vb.org Archive - View Single Post

y2ksw · #6 06-29-2006, 07:14 PM

Here is an update, which does some extra work against automated browsers, and thus has become pretty safe and easy to update.

PHP Code:


			
<?php

$MyDieMessage = 'Spam filter: Please send your message through the appropriate message form.';



// Make sure the form was sent from a browser

if(!$_SERVER['HTTP_USER_AGENT'])

{

    die($MyDieMessage);

}



// Make sure the form was POSTed

if(!$_SERVER['REQUEST_METHOD'] == 'POST')

{ 

    die($MyDieMessage);

} 



// Allow only the sendmessage script

$MyReferrer = strtolower($_SERVER['HTTP_REFERER']);

$MyURL = strtolower($vbulletin->options['bburl'] . '/' . $vbulletin->options['contactuslink']);

if($MyReferrer != $MyURL)

{ 

    die($MyDieMessage);

} 



// Filter header injections

$MyHeaders = array(

    "Content-Type:", 

    "MIME-Version:", 

    "Content-Transfer-Encoding:", 

    "bcc:", 

    "cc:"

    );



// Loop through each POST item and check for the headers

foreach($_POST as $MyKey => $MyPostItem)

{

    $MyTempItem = strtolower($MyPostItem);

    foreach($MyHeaders as $MyHeader)

    {

        if(strpos($MyTempItem, strtolower($MyHeader)) !== FALSE)

        {

            die($MyDieMessage);

        }

    }

}



// Check for '9c53d2119880d95e96e1a71e3a6c8340' in the message body.

// This string is found in automated browsers (all yet) at the bottom.

// For completeness we parse all post variables for this string.

// Prepared for more recognition strings.

$MyStrings = array(

    '9c53d2119880d95e96e1a71e3a6c8340',

    'dc64615b0a1e1bd3cb2689bf82248b5c'              // 2006-06-27

    );



// Loop through each POST item and check for the headers

foreach($_POST as $MyKey => $MyPostItem)

{

    $MyTempItem = strtolower($MyPostItem);

    foreach($MyStrings as $MyString)

    {

        if(strpos($MyTempItem, strtolower($MyString)) !== FALSE)

        {

            die($MyDieMessage);

        }

    }

}



// Cleanup

unset($MyDieMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString);

?>

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01218 seconds Memory Usage 1,795KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: