Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 07-13-2011, 10:27 PM
basketmen's Avatar
basketmen basketmen is offline
 
Join Date: Nov 2006
Posts: 446
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Prevent php regex, someone using private.php maybe using they bot spammer script

Hi guys,

about few days a go, my members got a lot enough spam private messages from few spammer members, its looks like there is a bot spam script outthere, to search members username and send spam private messages, maybe using php regex

is there a way to prevent private.php page by accessing from other server, so only real user that can accessing the page? maybe like prevent hotlinking image

Nb.
I already set member can only send 5 pm at once. But they can still sending constant pm. I get simillar pm from forums.digitalpoint.com few times before, even my account dont have post yet there

Its not about the pm's settings, but how to prevent this private.php page, and other page that can accessed and abused by script from other server maybe using regex

please share your knowledge guys
Reply With Quote
  #2  
Old 07-13-2011, 11:41 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just set the throttle to one PM per hour for your new member usergroup. And add a function for members to report PMs. Then you will discover spammers quickly.
Regarding the use of bad bots / scripts: look into vb Bad Behavior to block those.
Reply With Quote
  #3  
Old 07-14-2011, 10:43 PM
basketmen's Avatar
basketmen basketmen is offline
 
Join Date: Nov 2006
Posts: 446
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

like in first post, Its not about the pm's settings, they can set the bot to send only x pm's perhour too if we change it, and create new members/new ip address even we already ban it

the best example is in webmaster central forum, forums.digitalpoint.com, if you are the member there, sometime you will get pm's like this from spammers

it is better if there are way to block private.php page used by cross linking, only allowed real user

please share if anyone know how to make private.php page more secure
Reply With Quote
  #4  
Old 07-15-2011, 12:04 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Maybe you could do one of:

- Add human verification to PMs
- Add an extra text field or checkbox to the PM form then check for it before sending a PM
- Rename private.php to something else (you'd also need to find everywhere private.php is used in the code and templates and change those too).

But of course all of those would require some programming, and possible editing of vb files.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:11 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04434 seconds
  • Memory Usage 2,184KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete