tips: C.S. - http://www.cimmanon.org/559| Gene Shepherd - http://www.imporium.org/560| John F. - http://www.stonegauge.com/
Magenson - http://blog.magenson.de/
Matt Mullenweg - http://photomatt.net/
Matt Warden - http://www.mattwarden.com/
Paul Andrew Johnston - http://pajhome.org.uk/crypt/md5/
*/
define('HASHCASH_DEBUG', true);
define('HASHCASH_LOG_SIZE', 64000);
/* Generate a random string of length l */
function hashcash_random_string($l) {
srand((double) microtime() * 1000000);
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$chars = preg_split('//', $alphabet, -1, PREG_SPLIT_NO_EMPTY);
$len = count($chars) - 1;
$str = '';
while(strlen($str) < $l){
$str .= $chars[rand(0, $len)];
}
return $str;
}
/* Use sessions if session is started / supported */
function hashcash_special_code(){
$key = $session_info['session_ip'];
if(!$key){
$key = $_SERVER['REMOTE_ADDR'];
}
return md5($key . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
}
function hashcash_field_value(){
// global $posts;
// return $posts[0]->ID * strlen(ABSPATH);
global $image_id;
return $image_id * strlen(ABSPATH);
}
/* This adds a random hidden field to the form */
function hashcash_add_hidden_tag($page) {
$field_id = hashcash_random_string(rand(6,18));
$field_name = hashcash_random_string(rand(6,18));
$form_action = hashcash_random_string(rand(6,18));
// Write in hidden field
$page = str_replace('<input type="hidden" name="id"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . hashcash_field_value() . '" /> <input type="hidden" name="id"', $page);
// The form action
$page = str_replace('<form', '<form onsubmit="' . $form_action . '(\'' . hashcash_special_code() . '\');" ', $page);
// The jscript
$page = str_replace('<form', '<script src="' . './md5.js" type="text/javascript"></script><script type="text/javascript"> function ' . $form_action . '(in_str){ eElement = document.getElementById("' . $field_id . '"); if(!eElement){ return false; } else{ eElement.name = hex_md5(in_str); return true; } }</script><form', $page);
return $page;
}
function write_comment_log($comment){
/* Information to write to log */
$user = array();
$user[] = "Tech date: ".date("Y-m-d H:i:s");
$user[] = "Date: ".date("F j, Y, g:i a");
$user[] = "Remote Address: ".$_SERVER['REMOTE_ADDR'];
$user[] = "Remote DNS: ".gethostbyaddr($_SERVER['REMOTE_ADDR']);
$user[] = "User agent: ".$_SERVER['HTTP_USER_AGENT'];
$user[] = "Referrer: ".$_SERVER['HTTP_REFERER'];
$user[] = "Author: ".$_POST['author'];
$user[] = "E-mail: ".$_POST['email'];$user[] = "URL: ".$_POST['url'];
$user[] = "Comment: ---------- ".$comment." ----------";
$user[] = "Image ID: ".$_POST['id']." ========== ";
$lines = join($user, " ");
$fp = fopen("spamlog.txt", "a");
fwrite($fp, $lines);
fclose($fp);
echo "<pre>".$lines."</pre>";
}
function hashcash_check_hidden_tag($comment) {
// Our special codes, fixed to check the previous hour
$special = array();
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
foreach($special as $val){
if($_POST[md5($val)] == ($_POST['id'] * strlen(ABSPATH) )){
return $comment;
}
}
if( HASHCASH_DEBUG )
write_comment_log($comment);
die();
}
plz note : there is more code to be changed, see instructions on
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php
and it is nowhere mentioned, but you have to add a file called spamlog.txt to your (root?) folder.
in spamlog_view.php on line 16 :
$filename ="../../spamlog.txt";
is told where the file should be put.
-
is there someone who got this mod to work ?
they are spammig my guestbook to death, and i tried to install this anti-spam mod, no errors, but this "comment spam"-mod doesn't do a thing on my site.
some things described in this mod i don't understand.
in step four on this page :
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php
“NOTE that the hashcash_add_hidden_tag() function on line 607 of the new file replaces text in your comment_form.html template file. You might need to modify this section of code (or your templates). “
:? "modify this section of code (or your templates)"
and this :
very nice!
there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.
:?
someone who can give some more explanation about these steps ?
thx a lot
-
Hi,
if you want also control the content of the comment, here is simpe solution to check bad or spam words from comment text... or other fields. I use it also for guestbook validiation.
This code is based in your own word list... yes - you must update it time to time if new spam messages apperas to your site :(
To Do:
1. Make a list of words that indicates spam or bad language. Every word in own row. Save it as spam_word_list.txt in your template directory ea. /templates/default/
NOTE! You can edit the file via admin panel :)
2. Find in details.php or guestbook.php (if you are using guestbook mod);
if ($comment_text == "") {
$msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
$error = 1;
}
Insert after it;
//========== SPAM CHECK ==============================
// words to filter - from file - editable in admin panel
$spam_word_list = file('templates/default/spam_word_list.txt');
foreach($spam_word_list as $spam_word) {
$spam_word =trim($spam_word, " \n\t\r\0\x0B");
$spam_search = stristr($comment_text, $spam_word);
If ($spam_search != ""){
$msg .= "***** write here your custom message or use default spam message *****";
$error = 1;
break;
}
}
//============================================
That's it.
The default spam message is; (($msg != "") ? "" : "").$lang['spamming'];
But if you want to inform the reason why comment was rejected, make your own info text
I use break; to cut the search loop, this stops the cheking in first found word. By little extra coding you can also create a counter for ex. if some words can appear in text once or twice... or set max value for a word to appear in text before it's "banned"... and so on....
Here is some spam words to begin with;
levitra
fioricet
ultram
phentermine
didrex
butalbital
tramadol
cialis
adipex
hydrocodone
butalbital
acetaminophen
caffeine
prescription
alprazolam
meridia
carisoprodol
paxil
propecia
-
NOTE! You can edit the file via admin panel
How does that work? Ive done everything you said, and where can I edit the file now in the ACP?
Oh, and another problem is that it does not work with my guestbook (but fine with the comments) and I added the same lines in both files, whats wrong there?
-
Do You have guestbook.php in same directory as details.php? File path for spam_word_list.txt must be right.
spam_word_list.txt is editable in admin panel; General > Teplates. Select the file from "Select template" dropdown list and edit (Template) spam_word_list.txt.
Check also that the $comment_text exists in guestbook.php and try to run the script with out the break; command.
Please give comments if somebody else is using this or having problems wiht it.
It's simple code and I'm a simple coder. 8O
-
Yes, its the same directory. the file path is the same in both files, i copy&pasted it.
ok editing in the ACP works fine now, thanks :)
$comment_text does exist, and I tried to run the script without break;, but its still the same; the words in the spam list could be posted anyway.
Any other idea? Would be so cool if I could kick these awful viagra posts out of my guestbook... (without deleting them day by day :D)
-
I'm testing this on guetbook, but now i don't understand if i must do what is on:
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php
Is this last guestbook entry from iicee related or it's independent? 8O
I'm receiving a lot of spam in my guestbbok :(
Anyone knows if i can make posts in guestbook exclusive to registered members?
-
that mod doesnt work on guestbook... so what can we do? i sucks me to delete the hole day spam!
-
Maybe we can test it with a check picture.You have to write down a few letter to sign in your guestbook.
But i´m not so good in php.Who can give us some support?
Dirk
-
that mod doesnt work on guestbook... so what can we do? i sucks me to delete the hole day spam!
it does.. the problem is that the line you have to find and add something after exists 2 times in the guestbook.php, and when you add it behind the 2nd, it works.
-
hey that works really good, i havent got any spam in one whole day
thanks man