Melgar
Anti-Spam Agent
Posts: 2004
Registered: 23-2-2010
Location: Connecticut
Member Is Offline
Mood: Estrified
|
|
Hey guys, I hacked in some code for a spambot trap. Just need Polverone to implement it.
I have a virtual machine running here:
http://35.185.63.230:8080/smtalk/
It's using the test database. Try and register as a new user, and note the very last question it asks you.
I haven't written PHP in like ten years, and XMB apparently stores PHP code inline with text and HTML in the MySQL database, which makes modifying any
part of its functionality really frustrating. My goal was to have all the changes occur in the member.php file so that Polverone wouldn't have to mess
around with editing the contents of SQL tables, and could only drop in one file. The modified member.php file is here:
http://35.185.63.230:8080/member.php.txt
The original is here:
https://github.com/mattbernst/xmbforum/blob/master/member.ph...
I then learned that streety had coded a fix already, but it hasn't been implemented. Hopefully someone can get ahold of Polverone and get him to swap
this file out. I basically just replaced the captcha string that was already there with a hardcoded one, then threw an error if the question isn't
answered. So I guess now Polverone has two choices of fixes to implement? Either one would go a long way toward fixing this problem. I'm going to
try emailing him, maybe. Does anyone know if the email in his profile here is right?
[Edited on 8/27/18 by Melgar]
The first step in the process of learning something is admitting that you don't know it already.
I'm givin' the spam shields max power at full warp, but they just dinna have the power! We're gonna have to evacuate to new forum software!
|
|
|
diddi
National Hazard
Posts: 723
Registered: 23-9-2014
Location: Victoria, Australia
Member Is Offline
Mood: Fluorescent
|
|
i get "You have already registered today, you can re-register again in 24 hours."
Beginning construction of periodic table display
|
|
|
wg48
National Hazard
Posts: 821
Registered: 21-11-2015
Member Is Offline
Mood: No Mood
|
|
I got the same error message.
I get the same massage no matter how I answer the question and now I can not connect the site.
I would think the spammer would just get the bot to answer the question, dont you need a question that is not know in advance?
[Edited on 27-8-2018 by wg48]
Borosilicate glass:
Good temperature resistance and good thermal shock resistance but finite.
For normal, standard service typically 200-230°C, for short-term (minutes) service max 400°C
Maximum thermal shock resistance is 160°C
|
|
|
streety
Hazard to Others
Posts: 110
Registered: 14-5-2018
Member Is Offline
|
|
Oops! 
The way parts of the site is cached in the database took me a while to figure out as well. Quite a frustrating process.
There are now actually three implementations of this functionality. AndrewSmart posted a link on my pull request with an even more polished
implementation.
The issue has been getting in contact with Polverone to get one of them deployed. He has not been seen on the forum in over a month. I haven't tried
contacting him recently so please do send him an email, U2U, pull request etc. Hopefully he will see it.
Edited to add, since writing the mod for the forum I have written a script to monitor spam on the forum and have been adapting it to more aggressively
escalate spam reports while operating on any computer. The idea being it would not need Polverone to be implemented.
[Edited on 27-8-2018 by streety]
|
|
|
Melgar
Anti-Spam Agent
Posts: 2004
Registered: 23-2-2010
Location: Connecticut
Member Is Offline
Mood: Estrified
|
|
When spam is reported, it sends U2U messages to every single mod registered here. So if a mod came here after not being here for a while, they'd have
thousands of new messages, which might not be a very nice thing to arrive to. So I wonder if that might be one of the things keeping Polverone away?
I couldn't figure out why that message kept being triggered in the code, since it even seemed to happen when I'd shut down the virtual machine
entirely and start it back up. The code should only have been run if that value was greater than zero, but when I'd look at it in the database, it
was always zero. It worked the first 1-2 times I tried it though, which is weird.
The spammers just use bots that use search engines that look for template text that common to XMB sites, then automatically register accounts there.
I promise you, there is essentially zero human oversight. I did something similar at a bulletin board I used to run. The spambot software was even
able to figure out captchas, but only when sites used the default fonts and backgrounds that came with the software. All I had to do was pull a few
different fonts and background images off the internet, and that stopped virtually all of them immediately. Basically, any configuration that's
unique to your site will stop them.
[Edited on 8/27/18 by Melgar]
The first step in the process of learning something is admitting that you don't know it already.
I'm givin' the spam shields max power at full warp, but they just dinna have the power! We're gonna have to evacuate to new forum software!
|
|
|
Texium
Administrator
Posts: 4516
Registered: 11-1-2014
Location: Salt Lake City
Member Is Offline
Mood: PhD candidate!
|
|
Spam reports are usually automatically deleted with their associated threads, so Polverone's inbox shouldn't be too bad. I don't know why some refuse
to be automatically deleted though.
|
|
|
![[*]](images/xpblue/default_icon.gif){kind=icon}
