Hi,
my two sites running PN .750 and postguestbook 0.6.0 get spam entries for the last couple of days. About 10 a day. I delete them because I didn't find any way to avoid them. Guestbook is opened for everyone to post and I don't want to change that.
Is this happening on any other site, too?
An interim solution could be to rename the module but I'd like to know whether there's another solution.
Regads,
Olly
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- mesteele101 responded to »ERR (3): E_USER_ERROR: Smarty error: [in pagesvar:pagesitem2en line XXX]…« 07:01 AM
- mazdev responded to »Pages 2.5.0 and updating - Page not found« 06:41 AM
- ehdwma created topic »Hide "Register new account" and change template to 3 col« 06:27 AM
- mesteele101 responded to »Zikula 1.3.3 - Selecting a category in Pages not working« 01:29 AM
- mdee created topic »How to implement returnpage ?« 01:00 AM
- nestormateo responded to »Fillters in Clip« 24. May
- damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 24. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
postguestbook: my sites get spammed
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 16, 2005
- Posts: 5
Posted: Jun 08, 2005 - 11:08 PM
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 12, 2005
- Posts: 1
Posted: Jun 09, 2005 - 06:20 AM
Same thing happens on my guestbook, using the 0.4 version. Got a lot of entries some 4 weeks ago, and today some 15 new entries. More about the subject here :
http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=37379&highlight=postguestbook -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 16, 2005
- Posts: 5
Posted: Jun 10, 2005 - 12:31 AM
Hi,
I changed postguestbook restrictions to controlled by permissions and allowed only registered users to post. Unregistered users have no rights at all. That works when acting like a user, I tested it.
But I still get spammed. Exploit???
Anyone out there with some information?
Regards,
Olly -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 15, 2005
- Posts: 4
Posted: Jun 10, 2005 - 02:28 AM
We solved spam on our guestbook ( PN 0.76, PostGuestbook 0.6.0) by banning the IP's of the sender. We didn't use the rights system
because we want to have een open guestbook for everybody.
In order to ban particular IP's you need to edit /modules/postguestbook/pnuserapi.php
Then edit the function postguestbook_userapi_create, to make it easy for everbody here is our code..
/**
* create a new Guestbook entry.
* @param GuestBookEntry
*/
function postguestbook_userapi_create($entry)
{
pnModDBInfoLoad('postguestbook');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$guestbook_table = $pntable['postguestbook_guestbook'];
$guestbook_column = &$pntable['postguestbook_guestbook_column'];
$entry->prepForStore();
if (strlen($entry->pn_uid) == 0)
{
$uid = 'NULL';
}
else
{
$uid = $entry->pn_uid;
}
$SQL = "INSERT INTO $guestbook_table ($guestbook_column[name],
$guestbook_column[owner_uid],
$guestbook_column[email],
$guestbook_column[ip],
$guestbook_column[message],
$guestbook_column[comment],
$guestbook_column[homepage],
$guestbook_column[members],
$guestbook_column[timestamp],
$guestbook_column[private_msg],
$guestbook_column[location],
$guestbook_column[mood],
$guestbook_column[user1],
$guestbook_column[user2],
$guestbook_column[user3],
$guestbook_column[user4],
$guestbook_column[user5],
$guestbook_column[disable_html],
$guestbook_column[disable_bbcode],
$guestbook_column[disable_autolinks],
$guestbook_column[pn_uid])
VALUES ('$entry->name',
'$entry->owner_uid',
'$entry->email',
'$entry->ip',
'$entry->message',
'$entry->comment',
'$entry->homepage',
'$entry->members',
CURRENT_TIMESTAMP,
'$entry->private_msg',
'$entry->location',
'$entry->mood',
'$entry->user1',
'$entry->user2',
'$entry->user3',
'$entry->user4',
'$entry->user5',
'$entry->disable_html',
'$entry->disable_bbcode',
'$entry->disable_autolinks',
'$uid')";
//$result = $dbconn->Execute($SQL) or die($dbconn->ErrorNo() . ": ". $dbconn->ErrorMsg() . ":$SQL");
// IP Ban Spammers
if ( ( $entry->ip == "24.51.75.114" ) ||
( $entry->ip == "200.62.182.149" ) ||
( $entry->ip == "0.0.0.0" ) ) {
$ban = true; // not really necessary
} else {
$result = $dbconn->Execute($SQL);
} // IP ban Spammers
I hope this will help everbody, until somebody writes a better solution to the problem. The code isn't very beautiful, but it works :)
Greetz,
Tom Steenbergen
Webmaster asopos.nl -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 16, 2005
- Posts: 5
Posted: Jun 13, 2005 - 01:58 AM
Hi,
finally it's solved. Not really solved, it's more a workaround.
