4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
June 24, 2018, 08:29:23 PM

Login with username, password and session length
Search:     Advanced search
4images is now on facebook. Click here and become a fan!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Modifications / Modifikationen
| |-+  Mods & Plugins (Requests & Discussions) (Moderators: mawenzi, Rembrandt)
| | |-+  MOD Comment Spam
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] 2 » »» Print
Author Topic: MOD Comment Spam  (Read 23783 times)
tsimmons
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0


View Profile
« on: March 23, 2005, 08:35:47 PM »

Dunno if anyone uses anonymous comments (I do). I started seeing comment spam show up about a week ago (tons of comments about poker and drugs), so I implemented a method based on a WordPress plugin that prevent's 100% of automatically generated comment spam.

If anyone is interested, you can read about it here: http://www.simmonsconsulting.com/wordpress/?p=165

I can post the mod here if anyone is interested.

Cheers,

Toby
Logged
martrix
Hero Member
*****
Offline Offline

Posts: 755

Thank You
-Given: 0
-Receive: 6


View Profile WWW
« Reply #1 on: March 23, 2005, 09:43:49 PM »

I don't allow it, but guess it would be a nice addition to 4images for other users Wink
Logged

MAяTRIX

V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 576

mmm PHP...


View Profile WWW
« Reply #2 on: March 24, 2005, 12:23:29 AM »

Me too would like to see how it works Wink
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
tsimmons
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #3 on: March 29, 2005, 10:44:38 PM »

I finally wrote up the instructions. You can read them here http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php. It took longer to write up the instructions than to actually implement it!!  Wink
Logged
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 576

mmm PHP...


View Profile WWW
« Reply #4 on: March 29, 2005, 11:03:58 PM »

very nice!
I like the way u made the diffirential compare Smile

there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.

P.S. with this method JavaScript must be turned on in the browsers in order to post a comment, correct?
Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
tsimmons
Pre-Newbie

Offline Offline

Posts: 4

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #5 on: March 29, 2005, 11:07:21 PM »

Yes, javascript must be enabled on the user's browser or they will not be able to post comments.
Logged
BartAfterDark
Hero Member
*****
Offline Offline

Posts: 520

Thank You
-Given: 0
-Receive: 2


View Profile
« Reply #6 on: May 20, 2005, 08:52:13 PM »

The Spamlog Viewer doesn't work for me.
It just shows ... and if I click them I opens a "bar thingy" but witout any text Surprised
Logged
kief24
Sr. Member
****
Offline Offline

Posts: 267

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #7 on: September 20, 2005, 04:58:36 PM »

it takes quite some time to take out the code from the compare system/coloms from simonsconculting.com
( the diferential compare looks nice, but is not practical to copy the code from it -- all the numbers of the lines are in the code -- )

here is the last and biggest part of the code to add in details.php, easy to copy :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// create hash cash stuff by Toby551|
/*
Plugin Name: 4images Hashcash, based on a WordPress plugin
Plugin URI: http://dev.wp-plugins.org/wiki/wp-hashcash
Description: Comment submitters compute a special code using javascript before their comment is submitted. Very effective at blocking spambots and not noticable for commenters. XHTML 1.1 compliant.
Author: Toby Simmons, Matt Mullenweg, Elliott Back
Author URI: http://www.simmonsconsulting.com, http://photomatt.net/, http://elliottback.com557|Version: 1.7558|Hat tips:   C.S. - http://www.cimmanon.org/559|        Gene Shepherd - http://www.imporium.org/560|        John F. - http://www.stonegauge.com/
Magenson - http://blog.magenson.de/
        Matt Mullenweg - http://photomatt.net/
        Matt Warden - http://www.mattwarden.com/
        Paul Andrew Johnston - http://pajhome.org.uk/crypt/md5/
*/

define('HASHCASH_DEBUG', true);
define('HASHCASH_LOG_SIZE', 64000);

/* Generate a random string of length l */
function hashcash_random_string($l) {
    srand((double) microtime() * 1000000);

$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$chars = preg_split('//', $alphabet, -1, PREG_SPLIT_NO_EMPTY);
$len = count($chars) - 1;

$str = '';
while(strlen($str) < $l){
$str .= $chars[rand(0, $len)];
}

return $str;
}

/* Use sessions if session is started / supported */
function hashcash_special_code(){
$key = $session_info['session_ip'];

if(!$key){
$key = $_SERVER['REMOTE_ADDR'];
}

return md5($key . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
}

function hashcash_field_value(){
//  global $posts;
//  return $posts[0]->ID * strlen(ABSPATH);
global $image_id;

return $image_id * strlen(ABSPATH);

}

/* This adds a random hidden field to the form */
function hashcash_add_hidden_tag($page) {

$field_id = hashcash_random_string(rand(6,18));
$field_name = hashcash_random_string(rand(6,18));
$form_action = hashcash_random_string(rand(6,18));

// Write in hidden field
$page = str_replace('<input type="hidden" name="id"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . hashcash_field_value() . '" /> <input type="hidden" name="id"', $page);

// The form action
$page = str_replace('<form', '<form onsubmit="' . $form_action . '(\'' . hashcash_special_code() . '\');" ', $page);

// The jscript
$page = str_replace('<form', '<script src="' . './md5.js" type="text/javascript"></script><script type="text/javascript"> function ' . $form_action . '(in_str){ eElement = document.getElementById("' . $field_id . '"); if(!eElement){ return false; } else{ eElement.name = hex_md5(in_str); return true; } }</script><form', $page);

return $page;
}

function write_comment_log($comment){

/* Information to write to log */
$user = array();
$user[] = "Tech date: ".date("Y-m-d H:i:s");   
$user[] = "Date: ".date("F j, Y, g:i a");
$user[] = "Remote Address: ".$_SERVER['REMOTE_ADDR'];
$user[] = "Remote DNS: ".gethostbyaddr($_SERVER['REMOTE_ADDR']);
$user[] = "User agent: ".$_SERVER['HTTP_USER_AGENT'];
$user[] = "Referrer: ".$_SERVER['HTTP_REFERER'];
$user[] = "Author: ".$_POST['author'];
$user[] = "E-mail: ".$_POST['email'];$user[] = "URL: ".$_POST['url'];
$user[] = "Comment: ---------- ".$comment." ----------";
$user[] = "Image ID: ".$_POST['id']." ========== ";

$lines = join($user, " ");

$fp = fopen("spamlog.txt", "a");
fwrite($fp, $lines);
fclose($fp);

echo "<pre>".$lines."</pre>";

}

function hashcash_check_hidden_tag($comment) {
// Our special codes, fixed to check the previous hour
$special = array();
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));

foreach($special as $val){
if($_POST[md5($val)] == ($_POST['id'] * strlen(ABSPATH) )){
return $comment;
}
}

if( HASHCASH_DEBUG )
write_comment_log($comment);

die();
}




plz note : there is more code to be changed, see instructions on
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php



and it is nowhere mentioned, but you have to add a file called spamlog.txt to your (root?) folder.

in spamlog_view.php on line 16 :

$filename ="../../spamlog.txt";

is told where the file should be put.
Logged
kief24
Sr. Member
****
Offline Offline

Posts: 267

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #8 on: November 07, 2005, 11:30:22 PM »

is there someone who got this mod to work ?

they are spammig my guestbook to death, and i tried to install this anti-spam mod, no errors, but this "comment spam"-mod doesn't do a thing on my site.

some things  described in this mod  i don't understand.

in step four on this page :
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php

“NOTE that the hashcash_add_hidden_tag() function on line 607 of the new file replaces text in your comment_form.html template file. You might need to modify this section of code (or your templates). “

 Confused "modify this section of code (or your templates)"

and this :

very nice!

there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.

