PHPJunkyard support forum


https://developers.phpjunkyard.com/

SPAM with no particular purpose??

https://developers.phpjunkyard.com/viewtopic.php?t=2106

Page 2 of 2

Posted: Fri Sep 19, 2008 1:17 pm
by Russ_E
Franz - the new code did not perform the required blocking. I uploaded the revised gbook.php last night, but this morning I got a spam from:
79.186.34.193 (aebi193.neoplus.adsl.tpnet.pl) [renesilje@kupamasz.com]

To clarify, and to make sure I haven't made a mistake in your suggestions, the relevant section of my current gbook.php is:

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '*.neoplus.adsl.tpnet.pl') {
    problem($lang['e01'],0);
    } 
        printSign();
Any clues on why this might not be working?

Russ

P.S. Googling 'kupamasz.com' reveals the extent of the spam on various types of guestbook, including gbook.

Posted: Fri Oct 03, 2008 10:11 am
by Russ_E
Further to my previous message, I tried taking out the '*' in my posted section of code, and it now seems to be successful in stopping spam from the particular source. The revised section of code is:

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '.neoplus.adsl.tpnet.pl') {
    problem($lang['e01'],0);
    } 
        printSign();
Russ

Posted: Tue Dec 23, 2008 7:57 pm
by jdpalmer
Russ, Thanks for posting this. It solved my problem from this same spammer 100%, but now I am getting similar meaningless spam from
82.116.47.192 (nat-area00.dialup.renet.ru)

I'm sure I could use area00.dialup.renet.ru in the same code, but would I make two complete entries like the one you did, one with each domain or will the same code work, with just listing the two offening domains? And how would that be listed? I'm sorry I don't really understand the code, but know that it sure worked for me on the first one.

Jerry



Russ_E wrote:Further to my previous message, I tried taking out the '*' in my posted section of code, and it now seems to be successful in stopping spam from the particular source. The revised section of code is:

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '.neoplus.adsl.tpnet.pl') {
    problem($lang['e01'],0);
    } 
        printSign();
Russ

Posted: Sat Dec 27, 2008 6:04 pm
by Russ_E
Jerry - I don't really understand the syntax of the code either. I assume two 'sections' of code would do the job, viz:

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '.neoplus.adsl.tpnet.pl') {
    problem($lang['e01'],0);
    }
        printSign();
    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-26);
    if ($topleveldomain == 'nat-area00.dialup.renet.ru') {
    problem($lang['e01'],0);
    }
        printSign();
Unlike the existing Poland domain, note that the second part of the above code hasn't got a '.' in front of 'nat-area00.dialup.renet.ru', because nat-area00.dialup.renet.ru is I think the complete domain from which you are getting new spam. I think this may correctly identify the source of your new spam. The value of '26' in the previous line has to match the exact number of characters, including period marks, in the address domain you are citing.

Please advise if you get any success with the above, Jerry.

I expect the code could be combined in a better and/or more efficient way, but I'm not sure how it should be structured - as a completely wild guess, something like the following???:

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '.neoplus.adsl.tpnet.pl') {
    problem($lang['e01'],0);
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-26);
    if ($topleveldomain == 'nat-area00.dialup.renet.ru') {
    problem($lang['e01'],0);
    }
        printSign();
Perhaps Franz or Klemen or one of the others more acquainted with coding can advise on a better way of concatenating the domain sources in the code. It would be a good idea to know this, because we're all likely to be subject to experiencing spam from multiple sources, and knowing the right methodology would be useful for everyone.

Russ

Posted: Sat Jan 03, 2009 11:33 pm
by jdpalmer
Russ,

Thanks so much. Right after I made the post, they quit making postings so I held off trying your suggestion. Must have taken a Holiday break! You would think these people would have better things to do with their time!! Anyway, I just started getting them again last night so I added the code per your suggestion with modifications. I had to try several variations since just duplicating all the lines broke the guest book. Anyway, here is what I now have that at least does not break the book. We'll see if the postings are blocked. Any variations of this code broke the guest book.

Code: Select all

    if($a=='sign') {
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-22);
    if ($topleveldomain == '.neoplus.adsl.tpnet.pl') {
    	problem($lang['e01'],0);
    }
    $domainname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
    $topleveldomain = substr($domainname,-26);
    if ($topleveldomain == 'nat-area00.dialup.renet.ru') {
    	problem($lang['e01'],0);
    }
        printSign();
I basically took your suggestions, but did not duplicate the: if($a=='sign') { and the: printSign();

I'll be sure and post any results I get. Thanks again, I would have had no idea on the number of digits field so I would have not been successful. Here is the guest book: http://guestbook.fdnytenhouse.com/gbook.php

Jerry

Posted: Fri May 01, 2009 12:57 pm
by b0bst3r
I am getting a similar thing but the spam is usually one word or two and looks like drug names (I've no idea really).

Is there anyway to not post to the guestbook unless there's a certain number of words in the post?

Posted: Fri May 01, 2009 4:23 pm
by Klemen
You can try changing adding something like this

Code: Select all

$words = explode(' ',$comments);
if (count($words) < 5)
{
	printSign($name,$from,$email,$url,$comments,$sign_nosmileys,$sign_isprivate,'Your comment is too short');
}
after

Code: Select all

        if (empty($comments))
        {
            printSign($name,$from,$email,$url,$comments,$sign_nosmileys,$sign_isprivate,$lang['e06']);
        }
in gbook.php

Posted: Wed May 06, 2009 4:22 pm
by b0bst3r
Works a treat thanks.
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited