Author Topic: MOD Comment Spam  (Read 29027 times)

0 Members and 1 Guest are viewing this topic.

Offline tsimmons

  • Pre-Newbie
  • Posts: 4
    • View Profile
MOD Comment Spam
« on: March 23, 2005, 08:35:47 PM »
Dunno if anyone uses anonymous comments (I do). I started seeing comment spam show up about a week ago (tons of comments about poker and drugs), so I implemented a method based on a WordPress plugin that prevent's 100% of automatically generated comment spam.

If anyone is interested, you can read about it here: http://www.simmonsconsulting.com/wordpress/?p=165

I can post the mod here if anyone is interested.

Cheers,

Toby

Offline martrix

  • Hero Member
  • *****
  • Posts: 755
    • View Profile
    • overlord.cz
Re: MOD Comment Spam
« Reply #1 on: March 23, 2005, 09:43:49 PM »
I don't allow it, but guess it would be a nice addition to 4images for other users ;)
MAяTRIX


Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: MOD Comment Spam
« Reply #2 on: March 24, 2005, 12:23:29 AM »
Me too would like to see how it works ;)
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline tsimmons

  • Pre-Newbie
  • Posts: 4
    • View Profile
Re: MOD Comment Spam
« Reply #3 on: March 29, 2005, 10:44:38 PM »
I finally wrote up the instructions. You can read them here http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php. It took longer to write up the instructions than to actually implement it!!  :wink:

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Re: MOD Comment Spam
« Reply #4 on: March 29, 2005, 11:03:58 PM »
very nice!
I like the way u made the diffirential compare :)

there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.

P.S. with this method JavaScript must be turned on in the browsers in order to post a comment, correct?
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)

Offline tsimmons

  • Pre-Newbie
  • Posts: 4
    • View Profile
Re: MOD Comment Spam
« Reply #5 on: March 29, 2005, 11:07:21 PM »
Yes, javascript must be enabled on the user's browser or they will not be able to post comments.

Offline BartAfterDark

  • Hero Member
  • *****
  • Posts: 520
    • View Profile
Re: MOD Comment Spam
« Reply #6 on: May 20, 2005, 08:52:13 PM »
The Spamlog Viewer doesn't work for me.
It just shows ... and if I click them I opens a "bar thingy" but witout any text :o

Offline kief24

  • Sr. Member
  • ****
  • Posts: 267
    • View Profile
Re: MOD Comment Spam
« Reply #7 on: September 20, 2005, 04:58:36 PM »
it takes quite some time to take out the code from the compare system/coloms from simonsconculting.com
( the diferential compare looks nice, but is not practical to copy the code from it -- all the numbers of the lines are in the code -- )

here is the last and biggest part of the code to add in details.php, easy to copy :

Code: [Select]
// create hash cash stuff by Toby551|
/*
Plugin Name: 4images Hashcash, based on a WordPress plugin
Plugin URI: http://dev.wp-plugins.org/wiki/wp-hashcash
Description: Comment submitters compute a special code using javascript before their comment is submitted. Very effective at blocking spambots and not noticable for commenters. XHTML 1.1 compliant.
Author: Toby Simmons, Matt Mullenweg, Elliott Back
Author URI: http://www.simmonsconsulting.com, http://photomatt.net/, http://elliottback.com557|Version: 1.7558|Hat tips:   C.S. - http://www.cimmanon.org/559|        Gene Shepherd - http://www.imporium.org/560|        John F. - http://www.stonegauge.com/
Magenson - http://blog.magenson.de/
        Matt Mullenweg - http://photomatt.net/
        Matt Warden - http://www.mattwarden.com/
        Paul Andrew Johnston - http://pajhome.org.uk/crypt/md5/
*/

define('HASHCASH_DEBUG', true);
define('HASHCASH_LOG_SIZE', 64000);

/* Generate a random string of length l */
function hashcash_random_string($l) {
    srand((double) microtime() * 1000000);

$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$chars = preg_split('//', $alphabet, -1, PREG_SPLIT_NO_EMPTY);
$len = count($chars) - 1;

