Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2] 3   Go Down

Author Topic: Most Simple Comment Spam protection for 1.4.x  (Read 67197 times)

0 Members and 1 Guest are viewing this topic.

ceesjoore

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #20 on: November 05, 2006, 07:05:52 pm »

@pinpoint222 

Ok now it looks good all text in one line now  :D

Thanks for helping me out.
Now i have a different problem when i put a comment by a photo like this http://www.ceesjoore.nl/coppermine/displayimage.php?album=32&pos=12

the comment is added by this photo http://www.ceesjoore.nl/coppermine/displayimage.php?pos=-194
I am very confused  ???
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #21 on: November 05, 2006, 08:04:15 pm »

Hi

Solution is here

Yes . i tried it on ur site ..but i found the problem seems to be the wayCoppermine memorizes data or saves it in the cookies.(correct me if i am wrong please)..so the previous data is also posted along with new data ..

what i did i Flushed the memory before sending new data..now it wont double post or cross post.

1- Open theme.php and find this

Quote
// HTML template for the form to add comments
$template_add_your_comment = <<<EOT

       <form method="post" name="post" action="db_input2.php">
                <table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable" bgcolor="#FFFFFF">
                        <tr>
                                        <td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>



2-- Replace it with this

Quote
// HTML template for the form to add comments
$template_add_your_comment = <<<EOT

<!-- Start flushing the previous data memory-->
<?php
$msg_author = "";
$msg_body ="";
$toxic = "";
?>
<!-- end flushing the previous data memory -->


        <form method="post" name="post" action="db_input2.php">
                <table align="center" width="{WIDTH}" cellspacing="1" cellpadding="0" class="maintable" bgcolor="#FFFFFF">
                        <tr>
                                        <td width="100%" class="tableh2_compact"><b>{ADD_YOUR_COMMENT}</b></td>


Thats it. SO now all the previous name ..comments in the memory(cookies??) will be flushed empty and when the visiter will click OK. it will carry only new data. and also visitor will not be able to comment on same image more than once...

It will work.. just edit theme.php..
Logged

ceesjoore

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #22 on: November 06, 2006, 01:15:59 pm »

Hi

Solution is here

Yes . i tried it on ur site ..but i found the problem seems to be the wayCoppermine memorizes data or saves it in the cookies.(correct me if i am wrong please)..so the previous data is also posted along with new data ..

what i did i Flushed the memory before sending new data..now it wont double post or cross post.

1- Open theme.php and find this



2-- Replace it with this


Thats it. SO now all the previous name ..comments in the memory(cookies??) will be flushed empty and when the visiter will click OK. it will carry only new data. and also visitor will not be able to comment on same image more than once...

It will work.. just edit theme.php..

The problem stays, all the comments are added by this picture http://www.ceesjoore.nl/coppermine/displayimage.php?pos=-194
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #23 on: November 06, 2006, 02:03:09 pm »

Brother.. it seems that is ur coppermine gallery database problem.. that is why u are having this problem. it is not caused by my hack at all. My hack doesnt target any specific image or URL. either it affects all or it affects none.

ask for that comment posting problem with cp developer team in the miscellenouse section.

I have check it on my testing domain gallery too.this hack doesnt cross post comments.

u can check it at my testing domain ..Domain url is in the image attached..
Logged

ceesjoore

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 23
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #24 on: November 06, 2006, 02:16:43 pm »

Ok thanks for helping.
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #25 on: November 10, 2006, 02:28:45 pm »

ah!.. improper theme.php changes led to your issue. I shall Sum up the whole mod into a zip file and attach here soon SO confusion and errors donot occur for readers reading this mod.

Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #26 on: November 10, 2006, 04:17:16 pm »

Here is the MOD complete with full n final with instructions

Simply download and unzip the attachment.

It contains

1-- Most Simple Comment Spam protection for 1.doc   (MS WORD version Manual)
2-- Most Simple Comment Spam protection.pdf (pdf version Manual)
3-- done.php file
4-- capimage.jpg  File
5-- db_input2.php File

Read the instruction in doc Or PDF..and apply the Mod. :)


Logged

Master of Orion

  • Coppermine newbie
  • Offline Offline
  • Gender: Male
  • Posts: 10
    • Wonderful China
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #27 on: November 10, 2006, 08:15:48 pm »

Thanks for God :)

JohnM-UK

  • Guest
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #28 on: November 11, 2006, 02:34:27 am »

Awesome!! Thanks very much, seems to be working great...
http://www.oneuk.f2s.com/photos/
Logged

JohnM-UK

  • Guest
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #29 on: November 11, 2006, 04:55:05 am »

Well almost working. Still getting some spam. I guess someone is posting manually..?!
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #30 on: November 11, 2006, 09:46:28 am »

To all the readers of this mod. Here is something i have discovered

Spam bots read the URLs and Store the absoulte URLs information for Spamming.
Now everyone knows that the URL of db_input.php will always be something like
pathtocpgfolder/db_input.php

So the spam bots simply call the db_input.php so the spam is posted easily as the location of db_input.php is always the root of cpg folder and its file name does not change.

SO the solution

1-- Apply this Mod from zipped folder carefully
2-- Open the db_input.php

Find this
Quote
require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');


and change it to this

Quote

require('include/init.inc.php');
require('include/picmgmt.inc.php');
require('include/mailer.inc.php');
require('include/smilies.inc.php');


if ($_POST['msg_body'] != ''){
header('Location: done.php');
die();
}

 
And that is it.

What does it do.. for information

1-- msg_body means comment message posted(by spam bot  most likely).
2-- this small script checks >>>>> whether msg_body has any data or not. if it has any data(comment) then that comment is not posted and the spam bot is taken to done.php page.    if there is no data(comment) then the regular function of db_input.php continues.

3-- and that is all. we will deny the comment posting using db_input.php. Comments can only be posted using db_input2.php file which came with this mod.


Apply and i hope that stops the comments being postedby spam bot using db_input.php file.
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #31 on: November 11, 2006, 10:24:25 am »

BRAVO! i was right.

Just tested my concept using JohnM-Uk site and my site and i was absolutey right

The spam bots dont even have to come to coppermine gallery to post the spam comments. They simple POST the name value, comment value, PID value(picture id) and call the full url of db_input.php URL. and comments are added.

for readers and user of this Mod.. Apply the MOD from zipped folder and then add the New extra 3 Lines to db_input.php too. That will prevent remote spam posting through db_input.php
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #32 on: November 11, 2006, 10:31:41 am »

The spam bots dont even have to come to coppermine gallery to post the spam comments. They simple POST the name value, comment value, PID value(picture id) and call the full url of db_input.php URL. and comments are added.
Congrats - you just discovered how bots work ;).

If a significant number of users apply your mod, the bot scripts will be re-written to reflect your change and you're back to where you started.

A real protection would make it mandatory to visit the page that contains the form by coming up with a unique pattern (session hash comes to mind) there and an additional check on the page that receives the data (db_input.php) that checks for the unique id.

Everything else will just be a workaround (like the suggested change of the filename).
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #33 on: November 11, 2006, 10:38:36 am »

Thank you for the appreciation.. GauGau

As long as it works No harm in using this simple Mod.

Next version of CPG(1.5x) will have built-in one (hope so)..So when it will come then ppl can switch to it very easily.Until THAT "real protection" comes there is nothing wrong in using this MOD.
Logged

JohnM-UK

  • Guest
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #34 on: November 11, 2006, 11:19:01 am »

Well I have now applied your latest code (in db_input) on my site. Let's hope it works..
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #35 on: November 11, 2006, 12:46:08 pm »

Yes u have applied the code properly. I tried to post comment to ur gallery remotely but now i cannot.So it is working sofar.

I Hope this Zipped MOD + 3 new lines in db_input.php will prevent the total spam.

Give the feedback here after 2-3 days.
 Peace :)
Logged

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #36 on: November 11, 2006, 04:10:40 pm »

Version 1.0 of this MOD/Hack has been added to the Starting Post of this Thread on page 1.(dated Nov. 11, 2006).

1-- All instructions and Files required are in that zipped folder.
2-- All future versions shall be added to the First/Starting Post now to prevent duplicates and confusion.


Logged

h4nh4n

  • Translator
  • Coppermine novice
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 38
  • God loves you!
    • Indonesian Actress
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #37 on: November 19, 2006, 11:57:14 am »

Thanks for this mods, I have successfully installed on my cpg :)

I have no idea where the spambot came from :confused: as I got 1000 of spam just in 5 hours, but with this mods hopefully there's no spam anymore!
Logged
Artis Indonesia - Albums of Indonesian Actresses
Johan Ng - Personal Website

pinpoint222

  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 77
    • The Rawalpindi Website
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #38 on: November 19, 2006, 12:02:55 pm »

Mod version 1.0  is attached to the first post of this thread

By default.. db_input.php is open to spam in CPG ..Known issue. So protection is provided to db_input.php and db_input2.php in this mod.

instead of 6B38 code You can also use your own image with code written on it.That is optional.
Logged

manne

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 27
Re: Most Simple Comment Spam protection for 1.4.x
« Reply #39 on: November 29, 2006, 01:14:20 pm »

Hello pinpoint222,

Good work. Is there a way to get random images with confirm code?
So it doesn't use the same code everytime?

Regards,
manne
Logged
/manne
Pages: 1 [2] 3   Go Up
 

Page created in 0.028 seconds with 20 queries.