The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
09-01-2021, 02:18 AM
|
|||
|
|||
protection against refresh spam ?
Hello, is there a way to protect site against refresh/F5 spam attacks
I found out you can overload/crash a vb site just by keeping F5 pressed, this is crazy is there a way to limit page refresh to once per every x minutes, cookie based if possible if not possible can you at least disable F5 & ctr+R without making refresh completely impossible 
|
|
#2
09-01-2021, 07:57 PM
|
||||
|
||||
|
Quote:
https://www.c-sharpcorner.com/blogs/...rowser-refresh
|
|
#3
09-01-2021, 08:17 PM
|
||||
|
||||
|
These articles as well...
https://coderanch.com/t/603666/java/...e-Page-Refresh http://aspalliance.com/687_Preventin...n_Page_Refresh Maybe there is code in this addon that can be used? https://vbulletin.org/forum/showthread.php?t=221739
|
|
#4
09-02-2021, 12:29 AM
|
|||
|
|||
|
Quote:
Quote:
That 1st link is interesting but not sure how to include that code between the <% %> tags. Is is compatible with the <script> tag? Sorry to ask instead of testing but I have no offline test site right now, so want to be sure what I'm doing isn't going to break things badly.
|
|
#5
09-07-2021, 01:17 AM
|
||||
|
||||
|
Quote:
https://stackoverflow.com/questions/...lr-was-pressed Quote:
|
|
#6
10-11-2023, 12:44 PM
|
|||
|
|||
|
Quote:
the code below works for F5, do you know how to change it to include CTR key too? Code:
<script type = "text/javascript">
window.onload = function () {
document.onkeydown = function (e) {
return (e.which || e.keyCode) != 116;
};
}
</script>
---- ***edit found the solution, use this to disable ctrl key : Code:
<script type = "text/javascript">
document.addEventListener("keydown", function (event) {
if (event.ctrlKey) {
event.preventDefault();
}
});
</script>
|
|
#7
10-12-2023, 06:25 PM
|
|||
|
|||
|
Now I've got another problem, the above blocks any combination of CTRL+? including copy/paste which is useful. Any way to block only CTRL+R ?
***edit, I have found one that works for CTRL+R only and still allows other CTRL combinations Code:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function () {
$(document).on("keydown", function(e) {
e = e || window.event;
if (e.ctrlKey) {
var c = e.which || e.keyCode;
if (c == 82) {
e.preventDefault();
e.stopPropagation();
}
}
});
});
</script>
|
|
#8
10-13-2023, 11:09 AM
|
||||
|
||||
|
The script you provided blocks the Ctrl+R key combination, which is commonly used to refresh a page. However, it doesn't block the F5 key, which is also commonly used for refreshing. Additionally, relying solely on JavaScript for security or anti-spam measures is not foolproof, as users can disable JavaScript or bypass it using browser developer tools.
Here's an improved version of your script that blocks both F5 and Ctrl+R: Code:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function () {
$(document).on("keydown", function(e) {
if (e.which == 116 || (e.ctrlKey && e.which == 82)) { // 116 is F5, 82 is 'R' key
e.preventDefault();
e.stopPropagation();
}
});
});
</script>
|
|
#9
10-13-2023, 11:18 AM
|
||||
|
||||
|
Use/Test at your own risk
 and don't forget to correct the file paths in the code (based around vB4)Implementing a CAPTCHA challenge after a certain number of refreshes in vBulletin 4 requires a combination of client-side and server-side scripting. Here's a step-by-step guide to achieve this: 1. Client-Side Scripting: First, we'll use JavaScript to count the number of page refreshes. Code:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<script type="text/javascript">
var refreshCount = localStorage.getItem('refreshCount') || 0;
$(document).ready(function () {
refreshCount++;
localStorage.setItem('refreshCount', refreshCount);
if (refreshCount > 5) { // Change 5 to the number of refreshes you want to allow before triggering CAPTCHA
$.ajax({
url: 'path_to_your_vbulletin/captcha_trigger.php',
method: 'POST',
data: { triggerCaptcha: true },
success: function(response) {
if (response === 'show_captcha') {
// Redirect to a page or pop up a modal to show the CAPTCHA challenge
window.location.href = 'path_to_your_vbulletin/show_captcha.php';
}
}
});
}
});
</script>
2. Server-Side Scripting: captcha_trigger.php: This script will handle the AJAX request and set a session variable to trigger the CAPTCHA. Code:
<?php
session_start();
if (isset($_POST['triggerCaptcha']) && $_POST['triggerCaptcha'] == true) {
$_SESSION['show_captcha'] = true;
echo 'show_captcha';
}
?>
show_captcha.php: This script will display the CAPTCHA challenge to the user. Code:
<?php
session_start();
if (isset($_SESSION['show_captcha']) && $_SESSION['show_captcha'] == true) {
// Display your CAPTCHA challenge here. You can use vBulletin's built-in CAPTCHA or integrate with a third-party service like reCAPTCHA.
// After displaying the CAPTCHA, reset the session variable
$_SESSION['show_captcha'] = false;
} else {
// If the session variable is not set, redirect the user back to the main page
header('Location: path_to_your_vbulletin/main_page.php');
}
?>
3. Integration with vBulletin:
This solution will present a CAPTCHA challenge to the user after they refresh the page a certain number of times. Adjust the threshold as needed. Remember to test thoroughly before deploying to a live environment, I recommend using a staging environment / cloned or copied version of your main site.
|
|
#10
10-22-2023, 05:23 PM
|
|||
|
|||
|
@TheLastSuperman
now I have another problem with the js library https://ajax.googleapis.com/ajax/lib.../jquery.min.js I has caused a bunch of other problems on the page. Any way to implement this with the native jquery of vb4 ?
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 06:25 PM.