Watchout for submitted weblinks

persona_non_grata · Joined: Posts: 0

I think that the casino sites are finding other ways to mixed up in ous sites/ranks whatever.
Today someone submitted a website (looked as a useless site) and used a email address from (casino watch dogs) .
I know the casino world of spammers are very busy finding an entrance into nuke..
I get attacks by bots now atleast a few times a week.
Whats all behind this i dont know,but i strongly suggest you watch out with what you approve..

manunkind · Posted: Sun Oct 30, 2005 9:53 am

Yeah, I get about 15-20 submittals a week for casino stuff. I just keep deleting. Smile

persona_non_grata · Joined: Posts: 0

To your weblinks mod ?

Susann · Posted: Sun Oct 30, 2005 11:59 am

Be sure spammers are always looking for new chances. I don t know why they are interested in our downloads-section. Got several mails.

Code:

String-: base-poker.com
--------------------
User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Windows 98)
Query-String: ww w.mysite.com/modules.php?name=Downloads&d_op=viewdownload&cid=6&orderby=ratingA
Get String: ww w.mysite.com/modules.php?name=Downloads&d_op=viewdownload&cid=6&orderby=ratingA

persona_non_grata · Joined: Posts: 0

well my guess is,is they are looking for form fields..

manunkind · Posted: Sun Oct 30, 2005 2:49 pm

persona_non_grata wrote:

To your weblinks mod ?

Yes.

We need a mod for Web Links where we can leave it open for Guests, but require a membership to submit links. Right now, if you turn it off for Guests, they can't even see the links at all. (I keep it turned on to Guests for the Search Spiders)

The ideal Web Links module would be open to everybody for viewing, but a switch in the Admin area to require memberships to actually submit links. That would fix this whole problem.

persona_non_grata · Joined: Posts: 0

Huh?
Isnt that what we already have?
Mine is viewable,and you can submit but only on approval..

manunkind · Posted: Sun Oct 30, 2005 3:08 pm

But they can still submit links to the site.

I'm talking about as soon as they click the "Add Link" link, it checks for a membership and stops them right there. This would eliminate the Admins having to delete all these bogus submissions from spammers. (Spammers will not normally register an account)

persona_non_grata · Joined: Posts: 0

oh...that,but i guess they havent created an auto form /bot yet..but as soon as they do that sentinel kicks them out..

Susann · Posted: Sun Oct 30, 2005 3:39 pm

@Manunkind
Maybe this could be done through a small piece of code, but is it really necessary ? I have my doubts, because we have also NukeSentinel.
And you are wrong .Time changes Spammers also register to reach their intensions. Of course there are different ways to spam.

-------
edit: I could tell you the different ways but why should I give such dirty spammers new ideas ? Therefore I don´post this public.

manunkind · Posted: Sun Oct 30, 2005 4:20 pm

Susann wrote:

@Manunkind
Maybe this could be done through a small piece of code, but is it really necessary ? I have my doubts, because we have also NukeSentinel.

NukeSentinel does not prevent this. I've been running NS since the very first version and I've always had to deal with Web Link Submissions Spam.

persona_non_grata · Joined: Posts: 0

well then you must be a special case.
but i think you mean that people tried to abuse your weblinks..
cause im pretty sentinel prevents this.
if im wrong then i asume they jump in here..

manunkind · Posted: Sun Oct 30, 2005 4:49 pm

All I was saying above was that adding a check to the Add Link function should take care of all this.

But now I'm confused. How does NukeSentinel prevent a guest from clicking on the Web Links module, clicking on Add Link and submitting their information? And at the same time, allowing the exact same procedures for guests that are submitting valid and related links?

Susann · Posted: Sun Oct 30, 2005 4:51 pm

He is talking about people and no automatic programms. NukeSentinel works if they are in the blocks see above. Stop words e.g.like casino, poker used in blocks and forums can prevent this. Guests can add weblink. I have to think about it again.

persona_non_grata · Joined: Posts: 0

partly right susann but...
Before it get mixed up,were talking about bots for now...
the same auto stuff that wondered around in blog world a long time.
but now they finaly have thought off enough security tricks to ignore them.
and now they come to check out nuke world starting with guestbooks..
But as i said,its the posting that kills them,and the same thing will happen if they try that with the weblinks module.
atleast 2 times a week they still try it,then my guestbook is a victim by such a bot but sentinel blocks it completely..

VinDSL · Posted: Sun Oct 30, 2005 6:20 pm

manunkind wrote:

But now I'm confused...

Now I'm confused... Very Happy

I shelled into my account and was digging through the code, when I realized it checks to see if you're logged-in before you can submit a web link. So, I tried it (which I should have done first)...

All visitors can see the web links, but you need to be a member and logged-in to submit a web link. Try it yourself...

Only registered users can see links on this board!
Get registered or login to the forums!

What am I missing here Question

persona_non_grata · Joined: Posts: 0

well nice point you have there vin...
i never realise it cause im allways logged in as admin and member..
only on ocassions that i need some checking from a members p.o.v i login as only member...

Susann · Posted: Sun Oct 30, 2005 7:07 pm

Seems there are different weblink versions. It´s possible to add a link.

Is this the point ?

l_config

Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)

manunkind · Posted: Sun Oct 30, 2005 7:57 pm

Mine is the default 7.6 module and you CAN submit links as a guest.

manunkind · Posted: Sun Oct 30, 2005 8:01 pm

Susann wrote:

Is this the point ?

l_config

Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)

There it is! That should fix the problem. Thank you so much! Smile

Susann · Posted: Sun Oct 30, 2005 8:04 pm

Fine

VinDSL · Posted: Sun Oct 30, 2005 10:50 pm

Susann wrote:

l_config

Doh! That's hilarious! Good catch, Susann!

Note to self: Don't attack problem[s] before first pot of coffee! Mr. Green

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

Ok I'm confused!
Which is not hard for me.

In my l_config file it was already set to
$blockunregmodify = 1;

However, unregistered users are still spamming my Weblinks Submission area.

jakec · Posted: Thu Jun 28, 2007 6:25 am

What version of Nuke are you using?

I believe it is possible to bypass this check in some versions of Nuke.

This should be fixed in RN and you can also enable the captcha in rnconfig.php for submissions.

myrtletrees · Worker Joined: Sep 13, 2005 Posts: 140

Nuke 7.6 Raven...

ahh I found it..and it is opposite of the norm

$links_anonaddlinklock: Lock Unregistered users from Suggesting New Links? (0=Yes 1=No)

1 is usually Yes, and 0 is usually No....