Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 2 3 [4] 5 6   Go Down

Author Topic: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting  (Read 213645 times)

0 Members and 1 Guest are viewing this topic.

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #60 on: February 27, 2007, 04:04:16 am »

Revisited over the weekend, and have hacked Coppermine to death. Unfortunately, I haven't pluginised the hacks, but if you understand PHP, and are able to alter MySQL tables, you should be able to install it.

Hack Features:
Spam comments are added into the comment DB table, but are not displayed.
You can report false negatives to Akismet
You can report false positives to Akismet
You can submit abuse reports and delete the spam at the click of a button.

Can be found here
Logged

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #61 on: February 28, 2007, 10:47:54 pm »

And now here's an even easier way to block spam......

Just add this directly after the include/require (Or function, if you have them) declarations in db_input.php:

Code: [Select]
if(preg_match(/"db_input.php"/,$_SERVER['HTTP_REFERER'])) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);

As the spammers generally just call db_input.php with the POST variables set, the referer is usualy <gallery url>/db_input.php (if the gallery is used as it should be, the referer will be displayimage.php)

This is a much easier to implement hack, downside is, there is no reporting; with my previous hack, I've been annoying a prolific spammer over the last few days, as every abuse report has been ending up in their email inbox over the last few days, as the reports are emailed to the domain registrant. They've now blocked mail from my mailserver  ;D. It's also caused >20 of their sites to be taken down, and also 6 compromised spambots have been fixed
« Last Edit: March 01, 2007, 08:56:54 am by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #62 on: March 01, 2007, 08:58:50 am »

Downside: legitimate users (non-spammers) who run a privacy app like Norton Internet Security will not have the referer var populated and therefor will fail to be able to post comments without an error message.
Logged

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #63 on: March 01, 2007, 09:55:29 am »

Should be ok - it tests for the presence of "db_input.php" in the referer var, and blocks if it finds it. If the variable is empty, everything will proceed as normal.

It does work, I'm running NIS, and I can post on my gallery.........
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #64 on: March 01, 2007, 10:20:59 am »

Spammers will adopt to this technique pretty fast and not send a referer then.
Logged

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #65 on: March 01, 2007, 11:42:08 am »

Ah well - there's the rest of the hack then (Moved all of the spam related functions to a single include today)......either way, I've gone from lots of spam to nothing, while still getting legitimate comments.
Logged

Anrulz

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 54
Uploading dead after akismet
« Reply #66 on: March 22, 2007, 10:20:53 pm »

Hi guys I think after installing akismet I am not able to upload any pictures.
Test user: Boramir:12345678

I live in germany so the site is also in german I want to make it english but I cant after setting up to english it becomes german again my english better than german how can I use it always english ?
Logged

Anrulz

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 54
Re: Uploading dead after akismet
« Reply #67 on: March 22, 2007, 10:21:48 pm »

I cant see edit ...

www.hababam.biz/galeri is my gallery
Logged

Anrulz

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 54
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #68 on: March 22, 2007, 10:22:35 pm »

Hi guys I think after installing akismet I am not able to upload any pictures.
Test user: Boramir:12345678
www.hababam.biz/galeri

I live in germany so the site is also in german I want to make it english but I cant after setting up to english it becomes german again my english better than german how can I use it always english ?

Thanks a lot appreciated.
Logged

Anrulz

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 54
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #69 on: March 23, 2007, 11:26:55 am »

GauGau sorry for cross posting , it is an upload problem actually so I wanted to open a thread there as well , did you understand the problem ?
Logged

Anrulz

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 54
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #70 on: March 27, 2007, 10:38:53 pm »

Can somebody please tell me how do I delete this akismet thing and return my gallery back to old values because it is non sense anymore because spam bots are spamming like hell...So that at least I can upload pictures again ...
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #71 on: March 29, 2007, 08:13:01 am »

Just undo the modifications you applied.
Logged

michiel

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 21
    • Dwaalgasten Foto
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #72 on: May 12, 2007, 01:01:26 pm »

Hi,
After attempts to include Captcha in my album (http://lorelei.dwaalgasten.nl/frummel/index.php the conclusion appeared to be, unfortunately, that my hosting firm does not support it. Now I have turned to Askimet. However, I just get the white page, and the db_input.php page. At the forum several sollutions are suggested; this is what I have done sofar:
- I use Coppermine 1.4.8 and PHP4
- I have today downloaded the latest askimet.class.php file, and included in the root folder
- I have included Vody's (reply 25) suggestion; result is the white page
- I have included fcollingwood' suggestions (reply 54 and next 56): still the white page
Any other suggestions, please?
Thanks!
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #73 on: May 12, 2007, 01:24:37 pm »

- I use Coppermine 1.4.8
May or may not be related, but upgrading to the most recent stable release (currently cpg1.4.10) is absolutely mandatory no matter what.
Logged

JLB

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #74 on: June 04, 2007, 09:36:28 pm »

First, thanks very much to everyone involved in creating and refining this hack. I'm using fcollingwood's file with Coppermine 1.4.10 and installation was (or seemed to be) a snap.

I have some issues that I hope are minor, but I'd like to try to solve them myself before posting for help.  What I want to know is what logfiles would be associated with the actions taken by the hack code?  I'd like to see if I can find that I've made a simple error just by reading those logs.

