No more spam in News Comments

New Member Joined: Aug 02, 2006 Posts: 12

Here is a very simple hack, to stop spammers from posting porno links into news comments !

Code tested for PhpNuke 8.0 :

Open the file modules/News/comments.php

Find the lines :

Code:




      if ($nuke_editor == 0) {


          echo "<font class=\"content\">"._ALLOWEDHTML."<br>";


          while (list($key,) = @each($AllowableHTML)) echo " &lt;".$key."&gt;";


          echo "</font><br><br>";


      } else {


         echo ""._HTMLNOTALLOWED."</font><br><br>";


      }

Remplace to :

Code:




    if ($nuke_editor == 0) {


        echo "<font class=\"content\">"._ALLOWEDHTML."<br>";


        while (list($key,) = @each($AllowableHTML)) echo " &lt;".$key."&gt;";


        echo "</font>";


    } else {


        echo ""._HTMLNOTALLOWED."</font>";


    }


    mt_srand ((double)microtime()*1000000);


    $maxran = 1000000;


    $random_num = mt_rand(0, $maxran);


    if (extension_loaded("gd") AND $gfx_chk != 0 ) {


        echo "<b>"._SECURITYCODE.":&nbsp;&nbsp;</b><img src='?gfx=gfx_little&random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'>\n";


        echo "<b>"._TYPESECCODE.":&nbsp;&nbsp;</b><input type=\"text\" NAME=\"gfx_check\" SIZE=\"3\" MAXLENGTH=\"3\">\n";


        echo "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";


    } else {


        echo "<input type=\"hidden\" name=\"random_num\" value=\"$random_num\">\n";


    }

OPTIONAL : Removes post button, forces user to review before posting !
Find the line right after :

Code:




      ."<input type=\"submit\" name=\"op\" value=\""._OK."\"> "._GOBACK."\n"

Change to :

Code:




      .""._GOBACK."\n"

Find the line :

Code:

function replyPreview ($pid, $sid, $subject, $comment, $xanonpost, $mode, $order, $thold) {


  global $module_name, $user, $cookie, $AllowableHTML, $anonymous, $anonpost, $userinfo;

Add in global :

Code:

$gfx_chk, $sitekey

No resembles :

Code:

    function replyPreview ($pid, $sid, $subject, $comment, $xanonpost, $mode, $order, $thold) {


  global $module_name, $user, $cookie, $AllowableHTML, $anonymous, $anonpost, $userinfo, $gfx_chk, $sitekey;

Right below, juste after the line :

Code:

$pid = intval($pid);

Add :

Code:




    $datekey = date("F j");


    $rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . filter($_POST['random_num'], "nohtml") . $datekey));


    $code = substr($rcode, 2, 3);


    if (extension_loaded("gd") AND $code != filter($_POST['gfx_check'], "nohtml") AND $gfx_chk != 0) {


    OpenTable();


    echo "<center><font class=\"title\"><b>"._SECURITYCODEERROR."</b></font></center>";


    CloseTable();


    include ("footer.php");


    die();


    }

At the end of the function, find :

Quote:

."<input type=submit name=op value=\""._PREVIEW."\">"

And REMOVE LINE

Open your LANGUAGE FILES, and add the following line :

Code:

define("_SECURITYCODEERROR","ERROR ! You have entered a bad code !<br>[ <A href=\"javascript:history.go(-1)\">Return</A> ]");

Thats it ! the spam bot has to input the code, before they can post !

DEATH TO SPAMMERS !

Posted: Tue Jun 19, 2007 12:18 am

How about upgrade to RavenNuke? Wink

Posted: Tue Jun 19, 2007 2:42 am

Great idea ! The only other "solution" was to disactivate the comments...... ;(

I also noticed, the bots are posting on OLD articles, deep in the archives of my sites; out of human site, but not google.....

Posted: Tue Jun 19, 2007 5:59 am

Unfortunately that is a common problem with other versions of Nuke. Sad

Posted: Tue Jun 19, 2007 6:06 am

ALL versions of Nuke you mean...... Well, this works, untill the bots hack the GFX image.....

Posted: Tue Jun 19, 2007 6:16 am

All versions except RavenNuke. Wink

Posted: Tue Jun 19, 2007 6:57 am

Not on the site here.... In fact, I tryed. And I was able to post a line of garbage, no prob.

On the other hand, if you could remove it for me..... Wink

registered · Posted: Tue Jun 19, 2007 7:18 am

Do you allow anonymous comment posting in your preferences? Do you have the latest patches?

I have never had a problem with this when anonymous comment posting is disabled, either on PHP-Nuke 7.9 with the 3.2 patches, or with RavenNuke.

This site here is not actually running the latest RavenNuke, I don't believe....

registered · Posted: Tue Jun 19, 2007 7:55 am

This site is NOT RavenNuke!

RavenNuke(tm) version 2.10.00 and above has a spam captcha built in that when enabled in the rnconfig.php (it is enabled by default), it effectively stops this. This is why everyone here is saying that RavenNuke(tm) has this issue solved already.

Posted: Tue Jun 19, 2007 10:24 am

If you don't believe us I will give you a link to my test site and you can try and post some spam. Wink

Posted: Tue Jun 19, 2007 10:59 am

seventys

you are right with hide button and the preview function. Preview before posting is a way to protect the forum from spam.
I had never a problem with comments spam but I´ve seen many, many sites filled with spam and the comment function was disabled for quests.
From the earliest versions of standard Nuke there was always a security problem with news, comments and sent to friend option. Sad

Of course the weblinks and the downloads had similar security issues.
In summary it may be said in my version didn´t exist a modul without a security problem. A reason for me to use only RavenNuke.

They changed the send to friend function later to fix this.
But if I where you I would observe this function also.

However, RavenNuke its protected like Montego said.

And Truden has made last year a cool mod to prevent comment spam in 7.6 and from the logic within the code I believe its a very good protection.
http://www.truden.com/

If you are interested check also his newest forums mod "Trubar" the next version.
NukeSentinel does also a good job. Some days ago I got this for my unknown testsite .

Quote:

Date & Time: 2007-06-12 13:19:52 CEST GMT +0200
Blocked IP: 69.125.84.90
User ID: Anonymous (1)
Reason: Abuse-Script
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Query String: www.my-site,de/modules.php?name=Submit_News
Get String: www.my-site.de/modules.php?name=Submit_News
Post String: www.my-site.de//modules.php?subject=Levitra Viagra Cialis Phentermine&alanguage=albanian&story=
autoca.org/_chat/00002486.htm <a href="autoca.org/_chat/00002486.htm">Buy Cheap Viagra</a> [url=autoca.org/_chat/00002486.htm]Buy Cheap Viagra[/url]
rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm <a href="rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm">Tramadol Online</a> [url=rack1.ul.cs.cmu.edu/vioxx2/_disc1/00003dfc.htm]Tramadol [/url]
etc.
etc.
&op=Vorschau

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

seventys wrote:

Not on the site here.... In fact, I tryed. And I was able to post a line of garbage, no prob.

On the other hand, if you could remove it for me..... Wink

As Montego said, this site is not RN. I have made so many hacks and customizations to this site (originally 6.5) that I have not had the time to transfer. But, I will (I hope).

To test RavenNuke(tm) http://www.ravennuke.com

Posted: Wed Jun 20, 2007 4:11 am

Ok ok !

My sites all have members only comments, but that doesn't stop them....

I like the hack, at least it forces a few more manipulations, enough to stop most spam. I also have Nukesentinal, but it doesnt stop everything....

Just keep ahead of them !