 Confused

someone who can give some more explanation about these steps ?

thx a lot
Logged
iicee
Pre-Newbie

Offline Offline

Posts: 3

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #9 on: November 14, 2005, 02:37:00 PM »

Hi,

if you want also control the content of the comment, here is simpe solution to check bad or spam words from comment text... or other fields. I use it also for guestbook validiation.
This code is based in your own word list...  yes - you must update it time to time if new spam messages apperas to your site  Sad

To Do:

1. Make a list of words that indicates spam or bad language. Every word in own row. Save it as spam_word_list.txt in your template directory ea. /templates/default/
NOTE! You can edit the file via admin panel  Smile

2. Find in details.php or guestbook.php (if you are using guestbook mod);

1
2
3
4
    if ($comment_text == "")  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
      $error = 1;
    }

Insert after it;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
//========== SPAM CHECK ==============================
 
// words to filter - from file - editable in admin panel
 $spam_word_list = file('templates/default/spam_word_list.txt');
 
   foreach($spam_word_list as $spam_word) {
   $spam_word =trim($spam_word, " \n\t\r\0\x0B");
  $spam_search = stristr($comment_text, $spam_word);
     If ($spam_search != ""){
        $msg .= "***** write here your custom message or use default spam message *****";
            $error = 1;
            break;
         }
   }

//============================================

That's it.

The default spam message is;  (($msg != "") ? "" : "").$lang['spamming'];
But if you want to inform the reason why comment was rejected, make your own info text

I use break; to cut the search loop, this stops the cheking in first found word. By little extra coding you can also create a counter for ex.  if some words can appear in text once or twice... or set max value for a word to appear in text before it's "banned"...   and so on....

Here is some spam words to begin with;

levitra
fioricet
ultram
phentermine
didrex
butalbital
tramadol
cialis
adipex
hydrocodone
butalbital
acetaminophen
caffeine
prescription
alprazolam
meridia
carisoprodol
paxil
propecia
Logged
deenee
Pre-Newbie

Offline Offline

Posts: 8

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #10 on: November 22, 2005, 08:18:52 PM »

Quote  [Expand]
NOTE! You can edit the file via admin panel

How does that work? Ive done everything you said, and where can I edit the file now in the ACP?
Oh, and another problem is that it does not work with my guestbook (but fine with the comments) and I added the same lines in both files, whats wrong there?
Logged
iicee
Pre-Newbie

Offline Offline

Posts: 3

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #11 on: November 28, 2005, 07:49:54 PM »

Do You have guestbook.php in same directory as details.php? File path for spam_word_list.txt must be right.
spam_word_list.txt is editable in admin panel; General > Teplates. Select the file from "Select template" dropdown list and edit (Template) spam_word_list.txt.
Check also that the $comment_text exists in guestbook.php and try to run the script with out the break; command.

Please give comments if somebody else is using this or having problems wiht it.

It's simple code and I'm a simple coder.  Shocked


Logged
deenee
Pre-Newbie

Offline Offline

Posts: 8

Thank You
-Given: 0
-Receive: 0


View Profile WWW
« Reply #12 on: November 28, 2005, 09:48:59 PM »

Yes, its the same directory. the file path is the same in both files, i copy&pasted it.
ok editing in the ACP works fine now, thanks  Smile

$comment_text does exist, and I tried to run the script without break;, but its still the same; the words in the spam list could be posted anyway.

Any other idea? Would be so cool if I could kick these awful viagra posts out of my guestbook... (without deleting them day by day  Very Happy)
Logged
obmob01
Jr. Member
**
Offline Offline

Posts: 60

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #13 on: December 17, 2005, 03:05:25 AM »

I'm testing this on guetbook, but now i don't understand if i must do what is on:
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php

Is this last guestbook entry from iicee related or it's independent?  Shocked

I'm receiving a lot of spam in my guestbbok Sad

Anyone knows if i can make posts in guestbook exclusive to registered members?
Logged
dj9live
Newbie
*
Offline Offline

Posts: 22

Thank You
-Given: 0
-Receive: 0


View Profile
« Reply #14 on: December 31, 2005, 12:29:08 PM »

that mod doesnt work on guestbook... so what can we do? i sucks me to delete the hole day spam!
Logged
Pages: [1] 2 » »» Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.216 seconds with 19 queries.