(It seems to detect spam properly -- my "new comments" email indeed appends the fact that the comment has been marked as spam.  However, the comments are still visible to users.  Also, "Report and Delete" seems to hang, with no effect that I can tell.)

Thanks,
Joe
Logged

JLB

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #75 on: June 06, 2007, 03:00:47 pm »

^^OK, I've solved my problem, and this may help others as well.

I was only looking at the "Last Comments" page as an anonymous user to determine whether it was working properly.  What I eventually figured out was that it WAS blocking spam comments from being shown with individual pictures, but not on the "Last Comments" page.

Since this is the page my wife tends to view most often, it was important to me to get this fixed.

****************************
DISCLAIMER:
I'm NOT a PHP or SQL Expert. 
I'm NOT EVEN a PHP noob.
The only testing that was done was that this fixed MY problem on MY Coppermine 1.4.10 install.
****************************

It appears that the comments shown on the "Last Comments" page are queried from the section of code that begins on Line 963 of functions.inc.php (in /include)

I made very minor changes to two queries in this section, and it seems to have fixed the problem.

The first is on Line 979

The ORIGINAL, UMODIFIED QUERY:
Code: [Select]
$query = "SELECT COUNT(*) from {$CONFIG['TABLE_COMMENTS']}, {$CONFIG['TABLE_PICTURES']}  WHERE approved = 'YES' AND {$CONFIG['TABLE_COMMENTS']}.pid = {$CONFIG['TABLE_PICTURES']}.pid $TMP_SET $keyword)";
All I did was ad an "AND" to check that is_spam=0.  If you don't change this query, your spam comments will still be masked, but it will count ALL the records, and show you empty pages where the spam comments would be.

Modify the above query to match this:
Code: [Select]
$query = "SELECT COUNT(*) from {$CONFIG['TABLE_COMMENTS']}, {$CONFIG['TABLE_PICTURES']}  WHERE approved = 'YES' AND {$CONFIG['TABLE_COMMENTS']}.is_spam = 0 AND {$CONFIG['TABLE_COMMENTS']}.pid = {$CONFIG['TABLE_PICTURES']}.pid $TMP_SET $keyword)";

One more query to do.  It's on line 993.  This is the one that actually loads the comments (vs counting the comments it intends to load).

This is the ORIGINAL, UNMODIFIED QUERY:
Code: [Select]
$query = "SELECT $select_columns FROM {$CONFIG['TABLE_COMMENTS']} as c, {$CONFIG['TABLE_PICTURES']} as p WHERE approved = 'YES' AND c.pid = p.pid $TMP_SET $keyword) ORDER by msg_id DESC $limit";
Again, I just added an AND.  Modify it to match this:
Code: [Select]
$query = "SELECT $select_columns FROM {$CONFIG['TABLE_COMMENTS']} as c, {$CONFIG['TABLE_PICTURES']} as p WHERE approved = 'YES' AND c.pid = p.pid AND c.is_spam = 0 $TMP_SET $keyword) ORDER by msg_id DESC $limit";
I don't know enough to know whether it will be in exactly the same place on every install, nor whether functions.inc.php is the same on every 1.4.10 install, so that's why I thought it would be better to just post exactly what I did.  It does, however, work.

Joe
Logged

JLB

  • Coppermine newbie
  • Offline Offline
  • Posts: 3
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #76 on: June 06, 2007, 07:07:06 pm »

^^ And just one more note.  If it wasn't clear from my post, the changes I posted are to be done in addition to application of fcollingwood's hack, which is linked at the top of page 4 of this thread.  I intend to keep a copy of his files, so if he removes hosting at some point, PM me and I will provide his files + my changes.

Joe
Logged

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #77 on: June 07, 2007, 01:56:26 pm »

Thanks for tidying up the loose ends there Joe - Glad the hack helped.
Logged

fcollingwood

  • Coppermine newbie
  • Offline Offline
  • Posts: 11
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #78 on: June 30, 2007, 03:27:02 am »

Here is a source of comment spam:

http://www.netgainhosting.net/

As you can see, they make mention of rover-host.com, a spammer friendly hosting outfit. I've had quite a few attempts at spamming originate from their hosts, which are 64.22.110.34 and 64.22.110.35.

I spoke nicely to the abuse department of my hosting company, they went and had a look, and have now configured their firewalls to drop incoming traffic from these two hosts. You may want to do the same.
Logged

deandre81

  • Coppermine newbie
  • Offline Offline
  • Posts: 6
Re: Mod/Hack: Adding Akismet spam-checking to Coppermine commenting
« Reply #79 on: July 07, 2007, 09:47:53 pm »

is any of this up to date cause i got the akismet but it only comes as a 28kb file named "akismet.php" along with a gif image file "akismet.gif"
version 2.0
or have i downloaded the wrong thing....
because i get a blank screen in firefox but get this error in explorer
Fatal error: Call to undefined function: add_action() in /home/content/d/e/a/deandre81/html/coppermine/akismet.php on line 25
Logged
Pages: 1 2 3 [4] 5 6   Go Up
 

Page created in 0.08 seconds with 20 queries.