I used the modified pnuser.api from thread http://forums.postnuke.com/index.php?name=PNphpBB2&file=viewtopic&t=41314
and assigned permissions for registered users only.
Regards,
Olly -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 15, 2005
- Posts: 4
Posted: Jun 15, 2005 - 01:09 AM
Since a couple of days we completley blocked spam on our website, here the code we have modified again in in pnuserapi.php, here the code..
/**
* create a new Guestbook entry.
* @param GuestBookEntry
*/
function postguestbook_userapi_create($entry)
{
pnModDBInfoLoad('postguestbook');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$guestbook_table = $pntable['postguestbook_guestbook'];
$guestbook_column = &$pntable['postguestbook_guestbook_column'];
$entry->prepForStore();
if (strlen($entry->pn_uid) == 0)
{
$uid = 'NULL';
}
else
{
$uid = $entry->pn_uid;
}
$SQL = "INSERT INTO $guestbook_table ($guestbook_column[name],
$guestbook_column[owner_uid],
$guestbook_column[email],
$guestbook_column[ip],
$guestbook_column[message],
$guestbook_column[comment],
$guestbook_column[homepage],
$guestbook_column[members],
$guestbook_column[timestamp],
$guestbook_column[private_msg],
$guestbook_column[location],
$guestbook_column[mood],
$guestbook_column[user1],
$guestbook_column[user2],
$guestbook_column[user3],
$guestbook_column[user4],
$guestbook_column[user5],
$guestbook_column[disable_html],
$guestbook_column[disable_bbcode],
$guestbook_column[disable_autolinks],
$guestbook_column[pn_uid])
VALUES ('$entry->name',
'$entry->owner_uid',
'$entry->email',
'$entry->ip',
'$entry->message',
'$entry->comment',
'$entry->homepage',
'$entry->members',
CURRENT_TIMESTAMP,
'$entry->private_msg',
'$entry->location',
'$entry->mood',
'$entry->user1',
'$entry->user2',
'$entry->user3',
'$entry->user4',
'$entry->user5',
'$entry->disable_html',
'$entry->disable_bbcode',
'$entry->disable_autolinks',
'$uid')";
//$result = $dbconn->Execute($SQL) or die($dbconn->ErrorNo() . ": ". $dbconn->ErrorMsg() . ":$SQL");
// IP Ban Spammers. Author: webmaster@asopos.nl
if ( $entry->location == "" ) {
$result = $dbconn->Execute($SQL);
} else {
$ban = true;
} // IP ban Spammers
// Check for an error with the database code, and if so set an
// appropriate error message and return
if ($dbconn->ErrorNo() != 0)
{
pnSessionSetVar('errormsg', _PGB_INSERT_FAILED . "[$SQL]");
return false;
}
return true;
} -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Mar 15, 2007
- Posts: 16
Posted: Jun 15, 2005 - 04:33 AM
Thanks! Your fix is working well on my site! -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Mar 15, 2007
- Posts: 16
Posted: Jun 15, 2005 - 11:31 AM
cfresh4u
Thanks! Your fix is working well on my site!
I take back what I said in the earlier post... I just got spammed on my guestbook again! Your fix does not work. Do you have any other thoughts?
Thanks. -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Jun 16, 2005
- Posts: 5
Posted: Jun 15, 2005 - 09:43 PM
-
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 12, 2005
- Posts: 4
Posted: Jun 22, 2005 - 03:28 AM
Fixed Version to avoid spaming the Guestbook is available.
You can download it here >>
http://prdownloads.s…ok_061.zip?download
Included all changes from Petzi-Juist published @ http://support.pn-cms.de/
It's not testet by myself, cause nobody want's to spam my guestbook ;)
Hopefully solved this problem. -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 2
Posted: Jun 22, 2005 - 03:51 PM
They spammed by direct post to _user_new() function. To fix that it's necessary to add into template (entry_submit.php, after -
**unknown user**
- Rank: Registered User
- Registered: Mar 16, 2002
- Last visit: Mar 15, 2007
- Posts: 16
Posted: Jun 24, 2005 - 09:57 AM
ashnod
Fixed Version to avoid spaming the Guestbook is available.
You can download it here >>
http://prdownloads.s…ok_061.zip?download
Included all changes from Petzi-Juist published @ http://support.pn-cms.de/
It's not testet by myself, cause nobody want's to spam my guestbook ;)
Hopefully solved this problem.
Just want to say THANK YOU for the fix! So far my site has not been spammed! :D -
- Rank: Softmore
- Registered: May 12, 2005
- Last visit: Oct 21, 2009
- Posts: 109
Posted: Jun 29, 2005 - 06:37 PM
Hello
I would like to suggest a captcha image confirmation code feature in the module.
- Moderated by:
- Support
