Thread: spam being sent through Email To Friend - can't stop it
View Single Post
  #28  
Old 10-14-2012, 08:21 PM
kpmedia's Avatar
kpmedia kpmedia is offline
 
Join Date: Jan 2008
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You should also consider blocking the stupid-long script at the server level. For Linux, use mod_security, and for Windows use URLScan 3. Some of those injections use common query strings that serve no legitimate purpose.

The "email to friend" function is really nothing more than an open proxy in my opinion, and I'd leave it turned off. Or at best, only enable it for users that have been members longer than "X" amount of days (as in months). That last one would probably require some if/then/else comments custom added into some files, or as a custom plugin. I use things like that to limit access to certain site features.

You could even leverage htaccess/web.config or in-file PHP to block certain /8 or /16 IP ranges, to prevent use of that file. One one of my sites, we've start to block the register.php page from China subnets, because something like 0.01% was legitimate. (An alternative contact form is available for those wrongly blocked, which allows manual account creation.)

@WEBDosser : "and a few from the US" ... and those were likely Chinese users from USA based VPS used as cheap VPN/proxy. Certain hosting subnets should also be blocked. You just have to be diligent about checking server logs, and spotting trends -- and then blocking the bad incoming traffic routes.

You can also limit mail at the mail server itself. cPanel has nice plugins from Config Server, to help with this. And then you can configure the mail server.

If you're on shared hosting -- and therefore have no real server access -- then this would be a good reason/excuse to migrate to a VPS. You simply need more control to block things as you see fit.

Best of luck to you.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00999 seconds
  • Memory Usage 1,762KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete