i've been bronzed

New Member Joined: Mar 05, 2005 Posts: 20

hello everyone, just had a quick question and i hope i'm posting in the correct place. i started noticing very strange things happening in my review comment section-someone keeps posting these strange bronze links
i left one up so you can view...
http://mestupid.com/modules.php?name=Reviews&rop=showcontent&id=20

has anyone seen this before? there is no name after the "posted by' part, so i don't know how to block them or how they post because anonymous users aren't supposed to leave comments, i double checked that it was on.

can anyone help me stop the bronze bandit?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I just sent a test comment and it accepted it. What setting is it that you think blocks anonymous users from posting a comment to Reviews? You would need to restrict it to Registered users only.

Posted: Sun Mar 20, 2005 1:35 pm

I found that crap in mine also. I have disabled Comments by altering the code and that will still allow visitors to read the reviews. A better solution would be to require admin approval of all comments, the same as with reviews.

Posted: Sun Mar 20, 2005 1:46 pm

hey, Raven, in preferences it is set up like this, Allow Anonymous to Post? no

is there another setting to restrict it to Registered users only?

Posted: Sun Mar 20, 2005 2:47 pm

That's for NEWS, not Reviews.

Posted: Tue Mar 22, 2005 3:08 am

Just found this on my site too, took ages to clear all those comments.
I think there is a need here to add extra checking in the function_comments() for those that wnat ot keep the reviews module set to all visitors but restrict comments posting to registered users.
I'm going to check my logs to see if I can find a common denominating IP for the times the comments were posted and the access logs of IP tracker and Matys Web Analysis module.
If I find anything I'll post back if I can verify and confirm the offending IP (assuming they were not using a proxy list).

Posted: Tue Mar 22, 2005 9:21 am

It shouldn't be to hard to patch those comments something like this
if(!is_user($user)){Header("Location: modules.php?name=Your_Account&op=login&redirect=Reviews");}

Posted: Tue Mar 22, 2005 9:45 am

i'll give that a try, sixonetonoffun, which file does that get added to?

Posted: Tue Mar 22, 2005 10:15 am

I get bogus users almost every day trying to add accounts for "other" purposes. While that may slow them down, they can still enter a bogus user account and do their damage. Imo, the best modification would be to require admin approval on comments, just like on the original review. Which, when you think about it, only makes sense. Why only approve the review Laughing

? For now, I have just blocked all comments from reviews.

Posted: Tue Mar 22, 2005 10:33 am

May I ask how you achieved that?

Posted: Tue Mar 22, 2005 10:57 am

As one of my mentors once said, "you may ask" ROTFL

In modules/Reviews/index.php, functions postcomment and savecomment, I added these lines of code right after the OpenTable();

Code:

    echo "This function is disabled.  You have tried to directly access this and your IP has been logged.  After investigation your IP may be banned from this site if it is determined that you didn't just happen to wander in here.";


    CloseTable();


    include('footer.php');


    die();

Posted: Tue Mar 22, 2005 11:03 am

Thank you Raven. Smile

Posted: Tue Mar 22, 2005 9:39 pm

sixonetonoffun wrote:

It shouldn't be to hard to patch those comments something like this
if(!is_user($user)){Header("Location: modules.php?name=Your_Account&op=login&redirect=Reviews");}

Has this been tried yet?

Posted: Tue Mar 22, 2005 9:58 pm

As I said, all that that will do is force a user to login. It doesn't prevent them from posting garbage.

Posted: Tue Mar 22, 2005 11:06 pm

i'd like to have them have to log in to post, because then i can still have user input for the reviews and an easy way to deal with the people that post crap and i don't really want to approve every one.

i'd like to try sixonetonoffuns code may i ask what file i need to add it to?

Posted: Tue Mar 22, 2005 11:18 pm

modules/Reviews/index.php

Posted: Wed Mar 23, 2005 9:49 am

I think the point Raven was trying to make (correct me if I'm wrong Gaylen) but having a forced user log-in is one thing, tracing a logged in user is not so simple given that they will probably be using a list of proxy servers or indeed spoofing the IP and also, probably using a free 'throw away' email account to register on the site - making banning them difficult as you may well ban a legitimate IP address.

I have managed to ascertain, by comparing the time of the comments posting and the accessing the appropriate url at that time, over 20 different IP addresses had been used on my site for the purposes of spamming the comments area.

The only sure way of preventing an occurance is by intercepting the comment posting and having it manually checked by the site admin prior to posting or disabling comment posting altogether.

Posted: Wed Mar 23, 2005 9:59 am

Exactly!

Posted: Wed Mar 23, 2005 12:32 pm

just out of curiosity what do people like this have to benefit from this spam-- what do they get out of it, traffic? there is like 30 different links.
Do some people enjoy writing spamming programs to simply annoy others, or is it usually about getting traffic?

Hangin' Around Joined: Jul 17, 2003 Posts: 29

I have changed the links for my reviews comments and have pointed them to an appropriate area on the forums.
They can read all they like but cant post unless they have joined the site.
I feel it gives more control over the poster, maybe wrong but it has worked thus far.

Posted: Wed Mar 23, 2005 11:09 pm

skeen wrote:

I have changed the links for my reviews comments and have pointed them to an appropriate area on the forums.
They can read all they like but cant post unless they have joined the site.
I feel it gives more control over the poster, maybe wrong but it has worked thus far.

how did you do that, skeen?

Posted: Thu Mar 24, 2005 3:05 am

At one point I had to turn off comments at two of my sites, a PHP-Nuke & a Nucleus, because of spam comments. Not "bronzed", but tons of links to casino sites couched in nonsense statements. Google, MSN, and Yahoo are trying to address the comment-spam issue by making the posting of spam links worthless:

http://blog.outer-court.com/archive/2005-01-19-n46.html

Quote:

From now on, when Google sees the attribute (rel="nofollow”) on hyperlinks, those links won’t get any credit when we rank websites in our search results. This isn’t a negative vote for the site where the comment was posted; it’s just a way to make sure that spammers get no benefit from abusing public areas like blog comments, trackbacks, and referrer lists. (...)

We’ve also discussed this issue with colleagues at our fellow search engines and would like to thank MSN Search and Yahoo! for supporting this initiative. (...)

We encourage you to use the rel="nofollow” attribute anywhere that users can add links by themselves, including within comments, trackbacks, and referrer lists.

I know it's not a solution in and of itself, but it might take away much of the incentive for spam comments.

Posted: Sun Mar 27, 2005 10:02 pm

Sorry for the delay in reply pudbat..

Ok create the forum you want to use for comments then look for the following.

Ok in Reviews module or MRReviews module whichever the case look in index.php, for phpnuke it is around line 570 for the following

echo "[ <a href=\"modules.php?name=MReviews\">"._RBACK."</a> | "
."<a href=\"modules.php?name=MReviews&op=list_revs&cid=$row[cid]\">"._BACKTO." $row2[title] "._INDEX."</a> | "
."<a href=\"m o d ules.php?name=Forums&file=index&c=5 \">"._REPLYMAIN."</a> ]";

You will see i have highlighted where you need to put the code and I have had to add some spaces so this forum would accept the code.

In Nuke Platinum it is around line 706 and the same applies.

Hope this helps as I am only a weekend warrior so to speak when it comes to coding, but if i can help i will try.