Even thoughI have completely removed the blogs from my site I am still getting a few Chinese spammers. They are leaving their brand of garbage in the profile descriptions for some reason? I could possibly rid myself of a few more by having a compulsory picture uploads on joining. I really dont want to ban an entire nation, and i know they would only change IP anyways..... so... what to do?
Is it possible to ban an email address - ie. if someone tries to join my site with an email I have banned they will not be able to join? I ask this because the only consistent thing so far has been the e-mail addresses of the spammers.
If this is possible is it not then possible for someone to write a module that allows site owners to ban spammers, but also upload the e-mail address of the spammer to a database on a server somewhere when they do this?
If all dolphin users had this or (try not to laugh) boonex included it as part of dolphin, the database would rappidly grow into a snapshot of who is spamming our sites and what their e-mails are. This information could then be queried everytime someone joins a site, so if they show up as a spammer they will not be allowed to join.
This could even be a good service that someone could run on here, and possibly sell the mod too...
Just a thought.....
Nathan
|
Anti spam mod sounds like a winner to me.
Default Boonex spam options just seem to '???' for me.
|
I am working on one.
Because of the nature of my business i have to run an open site. The filters that come with dolphin run to high of a risk of false positives because they rely on IP addresses which for most of the worlds population are dynamically assigned thus not permanent. So i ran into problems with innocent people being blocked because they just happen to have a IP address which was in one of those lists.
So i am working on a module that does filtering based on key words or regex expressions on the profiles headline, email and profile description fields which spammer use quite often.
As an added feature, the profiles description will also be checked using Bayesian probability filtering
This mod is a ways away from completion though.
I am working on it for my own site because i got tired of getting between 10-20 new spam accounts while i was asleep each night.
https://www.deanbassett.com |
Even thoughI have completely removed the blogs from my site I am still getting a few Chinese spammers. They are leaving their brand of garbage in the profile descriptions for some reason? I could possibly rid myself of a few more by having a compulsory picture uploads on joining. I really dont want to ban an entire nation, and i know they would only change IP anyways..... so... what to do?
Is it possible to ban an email address - ie. if someone tries to join my site with an email I have banned they will not be able to join? I ask this because the only consistent thing so far has been the e-mail addresses of the spammers.
If this is possible is it not then possible for someone to write a module that allows site owners to ban spammers, but also upload the e-mail address of the spammer to a database on a server somewhere when they do this?
If all dolphin users had this or (try not to laugh) boonex included it as part of dolphin, the database would rappidly grow into a snapshot of who is spamming our sites and what their e-mails are. This information could then be queried everytime someone joins a site, so if they show up as a spammer they will not be allowed to join.
This could even be a good service that someone could run on here, and possibly sell the mod too...
Just a thought.....
Nathan
I definitely agree there is room for improvement in spam prevention for Dolphin. Rather than have every members information submitted to a "big brother" type of database I would suggest:
- Dolphin web administrators submit only the spammers information to the Dolphin spam list.
- Administrators can update the list (automatically or manually) on their individual websites.
This approach would mitigate the fear of Dolphin trying to take over individuals websites or direct solicitation from Boonex to independent Dolphin based websites because they already have all of their members information (Ning).
By the way DRautenbac, is your site invitation only or open?
|
My site will be open. I do not launch until sept 1st. I have managed to cut the spam down dramatialy, but as a subscription site I will have to stop it altogether - paying customers will not want to see spam - and they should not have to.
Its a shame, because I imagine there are many, many genuine customers in china.
Deno... As a service and a mod I think this could be a very good earner for someone on here with the knowledge to pull it off. Perhaps give the mod away, but charge a monthly subscription for the service? Eitherway, I like the different approach you are taking to this.
|
I recommend you to use htaccess to ban all visitors from china - thats easiest way how to stop about 90% of spammers.There is a article in forum already I think from dosdawg what to do... |
Deano- when this mod is ready, you have your first buyer here :-)
I work with a number of Dolphin sites based around the Martial Arts so China would be a welcome addition to my customers!
At the moment though, I have to block as much of China traffic as I can as its all spam...
Keyword filter based mod would be great.
|
Most spamers in the case of dolphin want to leave a link. Backlinks increase rankings if they are done right and enough of them.
My guess is that they post something like a blog that initially shows up on the homepage where the page rank is the highest and flows. There actual post has a link or likely several to their site they are promoting.
I would say either disable and/or require the admin to approve them. Remove links entirely from tinymce posting and comments so they can't get a backlink. Or at least set them to nofollow so you can inform google that you do not vouch for the particular link.
I do not like to block or ban entire countries myself, but I am nearing the point that I am considering it. Depending on the website and location, if your site is primarily english do you think that many from china will really sign up and participate? Doubtful if you are in the english speaking world. Not out of the question, but do the spammers and hackers outweigh it? Something to think about.
DialMe.com - Your One and Only Source For Boonex Dolphin Tutorials and Resources |
Yea this is a big issue for me as well...I am getting killed with new registrations from the domain 126.com. Can I block a domain from registering? |
My site is a global dance based site. Dance is a truely global art form and dance is popular in china. There could be many valid customers that I will miss if I block it. |
Doesnt "CPANEL" have a block list for emails? I will have to look again. THINK FOR YOUSELF! Its not illegal...YET ! www.NebLife.com |
Doesnt "CPANEL" have a block list for emails? I will have to look again.
I don't know how that would apply to Dolphin.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
So far there is only one effective way I see of stopping them and that is to require the verification email before they can log in. It should be by default, but Dolphin allows people to create a profile, and submit and still log in unverified. This will stop them from logging in and being able to create any more than the items in the profile.
I regularly check all accounts on the site which are unverified, and delete them immediately if you see that the profile information is bogus (like address and other mismatched fields like city, state, country, etc).
It is an issue, and I have a full script of all the IP addresses by county in a format which should be a direct import into the database to block countries. I have tried over and over to block IPs using the Dolphin system, and it fails to block anyone... single IPs or ranges. There is a Block by IP, and it semi worthwhile as a FREE mod and installs easily.
After being on Dolphin for over 5 years, and fighting the fight each day, the best is to lock unverified members from being able to log in.
Also check all permissions as far as GUEST.... deny ALL! Just allow view or use the page access which is built into Dolphin 7.0.7
Even Monkeys and Retards get it right with repitition! - Author Unknown |
Do you guys have mod_security running? If so put this in your config file:
SecRule ARGS_POST "\@gmx\.com" "log, drop" SecRule ARGS_POST "\@126\.com" "log, drop" SecRule ARGS_POST "\@qq\.com" "log, drop" SecRule ARGS_POST "\@yahoo\.cn" "log, drop" SecRule ARGS_POST "\@163\.com" "log, drop" SecRule ARGS_POST "\@mx8168\.net" "log, drop"
That will drop the TCP connection if anyone tries to enter those email addresses ANYWHERE on your server. Change the "drop" to "deny" if you want them to get the nice denied message.
Then add this:
SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,drop SecRule ARGS_POST "href="
That will prevent any links from being put in any of the fields on your join form. Oh and change the name of your join form while you're at it. The spammers have bots looking for that file by name (you'll have to edit about 7 files to reflect the new file name). Last but not least, add this and change them to suit your needs:
SecRule ARGS_POST "prada-handbags" "log, drop" SecRule ARGS_POST "fashion-replica" "log, drop" SecRule ARGS_POST "replica-prada" "log, drop" SecRule ARGS_POST "prada\ bag" "log, drop" SecRule ARGS_POST "designer\ handbag" "log, drop" SecRule ARGS_POST "prada\ bag" "log, drop" SecRule ARGS_POST "prada\ purse" "log, drop" SecRule ARGS_POST "prada\ handbag" "log, drop" SecRule ARGS_POST "weebly\.com" "log, drop" SecRule ARGS_POST "vibram-5fingersales" "log, drop" SecRule ARGS_POST "republic-handbags" "log, drop"
I don't think I could live without mod_security and csf firewall (both free!)
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Do you guys have mod_security running? If so put this in your config file:
SecRule ARGS_POST "\@gmx\.com" "log, drop" SecRule ARGS_POST "\@126\.com" "log, drop" SecRule ARGS_POST "\@qq\.com" "log, drop" SecRule ARGS_POST "\@yahoo\.cn" "log, drop" SecRule ARGS_POST "\@163\.com" "log, drop" SecRule ARGS_POST "\@mx8168\.net" "log, drop"
That will drop the TCP connection if anyone tries to enter those email addresses ANYWHERE on your server. Change the "drop" to "deny" if you want them to get the nice denied message.
Then add this:
SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,drop SecRule ARGS_POST "href="
That will prevent any links from being put in any of the fields on your join form. Oh and change the name of your join form while you're at it. The spammers have bots looking for that file by name (you'll have to edit about 7 files to reflect the new file name). Last but not least, add this and change them to suit your needs:
SecRule ARGS_POST "prada-handbags" "log, drop" SecRule ARGS_POST "fashion-replica" "log, drop" SecRule ARGS_POST "replica-prada" "log, drop" SecRule ARGS_POST "prada\ bag" "log, drop" SecRule ARGS_POST "designer\ handbag" "log, drop" SecRule ARGS_POST "prada\ bag" "log, drop" SecRule ARGS_POST "prada\ purse" "log, drop" SecRule ARGS_POST "prada\ handbag" "log, drop" SecRule ARGS_POST "weebly\.com" "log, drop" SecRule ARGS_POST "vibram-5fingersales" "log, drop" SecRule ARGS_POST "republic-handbags" "log, drop"
I don't think I could live without mod_security and csf firewall (both free!)
Great information, and very helpfull. Also hopefully richards list could be added to, Im sure it woulsd soom build a good picture of who and where they are comming from...... Is there a way to spam the spammers????? I like payback lol
|
Do you guys have mod_security running? If so put this in your config file:
where is this config file ?
|
Great information, and very helpfull. Also hopefully richards list could be added to, Im sure it woulsd soom build a good picture of who and where they are comming from...... Is there a way to spam the spammers????? I like payback lol
Sure you can spam them back... There are lots of porn signup lists and you have their email right :-)
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Do you guys have mod_security running? If so put this in your config file:
where is this config file ?
IF you have mod_security installed it should be at /usr/local/apache/conf/modsec2.user.conf
Another thing (I've probably mentioned before) is if you're using Exim for your server email you can put custom rules in /etc/cpanel_exim_system_filter (or /etc/antivirus.exim, you can see in WHM which one it's using) that will filter ALL the email going into the server. You can put rules in Cpanel but if you have a LOT of sites it can be a pain doing it for each one, this file is a master filter. Frankly I was sick of hearing about how I had won the UK lottery or how some Nigerian warlord wanted to transfer money to me.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
hello you can block access to the join page for a text file robot a passion for BoonEx Dolphin www.dolphindesigntheme.com |
Is this being address in the new beta ? I can not even use my site because of these spammers and have not seen a reasonable solution. |
another option might be to add code to your .htaccess file. you can use www.blockacountry.com
Before you do though, it would be interesting to see what others think.
I used it on an old classified ad site to block nigeria spammers.
|
Just in case anyone is doing this mod, i have added a few email domains to the list:
Here's my conf file:
SecRule ARGS_POST "\@gmx\.com" "log, deny" SecRule ARGS_POST "\@126\.com" "log, deny" SecRule ARGS_POST "\@qq\.com" "log, deny" SecRule ARGS_POST "\@yahoo\.cn" "log, deny" SecRule ARGS_POST "\@163\.com" "log, deny" SecRule ARGS_POST "\@mx8168\.net" "log, deny" SecRule ARGS_POST "\@12gohere.net" "log, deny" SecRule ARGS_POST "\@boxedchristmascards.net" "log, deny" SecRule ARGS_POST "\@110mail.net" "log, deny" SecRule ARGS_POST "\@yeah.net" "log, deny" SecRule ARGS_POST "\@sohu.com" "log, deny" SecRule ARGS_POST "\@hotmail.com" "log, deny" SecRule ARGS_POST "\@free-medicine.net" "log, deny" SecRule ARGS_POST "\@satiny.co.uk" "log, deny" SecRule ARGS_POST "\@energyforthehome.com" "log, deny" SecRule ARGS_POST "\@dunkssb.net" "log, deny" SecRule ARGS_POST "\@pumpkincarving.org" "log, deny" SecRule ARGS_POST "\@theory-test-practice.co.uk" "log, deny" SecRule ARGS_POST "\@cooljordanshoestore.com" "log, deny" SecRule ARGS_POST "\@betfairmethods.com" "log, deny"
SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,deny SecRule ARGS_POST "href="
SecRule ARGS_POST "prada-handbags" "log, deny" SecRule ARGS_POST "fashion-replica" "log, deny" SecRule ARGS_POST "replica-prada" "log, deny" SecRule ARGS_POST "prada\ bag" "log, deny" SecRule ARGS_POST "designer\ handbag" "log, deny" SecRule ARGS_POST "prada\ bag" "log, deny" SecRule ARGS_POST "prada\ purse" "log, deny" SecRule ARGS_POST "prada\ handbag" "log, deny" SecRule ARGS_POST "weebly\.com" "log, deny" SecRule ARGS_POST "vibram-5fingersales" "log, deny" SecRule ARGS_POST "republic-handbags" "log, deny"
http://towtalk.net ... Hosted by Zarconia.net! |
oh yeah, here's a couple more.