$str = '';
while(strlen($str) < $l){
$str .= $chars[rand(0, $len)];
}

return $str;
}

/* Use sessions if session is started / supported */
function hashcash_special_code(){
$key = $session_info['session_ip'];

if(!$key){
$key = $_SERVER['REMOTE_ADDR'];
}

return md5($key . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
}

function hashcash_field_value(){
//  global $posts;
//  return $posts[0]->ID * strlen(ABSPATH);
global $image_id;

return $image_id * strlen(ABSPATH);

}

/* This adds a random hidden field to the form */
function hashcash_add_hidden_tag($page) {

$field_id = hashcash_random_string(rand(6,18));
$field_name = hashcash_random_string(rand(6,18));
$form_action = hashcash_random_string(rand(6,18));

// Write in hidden field
$page = str_replace('<input type="hidden" name="id"', '<input type="hidden" id="' . $field_id . '" name="' . $field_name . '" value="' . hashcash_field_value() . '" /> <input type="hidden" name="id"', $page);

// The form action
$page = str_replace('<form', '<form onsubmit="' . $form_action . '(\'' . hashcash_special_code() . '\');" ', $page);

// The jscript
$page = str_replace('<form', '<script src="' . './md5.js" type="text/javascript"></script><script type="text/javascript"> function ' . $form_action . '(in_str){ eElement = document.getElementById("' . $field_id . '"); if(!eElement){ return false; } else{ eElement.name = hex_md5(in_str); return true; } }</script><form', $page);

return $page;
}

function write_comment_log($comment){

/* Information to write to log */
$user = array();
$user[] = "Tech date: ".date("Y-m-d H:i:s");   
$user[] = "Date: ".date("F j, Y, g:i a");
$user[] = "Remote Address: ".$_SERVER['REMOTE_ADDR'];
$user[] = "Remote DNS: ".gethostbyaddr($_SERVER['REMOTE_ADDR']);
$user[] = "User agent: ".$_SERVER['HTTP_USER_AGENT'];
$user[] = "Referrer: ".$_SERVER['HTTP_REFERER'];
$user[] = "Author: ".$_POST['author'];
$user[] = "E-mail: ".$_POST['email'];$user[] = "URL: ".$_POST['url'];
$user[] = "Comment: ---------- ".$comment." ----------";
$user[] = "Image ID: ".$_POST['id']." ========== ";

$lines = join($user, " ");

$fp = fopen("spamlog.txt", "a");
fwrite($fp, $lines);
fclose($fp);

echo "<pre>".$lines."</pre>";

}

function hashcash_check_hidden_tag($comment) {
// Our special codes, fixed to check the previous hour
$special = array();
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($_SERVER['REMOTE_ADDR'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a"));
$special[] = md5($session_info['session_ip'] . ABSPATH . $_SERVER['HTTP_USER_AGENT'] . date("F j, Y, g a", time()-(60*60)));

foreach($special as $val){
if($_POST[md5($val)] == ($_POST['id'] * strlen(ABSPATH) )){
return $comment;
}
}

if( HASHCASH_DEBUG )
write_comment_log($comment);

die();
}




plz note : there is more code to be changed, see instructions on
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php



and it is nowhere mentioned, but you have to add a file called spamlog.txt to your (root?) folder.

in spamlog_view.php on line 16 :

$filename ="../../spamlog.txt";

is told where the file should be put.

Offline kief24

  • Sr. Member
  • ****
  • Posts: 267
    • View Profile
Re: MOD Comment Spam
« Reply #8 on: November 07, 2005, 11:30:22 PM »
is there someone who got this mod to work ?

they are spammig my guestbook to death, and i tried to install this anti-spam mod, no errors, but this "comment spam"-mod doesn't do a thing on my site.

some things  described in this mod  i don't understand.

in step four on this page :
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php

“NOTE that the hashcash_add_hidden_tag() function on line 607 of the new file replaces text in your comment_form.html template file. You might need to modify this section of code (or your templates). “

 :? "modify this section of code (or your templates)"

and this :

very nice!

there are two things I must add:
1) 4images prepare "super globals" (_GET and _POST) to work properly with "magic quotes" turned on, so for better compability u should use $HTTP_POST_VARS (dont foget add them to global list.)
2) $session_info['session_ip'] should be replace with $site_sess->session_info['session_ip'] and global $site_sess; should be used for that too.

 :?

someone who can give some more explanation about these steps ?

thx a lot

Offline iicee

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: MOD Comment Spam
« Reply #9 on: November 14, 2005, 02:37:00 PM »
Hi,

if you want also control the content of the comment, here is simpe solution to check bad or spam words from comment text... or other fields. I use it also for guestbook validiation.
This code is based in your own word list...  yes - you must update it time to time if new spam messages apperas to your site  :(

To Do:

1. Make a list of words that indicates spam or bad language. Every word in own row. Save it as spam_word_list.txt in your template directory ea. /templates/default/
NOTE! You can edit the file via admin panel  :)

2. Find in details.php or guestbook.php (if you are using guestbook mod);

Code: [Select]
    if ($comment_text == "")  {
      $msg .= (($msg != "") ? "<br />" : "").$lang['comment_required'];
      $error = 1;
    }

Insert after it;

Code: [Select]
//========== SPAM CHECK ==============================
 
// words to filter - from file - editable in admin panel
 $spam_word_list = file('templates/default/spam_word_list.txt');
 
   foreach($spam_word_list as $spam_word) {
   $spam_word =trim($spam_word, " \n\t\r\0\x0B");
  $spam_search = stristr($comment_text, $spam_word);
     If ($spam_search != ""){
        $msg .= "***** write here your custom message or use default spam message *****";
            $error = 1;
            break;
         }
   }

//============================================

That's it.

The default spam message is;  (($msg != "") ? "" : "").$lang['spamming'];
But if you want to inform the reason why comment was rejected, make your own info text

I use break; to cut the search loop, this stops the cheking in first found word. By little extra coding you can also create a counter for ex.  if some words can appear in text once or twice... or set max value for a word to appear in text before it's "banned"...   and so on....

Here is some spam words to begin with;

levitra
fioricet
ultram
phentermine
didrex
butalbital
tramadol
cialis
adipex
hydrocodone
butalbital
acetaminophen
caffeine
prescription
alprazolam
meridia
carisoprodol
paxil
propecia

Offline deenee

  • Pre-Newbie
  • Posts: 8
    • View Profile
    • deenees gallery
Re: MOD Comment Spam
« Reply #10 on: November 22, 2005, 08:18:52 PM »
Quote
NOTE! You can edit the file via admin panel

How does that work? Ive done everything you said, and where can I edit the file now in the ACP?
Oh, and another problem is that it does not work with my guestbook (but fine with the comments) and I added the same lines in both files, whats wrong there?

Offline iicee

  • Pre-Newbie
  • Posts: 3
    • View Profile
Re: MOD Comment Spam
« Reply #11 on: November 28, 2005, 07:49:54 PM »
Do You have guestbook.php in same directory as details.php? File path for spam_word_list.txt must be right.
spam_word_list.txt is editable in admin panel; General > Teplates. Select the file from "Select template" dropdown list and edit (Template) spam_word_list.txt.
Check also that the $comment_text exists in guestbook.php and try to run the script with out the break; command.

Please give comments if somebody else is using this or having problems wiht it.

It's simple code and I'm a simple coder.  8O



Offline deenee

  • Pre-Newbie
  • Posts: 8
    • View Profile
    • deenees gallery
Re: MOD Comment Spam
« Reply #12 on: November 28, 2005, 09:48:59 PM »
Yes, its the same directory. the file path is the same in both files, i copy&pasted it.
ok editing in the ACP works fine now, thanks  :)

$comment_text does exist, and I tried to run the script without break;, but its still the same; the words in the spam list could be posted anyway.

Any other idea? Would be so cool if I could kick these awful viagra posts out of my guestbook... (without deleting them day by day  :D)

Offline obmob01

  • Jr. Member
  • **
  • Posts: 60
    • View Profile
Re: MOD Comment Spam
« Reply #13 on: December 17, 2005, 03:05:25 AM »
I'm testing this on guetbook, but now i don't understand if i must do what is on:
http://www.simmonsconsulting.com/Products/Source/4images-details-diff.php

Is this last guestbook entry from iicee related or it's independent?  8O

I'm receiving a lot of spam in my guestbbok :(

Anyone knows if i can make posts in guestbook exclusive to registered members?

Offline dj9live

  • Newbie
  • *
  • Posts: 22
    • View Profile
Re: MOD Comment Spam
« Reply #14 on: December 31, 2005, 12:29:08 PM »
that mod doesnt work on guestbook... so what can we do? i sucks me to delete the hole day spam!