News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

butchs

Quote from: Kaitlyn on July 30, 2011, 07:59:46 PM
opened a new smf in winrar to see the file for register.php and it seems the code is the same but not sure why the error keeps happening with this one username and several others

The code there looks good.  Are the ip addresses being used the same as the actual user?  Could be a bot trying to crack the users password.  Try to do a search on the ip's used.
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

bugstomper

Quote from: Kaitlyn on July 30, 2011, 07:59:46 PMstristr() [<a href='function.stristr'>function.stristr</a>]: Empty delimiterFile: /home/human/public_html/Sources/Register.php
Line: 837

if (stristr($context['checked_username'], $txt['guest_title']) !== false) is line 837

That error is saying that it is not finding the line in Themes/YOURTHEME/languages/index.YOURLANGUAGE.php in which it says (for example in Themes/default/languages/index.english.php)

$txt['guest_title'] = 'Guest';

Well, the error actually says that $txt['guest_title'] is not set or that it is set to the empty string "". That could happen if the line that sets it does not exist in the language file you are using, or if that file says $txt['guest_title']="" or if something is unsetting the $txt array after the language flle is read.

I don't see why it would happen with some usernames and not others. And if your language file really is messed up and doesn't set $txt['guest_title'] to something, then all the places where you are supposed to see, for example "Welcome Guest" would not have "Guest" in it.

SD-X

Just throwing my two cents in, but the part where you said it only happens on some usernames and not others stood out to me. I'm not a modder or a coder, so this isn't really my area of expertise, but any chance it's caused by specific characters in usernames?

busterone

I lean towards butchs' idea as well. It would help to see the server access logs for the exact time that these errors occur. They may be bots or a human hacker attempting to inject something other than the username and password for that user. 

bugstomper

The user name shows up in the error message, where it says username=samsmith2 so there are no funny characters in it.

That line of code is during registration after the proposed user name being registered has been checked for illegal characters and if it is a duplicate of an existing user name, and now is being checked to make sure it is not the word "Guest" in the current language. The error is in getting the current language text string "Guest" from the current theme's index.LANGUAGE.php file. The string comes back as either undefined or an empty "" string, and that results in the error message.

That said, it makes no sense to me that it only happens with some user names and not others, as the error message is not about the user name string, it is about the "Guest" string. It would make more sense if it turns out that something else happens sporadically and it doesn't always happen with a particular user name.

You can look at the the errors and see if username= is always the sane user name. You can also check the access logs looking for  lines with /index.php?action=register;sa=usernamecheck;xml;username= to see if it happens every time someone tries to register or only some of the time.

busterone

That is possible, but if "guest" is not defined in the current theme's language file, it should default back to the default theme's language files. (in theory anyway).

It is certainly odd that it only occurs on a few select names, and not all.

butchs

Quote from: Kaitlyn on July 31, 2011, 08:07:09 PM
we had other users be able to register on our forum with no problems and the username samsmith doesn't even exist on our forum

Classic dictionary attacker ploy.   I hate to say this but the problem is solved:  As snoopy says it is not stop forum spam.  Maybe you need to adjust your robots.txt file as described in the ForumFirewall thread and reinstall the latest version.

If not maybe, you need one of the two mods that support project honeypot.

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

davidhs

Hello,

I wanted to install this MOD in a forum 2.0 RC2, but only works in RC4 and next.

I write a version for SMF 2.0 RC2 and StopSpammer 2.3.9 runs in my forum :)

This may be useful for someone. I only change file install_2.xml, line 344. I replace
$context['unapproved_members'] = (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 2) || !empty($modSettings['approveAccountDeletion']) ? $modSettings['unapprovedMembers'] : 0;]]></search>
for
$context['unapproved_members'] = !empty($modSettings['registration_method']) && $modSettings['registration_method'] == 2 ? $modSettings['unapprovedMembers'] : 0;]]></search>

busterone

Nice work, but there are not many still using RC2. There are security issues in RC4 and previous that you may want to consider. Upgrading to 2.0 final (or at least RC5) would be your best bet to keep your forum safe.

davidhs

Quote from: busterone on August 07, 2011, 04:38:16 PM
Nice work, but there are not many still using RC2. There are security issues in RC4 and previous that you may want to consider. Upgrading to 2.0 final (or at least RC5) would be your best bet to keep your forum safe.
I know, but I have not time to update :(

SD-X

Quote from: davidhs on August 07, 2011, 04:56:49 PM
Quote from: busterone on August 07, 2011, 04:38:16 PM
Nice work, but there are not many still using RC2. There are security issues in RC4 and previous that you may want to consider. Upgrading to 2.0 final (or at least RC5) would be your best bet to keep your forum safe.
I know, but I have not time to update :(
You should make time. There are serious security issues with the version you are using.

http://www.simplemachines.org/community/index.php?topic=422954.0

wlchase

OK, got a weird one.

I just upgraded from 1.1.14 to 2.0, and was going back to install the various mods we use, this one included. I ran the script for Stop Spammer, the check looked good, but it asked for ftp credentials to create directories, etc. I entered them, checked the connection, then hit the go button, and wham! 500 Internal Server error!

I could still ftp, the cPanel stuff worked, but access to the website via a browser was a no-go.

I checked all the permissions, all looked OK, so I contacted our hosting co. to see if they had any problems or ideas.

I'm on CharlottezWeb and the structure is /home/czforums and the site is under /home/czforums/public_html. Turns out the permissions for /home/czforums had gotten changed to 777! (?)

The hosting guy fixed that, I went back to the installation of the mod and this time, when I got the ftp request

QuoteFTP Information Required
Some of the files the package manager needs to modify are not writable.
This needs to be changed by logging into FTP and using it to chmod or
create the files and folders. Your FTP information may be temporarily
cached for proper operation of the package manager. Note you can also do
this manually using an FTP client - to view a list of the affected files
please click here.

I clicked there and saw

QuoteThe following files need to made writable to continue installation:

    /home
    /home
    /home
    /home
    /home
    /home
    /home
    /home
    /home
    /home
    /home
    /home

This doesn't look kosher!

Is this a mod issue, an SMF issue, a host issue or a me issue?

TIA!
Bill

Bill http://www.czfirearms.us  SysAdmin

snoopy_virtual

An SMF issue, and one very common as far as I have heard.

I cannot help you there because I never had this problem before, but I'm sure if you check the support forums for SMF 2.0 you will find a lot of topics talking about it.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Exsharaen

Hi snoopy,

I noticed the language pack is 2 minor version behind the mod. The mod is v2.3.9, but the language pack is v2.3.7. I checked the error log and there seems two strings are missing:

stopspammer_enable_sub
stopspammer_all_ok

I tried to find those in the languages.xml and none to find. What are the strings for these two text?

Thanks :)

HoverClub

This may not be classed as a true bug but it does end up generating critical errors (Administration login attempt!).  When a user is viewing their profile (?action=profile) and they click the Action menu->Check Member it takes them to the admin section (/index.php?action=admin;area=viewmembers;sa=query;..... - where they are asked to re-enter a password (as an admin).  Most users aren't admins so this generates the above error.

Looks like the Check Member option should only be available to mods or admins? 
Profiles.php line 318 +++
'checkmember' => array(
'label' => $txt['stopspammer_profilecheck'],
'custom_url' => $scripturl . '?action=admin;area=viewmembers;sa=query;params=' . base64_encode(serialize(array('mem_id' => $memID, 'types' => array('mem_id' => '=')))),
'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])),
'sc' => 'get',
'permission' => array(
'own' => array('profile_remove_any', 'profile_remove_own'),
'any' => array('profile_remove_any', 'moderate_forum'),
),
),

snoopy_virtual

@Exsharaen

Inside the latest version 2.3.9, inside the file languages.xml (or languages_utf8.xml depending on your encoding) you can see all these new lines:


// Changed from 2.3.8 to 2.3.9
$txt['stopspammer_check_sub1'] = 'If MOD Stop Spammer is enabled, every time we check a member:';
$txt['stopspammer_api_key_sub'] = 'If you want to use your own API key you must go first to <a href="http://www.stopforumspam.com/signup" target="_blank">www.stopforumspam.com</a> to sign up for one and write it here. If you haven\'t got one you cannot report spammers with this mod.<br /><br />If you need help with this configuration or with anything else about Mod Stop Spammer, apart from the support forums, you can also ask for online help. If you have already installed Mod httpBL you can see how to ask for online help going to Admin => MOD httpBL => Help. If you haven\'t got it you can <a href="http://www.snoopyvirtualstudio.com/contact.php?language=english" target="_blank">see more info here</a>.';

// New in version 2.3.9
$txt['stopspammer_settings'] = 'MOD Stop Spammer settings';
$txt['stopspammer_enable_sub'] = 'With this check-box checked the mod is ON. With the check-box unchecked the mod is OFF.';
$txt['stopspammer_error_no_api_key'] = 'You cannot report a spammer without an API key from www.stopforumspam.com<br /><br />You need to register on their site first, ask them for an API key and then navigate inside your forum to:<br />Admin => Members => Registration => Settings<br />Scroll down to Stop Spammer settings, write your API key there and save your settings.';
$txt['stopspammer_no_connect_1'] = 'Mod Stop Spammer is ON but there is no connection just now with Stop Forum Spam. Please try later.';
$txt['stopspammer_no_connect_2'] = 'If the problem persists ask for help in the <a href="http://www.snoopyvirtualstudio.com/foro/index.php?board=31.0" target="_blank">official support forum</a>.';
$txt['stopspammer_new_version_1'] = 'Mod Stop Spammer is ON but it is not up-to-date.';
$txt['stopspammer_new_version_2'] = 'There is a new version of this mod. The version you have is: ';
$txt['stopspammer_new_version_3'] = '<a href="http://www.snoopyvirtualstudio.com/foro/index.php?board=31.0" target="_blank">Please update it here whenever you can</a> to the new version: ';
$txt['stopspammer_all_ok'] = 'Mod Stop Spammer is ON, it is up-to-date and the connection with Stop Forum Spam is perfect.';
$txt['stopspammer_is_off'] = 'Mod Stop Spammer is OFF.';


Both lines you were talking about are there.

================

@HoverClub

I cannot check that just now because I am not using SMF 2.0 (and haven't got any intention of doing it) but it looks like you are right.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Gargoyle

@ snoopy....

I just installed this mod! I found a link to it from Project honey pot. Very cool package here... While I was looking around for the mod I found a site that looked like it was run by Snoopy.. At the top it had a funny little blurb about how many spammers the site has blocked.

I am wondering if the code to display how many spammers have been blocked was something you could share with me. I found it very amusing and would like to use it as well.

Thanks!

snoopy_virtual

@Gargoyle

I suppose you are talking about my personal forum, because that's the only place where I have put something like that. It is a forum where anybody can ask any kind of question about computers (security, programming, graphic design, games, etc, etc) and all the rest of the members will try to answer the question to help the guy who asked it (at least in theory, at the end of the day, I am the only one answering most of the questions :lol:).

Inside my server I have lots of different sites (all of them connected with each other and using the same database, but using different software and different design), but to be sure if it's one of my sites you just need to check if the address start with www.snoopyvirtualstudio.com because that's the address of my main server and all the sites inside it are in different sub-folders inside that server.

If that's the page you are talking about, I already explained before how I had done that "funny little blurb about how many spammers the site has blocked". You can see it here:

http://www.simplemachines.org/community/index.php?topic=366399.msg2864983#msg2864983

The only thing I didn't explained then was that, to do the small floating window that appears when you put your mouse over the picture, I used a javascript program called "Tipster" created by Angus Turnbull that you can download for free from www.twinhelix.com

Another thing I didn't explained then was that, in fact, the number showing in my forum is the total of spammers caught by both mods Stop Spammer and httpBL.

As I was saying in that post the amount of spammers caught by mod httpBL is inside the variable $modSettings['httpBL_count']

If you want to add also the spammers caught by mod Stop Spammer, they are inside the variable $modSettings['stopspammer_count']

So if you want to use both you should do something like:


$total_spammers_caught = $modSettings['httpBL_count'] + $modSettings['stopspammer_count'];


And use that variable $total_spammers_caught instead.

I suppose you get the idea.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Gargoyle

Okay thanks much for the info!!!

I can't wait to get a nice little count displayed for all to see... Loving this mod!!

rosuvladut

Can I ban all Awaiting approval users?
If I select reject,their accounts are deleted...

Advertisement: