vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Prevent php regex, someone using private.php maybe using they bot spammer script (https://vborg.vbsupport.ru/showthread.php?t=266770)

basketmen 07-13-2011 10:27 PM
Prevent php regex, someone using private.php maybe using they bot spammer script
 
Hi guys,

about few days a go, my members got a lot enough spam private messages from few spammer members, its looks like there is a bot spam script outthere, to search members username and send spam private messages, maybe using php regex

is there a way to prevent private.php page by accessing from other server, so only real user that can accessing the page? maybe like prevent hotlinking image

Nb.
I already set member can only send 5 pm at once. But they can still sending constant pm. I get simillar pm from forums.digitalpoint.com few times before, even my account dont have post yet there

Its not about the pm's settings, but how to prevent this private.php page, and other page that can accessed and abused by script from other server maybe using regex

please share your knowledge guys

Alfa1 07-13-2011 11:41 PM
Just set the throttle to one PM per hour for your new member usergroup. And add a function for members to report PMs. Then you will discover spammers quickly.
Regarding the use of bad bots / scripts: look into vb Bad Behavior to block those.

basketmen 07-14-2011 10:43 PM
like in first post, Its not about the pm's settings, they can set the bot to send only x pm's perhour too if we change it, and create new members/new ip address even we already ban it

the best example is in webmaster central forum, forums.digitalpoint.com, if you are the member there, sometime you will get pm's like this from spammers

it is better if there are way to block private.php page used by cross linking, only allowed real user

please share if anyone know how to make private.php page more secure

kh99 07-15-2011 12:04 PM
Maybe you could do one of:

- Add human verification to PMs
- Add an extra text field or checkbox to the PM form then check for it before sending a PM
- Rename private.php to something else (you'd also need to find everywhere private.php is used in the code and templates and change those too).

But of course all of those would require some programming, and possible editing of vb files.


All times are GMT. The time now is 01:42 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00940 seconds
  • Memory Usage 1,709KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete