vb.org Archive
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)
-   -   Contacts Spam Filter (https://vborg.vbsupport.ru/showthread.php?t=119663)

Arjan 08-05-2006 10:02 AM
How can I get this code to work with 3.0.x?
It looks good, but so far I did not see a good way to get it to work with the older version.

y2ksw 08-05-2006 10:29 AM
Quote:
Originally Posted by Arjan
How can I get this code to work with 3.0.x?
It looks good, but so far I did not see a good way to get it to work with the older version.
In fact there isn't a good way to do this inside 3.0.x, since it would need code changes, I cannot even provide, sorry :knockedout:

Arjan 08-05-2006 11:00 AM
Well I got it working.
in the send message.php I added the code in two parts:

This part went into the E-mail permissions piece. Just before the initialisation of the error array.
Since (as I understood) this blocks mail sent from outside the page, I left the Die message in it. Don't make them wise ;)

Look for:
Code:
// initialize errors array
$errors = array();
Above it add:
Code:
//ANTI SPAM PART 1
$AntiSpamMessage1 = 'Spam filter: Please send your message through the appropriate message form.';
$AntiSpamMessage2 = 'Spam filter: Your message has not been accepted since it has some SPAM like properties.';

// Make sure the form was sent from a browser
if(!$_SERVER['HTTP_USER_AGENT'])
{
    die($AntiSpamMessage1);
}

// Make sure the form was POSTed
if(!$_SERVER['REQUEST_METHOD'] == 'POST')

    die($AntiSpamMessage1);
}

//END ANTI SPAM PART 1
Then the rest goes a bit lower in the page.
In the section
// ############################### do contact webmaster ###############################

Look for:
Code:
        // if it's all good... send the email
        if (empty($errors))
Just above it add:
Code:
    //ANTI SPAM PART 2
    // Allow only the sendmessage script
    $MyReferrer = strtolower($_SERVER['HTTP_REFERER']);
    $MyURL = strtolower($vboptions['bburl'] . '/' . $vboptions['contactuslink']);
    if($MyReferrer != $MyURL)
    { 
                eval('$errors[] = "' . $AntiSpamMessage1 . '";');
    } 
       
    // Check for strings in the message body.
    // This string is found in automated browsers (all yet) at the bottom.
    // For completeness we parse all post variables for this string.
    // Prepared for more recognition strings.
    $MyStrings = array(
        '9c53d2119880d95e96e1a71e3a6c8340',              // the start
        'dc64615b0a1e1bd3cb2689bf82248b5c',              // 2006-06-27
        'f4dd026ac39b9e2fa576404ae93f215c',              // 2006-06-30
        '849b90dee61199d2ed871b18e1575cb5',              // 2006-07-06
        '05980283d7fb0e8cc54b17a2b2a0ab96',              // 2006-07-10
        '70fcdb09b8b18b50874603a6c99fcbcb',              // 2006-07-15
        'bd0e28eaccfa349da99ddd3880835725',              // 2006-07-16
        '71b0d16f90c6ef289fb9e0b08b44fd7c',              // 2006-07-16
        'df487ef8b49cead02c1a5d00a04288ce',              // 2006-07-21
        '6d02afe3993f73507d90e3f877d8eed8',              // 2006-07-23
        '5064a72d6d1acabba6a21f655481a5b5',              // 2006-07-24
        '33766d282efd27c3468309e546e247c5',              // 2006-07-29
        'c9551bfed82d85381e7fd1deb6fef0af'              // 2006-07-30
        );

    // Loop through each POST item and check for the headers
    foreach($_POST as $MyKey => $MyPostItem)
    {
        $MyTempItem = strtolower($MyPostItem);
        foreach($MyStrings as $MyString)
        {
            if(strpos($MyTempItem, strtolower($MyString)) !== FALSE)
            {
                      eval('$errors[] = "' . $AntiSpamMessage2 . '";');
            }
        }
    }

    // Cleanup
    unset($MyDieMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString);
       
    //END ANTI SPAM PART 2
This second part, uses the standard errors option, so it is showed in a nice way to the user. Just in case valid users do not pass the test (though I doubt).

y2ksw 08-05-2006 04:12 PM
Quote:
Originally Posted by Arjan
(...) I left the Die message in it. Don't make them wise ;)
Right. In fact I would rather show a blank page, which means all and nothing in the same time :)

Arjan 08-06-2006 09:27 AM
True word.... I noticed

And the'' be kind show the user what is wrong' is also not a good idea.
Updating the errorstring and showing the form again invites the spammer (spambot) to retry. My server got huge pageloads in the last couple of hours (5 times more) with a normal, even a bit low, amount of visitors. Which resulted in an overloaded CPU.

I saw I forgot two pieces of code. And with the just Die version you will get this for the second part:
Code:
    //ANTI SPAM PART 2
    // Allow only the sendmessage script
    $MyReferrer = strtolower($_SERVER['HTTP_REFERER']);
    $MyURL = strtolower($vboptions['bburl'] . '/' . $vboptions['contactuslink']);
    if($MyReferrer != $MyURL)
    { 
                //eval('$errors[] = "' . $AntiSpamMessage1 . '";');
        die($AntiSpamMessage);
    } 

    // Filter header injections
    $MyHeaders = array(
        "content-type:",
        "mime-version:",
        "content-transfer-encoding:",
        "bcc:",
        "cc:"
        );


    // Check for the number of hrefs in settings.
    // This makes it pretty secure against future spam versions.
    $MyPostItem = strtolower($_POST['message']);
    $MyTempItem = explode('href=', $MyPostItem);
    if(count($MyTempItem) >= 2)
    {
        die($AntiSpamMessage);
    }


    // Loop through each POST item and check for the headers
    foreach($_POST as $MyKey => $MyPostItem)
    {
        $MyTempItem = strtolower($MyPostItem);
        foreach($MyHeaders as $MyHeader)
        {
            if(strpos($MyTempItem, $MyHeader) !== FALSE)
            {
                die($AntiSpamMessage);
            }
        }
    }
       
    // Check for strings in the message body.
    // This string is found in automated browsers (all yet) at the bottom.
    // For completeness we parse all post variables for this string.
    // Prepared for more recognition strings.
    $MyStrings = array(
        '9c53d2119880d95e96e1a71e3a6c8340',              // the start
        'dc64615b0a1e1bd3cb2689bf82248b5c',              // 2006-06-27
        'f4dd026ac39b9e2fa576404ae93f215c',              // 2006-06-30
        '849b90dee61199d2ed871b18e1575cb5',              // 2006-07-06
        '05980283d7fb0e8cc54b17a2b2a0ab96',              // 2006-07-10
        '70fcdb09b8b18b50874603a6c99fcbcb',              // 2006-07-15
        'bd0e28eaccfa349da99ddd3880835725',              // 2006-07-16
        '71b0d16f90c6ef289fb9e0b08b44fd7c',              // 2006-07-16
        'df487ef8b49cead02c1a5d00a04288ce',              // 2006-07-21
        '6d02afe3993f73507d90e3f877d8eed8',              // 2006-07-23
        '5064a72d6d1acabba6a21f655481a5b5',              // 2006-07-24
        '33766d282efd27c3468309e546e247c5',              // 2006-07-29
        'c9551bfed82d85381e7fd1deb6fef0af'              // 2006-07-30
        );

    // Loop through each POST item and check for the headers
    foreach($_POST as $MyKey => $MyPostItem)
    {
        $MyTempItem = strtolower($MyPostItem);
        foreach($MyStrings as $MyString)
        {
            if(strpos($MyTempItem, strtolower($MyString)) !== FALSE)
            {
                      //eval('$errors[] = "' . $AntiSpamMessage2 . '";');
              die($AntiSpamMessage);
            }
        }
    }

    // Cleanup
    unset($AntiSpamMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString);
       
    //END ANTI SPAM PART 2

y2ksw 08-06-2006 09:46 AM
Thanks for adding your code modifications for 3.0.x :cool:

mambo9 08-16-2006 08:18 AM
Hey peeps!

Great thought on this hack, we have just started to recieve loads of thoose nice rolex watch ads through there lol.

I installed via the pluggin system, set the max hyperlinks too 3.

But, logged in as admin, i now cant test the system it seems? It always renders me the Spam Filter: msg!

Any ideas ?

y2ksw 08-16-2006 03:52 PM
Quote:
Originally Posted by mambo9
Hey peeps!

Great thought on this hack, we have just started to recieve loads of thoose nice rolex watch ads through there lol.

I installed via the pluggin system, set the max hyperlinks too 3.

But, logged in as admin, i now cant test the system it seems? It always renders me the Spam Filter: msg!

Any ideas ?
Fixed & tested on both vBulletin v. 3.5.4 and 3.6.0 :cool:

adwade 09-15-2006 01:39 PM
Quote:
Originally Posted by y2ksw
Fixed & tested on both vBulletin v. 3.5.4 and 3.6.0 :cool:
So happy to have tripped across this -and- the fact it's v3.6 compatible! Will be installing tomorrow on my day off!

y2ksw 09-15-2006 03:31 PM
You are welcome :)


All times are GMT. The time now is 01:49 PM.
Page 2 of 4 1 2 34
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01145 seconds
  • Memory Usage 1,761KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete