Fork me on GitHub

postguestbook spamming!  Bottom

  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 106
    Link to this post Posted: Jun 10, 2005 - 12:46 PM
    I have been getting spammers signing my guestbook with made up names but using websites where their advertisements are. When I got home yesterday I had 38 such entries. I went in and DISABLED my guestbook temporarily and even took it OFF my site menu. Guess what? I got more entries today! How is that possible when I had it disabled and you can't even get to it? How can I stop this from happening?
  • larsneo
    larsneo
    Software Foundation
    • Rank: Software Foundation
    • Registered: Dec 31, 1969
    • Last visit: Oct 21, 2009
    • Posts: 3814
    Link to this post Posted: Jun 10, 2005 - 10:15 PM
    it's done via a direct POST of the spamentries.
    try to use this updated pnuser.php and deny access for unregistered users via postnuke permissions (keep in mind to enable the permission check in the postguestbook administration).

    --
    regards from germany
    ..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
  • jmvedrine
    jmvedrine
    Helper
    • Rank: Helper
    • Registered: Jan 12, 2004
    • Last visit: Jan 20, 2010
    • Posts: 590
    Link to this post Posted: Jun 10, 2005 - 11:03 PM
    Maybe it would be interesting to use the code Mark west put in the last version of EZComments CVS on the PostNuke NOC to reject entries with more that a fixed number of links or coming via an unsecure proxy to increase security ?

    --
    Visit my live reef aquarium.

    My Amazon wish list.
  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 106
    Link to this post Posted: Jun 11, 2005 - 06:15 AM
    I am not sure how to do the permissions. I do have it checked in the admin of postguestbook. One thing I did. Using bloodhound I was able to see the originating IP last night as I was showing 6 unregistered users, but one IP for all of them. At the same time I was getting the entries, but they were using fake IP addresses. So I got the domain name and entered it into my IPDeny on my Control Panel of my Host Rocket host and it may take care of all of them. Since then I have had none. But, the question remains, HOW are they doing this when I took the Guestbook off my main page AND disabled it?
  • **unknown user**

    Registered User
    • Rank: Registered User
    • Registered: Mar 16, 2002
    • Last visit: Jun 15, 2005
    • Posts: 4
    Link to this post Posted: Jun 13, 2005 - 12:50 AM
    We our now testing a new solution to stop the spamming, apparently you can easily block the spammers by in editing pnuserapi.php, the function postguestbook_userapi_create


    if ( entry->location != "" ) {
    don't execute SQL //spam
    } else {
    execute SQL
    }

    We found out that all spammers had a location, while if our users do a post, on our website, the location field is left empty, also take a look on my earlier post:
    http://forums.postnu…light=postguestbook
  • **unknown user**

    Softmore
    • Rank: Softmore
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 106
    Link to this post Posted: Jun 13, 2005 - 01:01 AM
    I will look at this more tonight. BUT, HOW are they doing this, STILL, after I disabled the postguestbook until I can fix it? I am still getting emails of entries and the thing isn't even on my site or enbled.
  • larsneo
    larsneo
    Software Foundation
    • Rank: Software Foundation
    • Registered: Dec 31, 1969
    • Last visit: Oct 21, 2009
    • Posts: 3814
    Link to this post Posted: Jun 13, 2005 - 02:00 AM

    Quote

    I will look at this more tonight. BUT, HOW are they doing this, STILL, after I disabled the postguestbook until I can fix it?

    'they' (in fact automated scripts) are simply using a direct POST command to the files that are still on your server. as already outlined you can either setup permissions to restrict write access for anonymous users (and patch the pnuser.php) or rename/remove the module's folder until someone fixed the code (e.g. with a correct pnSecGenAuthKey validation for the form input).

    --
    regards from germany
    ..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
  • **unknown user**

    Registered User
    • Rank: Registered User
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 33
    Link to this post Posted: Jun 21, 2005 - 07:55 AM
    I found the best way to block this was to disable the option of listing a homepage... use this in your pnuserapi.php:

    Code

    function postguestbook_userapi_create($entry)
    {
       pnModDBInfoLoad('postguestbook');
       list($dbconn) = pnDBGetConn();
       $pntable = pnDBGetTables();
       $guestbook_table = $pntable['postguestbook_guestbook'];
       $guestbook_column = &$pntable['postguestbook_guestbook_column'];

       $entry->prepForStore();

       if (strlen($entry->pn_uid) == 0)
       {
          $uid = 'NULL';
       }
       else
       {
          $uid = $entry->pn_uid;
       }

       $sql = "INSERT INTO $guestbook_table ($guestbook_column[name],
                                             $guestbook_column[owner_uid],
                                             $guestbook_column[email],
                                             $guestbook_column[ip],
                                             $guestbook_column[message],
                                             $guestbook_column[comment],
                                             $guestbook_column[homepage],
                                             $guestbook_column[members],
                                             $guestbook_column[timestamp],
                                             $guestbook_column[private_msg],
                                             $guestbook_column[location],
                                             $guestbook_column[mood],
                                             $guestbook_column[user1],
                                             $guestbook_column[user2],
                                             $guestbook_column[user3],
                                             $guestbook_column[user4],
                                             $guestbook_column[user5],
                                             $guestbook_column[disable_html],
                                             $guestbook_column[disable_bbcode],
                                             $guestbook_column[disable_autolinks],
                                             $guestbook_column[pn_uid])
                      VALUES ('$entry->name',
                              '$entry->owner_uid',
                              '$entry->email',
                              '$entry->ip',
                              '$entry->message',
                              '$entry->comment',
                              '$entry->homepage',
                              '$entry->members',
                              CURRENT_TIMESTAMP,
                              '$entry->private_msg',
                              '$entry->location',
                              '$entry->mood',
                              '$entry->user1',
                              '$entry->user2',
                              '$entry->user3',
                              '$entry->user4',
                              '$entry->user5',
                              '$entry->disable_html',
                              '$entry->disable_bbcode',
                              '$entry->disable_autolinks',
                              '$uid')"    ;

       //$result = $dbconn->Execute($sql) or die($dbconn->ErrorNo() . ": ". $dbconn->ErrorMsg() . ":$sql");
       //$result = $dbconn->Execute($sql);
       
       // IP Ban Spammers. Author: webmaster@asopos.nl
       if ( $entry->homepage != "" ) {
       $result = $dbconn->Execute($sql);
       } else {
       $ban = true;
    } // IP ban Spammers

       // Check for an error with the database code, and if so set an
       // appropriate error message and return
       if ($dbconn->ErrorNo() != 0)
       {
          pnSessionSetVar('errormsg', _PGB_INSERT_FAILED . "[$sql]");
          return false;
       }
       return true;
    }


    then just remove the code in the Smarty file that allows users to put in a homepage... i doubt many people use this anyway.
  • **unknown user**

    Registered User
    • Rank: Registered User
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 33
    Link to this post Posted: Jun 21, 2005 - 07:56 AM
    oops... i did that backwards, heh, the code should be:

    Code

    if ( $entry->homepage == "" ) {
       $result = $dbconn->Execute($sql);
       } else {
       $ban = true;
    }
  • **unknown user**

    Registered User
    • Rank: Registered User
    • Registered: Mar 16, 2002
    • Last visit: Oct 21, 2009
    • Posts: 33
    Link to this post Posted: Jun 21, 2005 - 08:19 AM
    one last update for anyone else having this problem and wants to solve it like I did... just a slight addition to the else, I forgot to return false so when they were trying to submit something it still sent me an e-mail even if it wasn't posted...

    Code

    if ( $entry->homepage == "" ) {
       $result = $dbconn->Execute($sql);
       } else {
       $ban = true;
       return false;
    }
  • **unknown user**

    Registered User
    • Rank: Registered User
    • Registered: Mar 16, 2002
    • Last visit: Oct 12, 2005
    • Posts: 4
    Link to this post Posted: Jun 22, 2005 - 03:26 AM
    Fixed Version to avoid spaming the Guestbook is available.
    You can download it here >>
    http://prdownloads.s…ok_061.zip?download
    Included all changes from Petzi-Juist published @ http://support.pn-cms.de/
    It's not testet by myself, cause nobody want's to spam my guestbook ;)
    Hopefully solved this problem.

Users on-line

This list is based on users active over the last 60 minutes.