'sunglasses'
'unlocked'
http://towtalk.net ... Hosted by Zarconia.net! |
ohhhh... not the prada handbags lol..... friggin nightmare. I felt like my site was a bag store at one point. |
That's my list... oh my god, someone actually took my advice! Woo hoo! Hahaha... I've just about given up on preaching this though Sky because most of the people here are on shared hosting and can't/don't have mod_security..
Oh and after I posted that rule list I changed that one rule to:
SecRule ARGS_POST "=href" "log, deny"
So it blocks links everywhere and not just on the join form.. I figured out they would just join and then try and go back and edit their profile to add the link. Then they were trying to spam the blogs without even joining.. so I changed that rule so you can't post a link ANYWHERE.. that finally stopped them.
Just in case anyone is doing this mod, i have added a few email domains to the list:
Here's my conf file:
SecRule ARGS_POST "\@gmx\.com" "log, deny" SecRule ARGS_POST "\@126\.com" "log, deny" SecRule ARGS_POST "\@qq\.com" "log, deny" SecRule ARGS_POST "\@yahoo\.cn" "log, deny" SecRule ARGS_POST "\@163\.com" "log, deny" SecRule ARGS_POST "\@mx8168\.net" "log, deny" SecRule ARGS_POST "\@12gohere.net" "log, deny" SecRule ARGS_POST "\@boxedchristmascards.net" "log, deny" SecRule ARGS_POST "\@110mail.net" "log, deny" SecRule ARGS_POST "\@yeah.net" "log, deny" SecRule ARGS_POST "\@sohu.com" "log, deny" SecRule ARGS_POST "\@hotmail.com" "log, deny" SecRule ARGS_POST "\@free-medicine.net" "log, deny" SecRule ARGS_POST "\@satiny.co.uk" "log, deny" SecRule ARGS_POST "\@energyforthehome.com" "log, deny" SecRule ARGS_POST "\@dunkssb.net" "log, deny" SecRule ARGS_POST "\@pumpkincarving.org" "log, deny" SecRule ARGS_POST "\@theory-test-practice.co.uk" "log, deny" SecRule ARGS_POST "\@cooljordanshoestore.com" "log, deny" SecRule ARGS_POST "\@betfairmethods.com" "log, deny"
SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,deny SecRule ARGS_POST "href="
SecRule ARGS_POST "prada-handbags" "log, deny" SecRule ARGS_POST "fashion-replica" "log, deny" SecRule ARGS_POST "replica-prada" "log, deny" SecRule ARGS_POST "prada\ bag" "log, deny" SecRule ARGS_POST "designer\ handbag" "log, deny" SecRule ARGS_POST "prada\ bag" "log, deny" SecRule ARGS_POST "prada\ purse" "log, deny" SecRule ARGS_POST "prada\ handbag" "log, deny" SecRule ARGS_POST "weebly\.com" "log, deny" SecRule ARGS_POST "vibram-5fingersales" "log, deny" SecRule ARGS_POST "republic-handbags" "log, deny"
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
I can't make that change because I allow my members to post links in their posts in the forum. My site is a manually approved membership, I know who everyone is I give access too.
I tested it last night and it didn't seem to stop me from posting a spam membership. I need to check my mod_security and make sure it's enabled. (I thought it was)
I personally think your idea is a good one. it will certainly help
http://towtalk.net ... Hosted by Zarconia.net! |
Ok, I'm on a VPS and I have checked my mod_security, it is enabled. I can still create accounts with spammer email addresses and terms like prada in the description. It does not seem to be working
what am I missing?
http://towtalk.net ... Hosted by Zarconia.net! |
2 things to check:
1. Did you put those rules in /usr/local/apache/conf/modsec2.user.conf?
2. Open /usr/local/apache/conf/modse2.conf and make sure it has this line:
Include "/usr/local/apache/conf/modsec2.user.conf"
If you want to speed up testing change that rule to check contact.php instead of join.php... that way you can just enter a banned word in the contact form and see if it blocks you instead of going through the whole join process. Then just change it back to join.php when your done.
Let me know if it wasn't one of those two things.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Sky, you might already have this installed but if not check it out. It's a little control panel for mod_security that installs in WHM. It's written by the people who make CSF firewall but you can use it even if you don't have the firewall installed. It lets you turn modsec on and off and edit the rule files from within WHM.. and it's free!
http://configserver.com/cp/cmc.html
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Time ago, prolaznik has published another way for restrict some of email providers of spammer on registration, I've added the email to ban, and this works very well for me..
Step1.
/inc/ design.inc.php
at the end of the file find bx_import('BxDolAlerts');
and add this ABOVE it.
function ForbidenEmailProvider($Email)
{ $ForbidenEmailProvider[] = "@163.com";
$ForbidenEmailProvider[] = "@sohu.com";
$ForbidenEmailProvider[] = "@21cn.com";
$ForbidenEmailProvider[] = "@gmx.com";
$ForbidenEmailProvider[] = "@126.com";
$ForbidenEmailProvider[] = "@qq.com";
$ForbidenEmailProvider[] = "@yahoo.cn";
$ForbidenEmailProvider[] = "@mx8168.net";
$ForbidenEmailProvider[] = "@110mail.net";
$ForbidenEmailProvider[] = "@buybrandshop.info";
$ForbidenEmailProvider[] = "@lenfos.com";
$ForbidenEmailProvider[] = "@mailinator.com";
$ForbidenEmailProvider[] = "@tom.com";
$ForbidenEmailProvider[] = "@hotmilitararygirls.com";
$ForbidenEmailProvider[] = "@speaktolearn.net";
$ForbidenEmailProvider[] = "@qtyhosting.com";
$ForbidenEmailProvider[] = "@12gohere.net";
$ForbidenEmailProvider[] = "@boxedchristmascards.ne";
$ForbidenEmailProvider[] = "@yeah.net";
$ForbidenEmailProvider[] = "@free-medicine.net";
$ForbidenEmailProvider[] = "@satiny.co.uk";
$ForbidenEmailProvider[] = "@energyforthehome.com";
$ForbidenEmailProvider[] = "@dunkssb.net";
$ForbidenEmailProvider[] = "@pumpkincarving.org";
$ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
$ForbidenEmailProvider[] = "@cooljordanshoestore.com";
$ForbidenEmailProvider[] = "@betfairmethods.com"; foreach($ForbidenEmailProvider as $key => $value) { if ( strpos("zyx".$Email,$value) > 0 ) return false; }
return true;
}
Step2.
in administration / builders / profile fields (join form) edit the email field click on advanced and replace
return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);
WITH THIS
return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );
Step3.
in administration / settings / languages settings look for
_FieldError_Email_Check
and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this
Invalid email address / or the email provider you are using is blacklisted.
or whatever you like.
That's it you can add more email providers or remove some
$ForbidenEmailProvider[] = "@someprovider.";
Templates and Modules for Dolphin 7.3 http://www.boonex.com/market/posts/Giovanni_m |
mscott, I checked that. I set it up in SSH and checked it in WHM. it's all there and enabled. I will have to get with HFW and see if they are overriding it somehow.
Giovanni - COOL FIND! Thanks Prolaznik
PS, If you noticed, I have added hotmail to my list of banned domains. I know some people still use it but a lot of trash comes from them now.
http://towtalk.net ... Hosted by Zarconia.net! |
Sky, make sure none of your .htaccess files have this in them:
<IfModule mod_security.c> SecFilterEngine Off </IfModule>
Also, if you look at the main apache error log (usr/local/apache/logs/error_log) does it have any entries at all from modsec?
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
My htaccess files do have that in it.Was added a while back to solve a video upload problem.
There are also no entries in the mod_sec logs
http://towtalk.net ... Hosted by Zarconia.net! |
Ahhh, that entry in the htaccess turns mod security off compelely for that directory and any sub-directory under it... I think we just found the problem with your spam blocking :-)
What was it blocking with the videos? It hasn't stopped me but I also haven't really uploaded any huge ones.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Yeah, but have you been screwing with Dolphin since 7 came out, lol http://towtalk.net ... Hosted by Zarconia.net! |
Ok, Mod security is definitely enabled. I removed all the SecPOST comments in the htaccess files in ALL my sites. I flushed all the cache the hard way including the browsers. I double checked the conf file to make sure everything was listed
I even went so far as to remove my IP from the ignore list in my firewall setup.
It flat doesn't work for me.
http://towtalk.net ... Hosted by Zarconia.net! |
Since 7??? I just upgraded all my sites from 6.0.3 to 7.0.6 a few months ago, lol. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
OH! You just reminded me when you said ignore file... you don't have your IP whitelisted with modsec do you? Do you have it monitoring the contact form or still just the join? I'll give it a try if you want me to, that would narrow it down so we could see if it was just letting YOU through. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
http://towtalk.net ... Hosted by Zarconia.net! |
Yuuup not working... the email blacklist mod is working so I put @gmx.com in the about me section and it still let me join.
You know when I was telling you to check conf files I forgot to mention the main one! Open /usr/local/apache/conf/httpd.conf and make sure this is there:
Include "/usr/local/apache/conf/modsec2.conf"
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Ok, wrote the new line in the httpd conf file. Lets check it again http://towtalk.net ... Hosted by Zarconia.net! |
LOL, still lets me in as a Prada bitch http://towtalk.net ... Hosted by Zarconia.net! |
Did you restart Apache after you made the change? We're not stopping until it's working!!!!! lol BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
http://towtalk.net ... Hosted by Zarconia.net! |
Haven't done it in a while. I'm rebooting the whole system. Will be back up in a minute http://towtalk.net ... Hosted by Zarconia.net! |
http://towtalk.net ... Hosted by Zarconia.net! |
LOLOLOL! STILL DOESN'T WORK! http://towtalk.net ... Hosted by Zarconia.net! |
$&#@! Is it possible you missed an .htaccess somewhere below the root dir of the site? BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
No. I was pretty thorough. only have 2 sites with modified htaccess files. the rest are all stock test sites http://towtalk.net ... Hosted by Zarconia.net! |
hang on a sec. gonna check that httpd conf file and make sure the changes stuck. http://towtalk.net ... Hosted by Zarconia.net! |
http://towtalk.net ... Hosted by Zarconia.net! |
I'm going to move this to PM before the MODS kill us both. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Doing all the stuff you guys have mentioned and enabling "Promotional Membership" seems to have done the trick for me because I don't allow my promotional members to post anything. The fake sign ups have stopped for now.
Thanx guys.
Free the Dolphin... |
Hello,
I had the same problem as SkyForum.
I solved it by adding this directive at the begin of modsec2.user.conf. I added this directive which was not included in default configuration.
SecRequestBodyAccess On
If it can help somebody ...
Aleks.
Alex. |
I banned the entire china country and then had issues where they was using other country IP's !! WAS A NIGHTMARE until I done the following:-
1. keep china blocked
2. Made blogs moderated (not auto activated)
3. Limit number of postings per standard member per day
Just the 3 above steps and brough spamming issues down to just about 0%
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
Make site paid sitze and charge some low fee like 2 dollars for year registration so evcerybody can afford it. IM sure chinese spammers stay away and not pay anything :-) That is most safe way how to get rid of spammers and also most of other abusive people who only create a mess on your site.. |
i like your idea, its awesome.
Make site paid sitze and charge some low fee like 2 dollars for year registration so evcerybody can afford it. IM sure chinese spammers stay away and not pay anything :-) That is most safe way how to get rid of spammers and also most of other abusive people who only create a mess on your site..
so much to do.... |
I used that on my joomla sites. I put 1 dollar registration fee and suddenly..no spammers :-) They dont pay a cent to enter any site..so only free sites are in danger... |
sorry for going off topic but i hate joomla :)
I used that on my joomla sites. I put 1 dollar registration fee and suddenly..no spammers :-) They dont pay a cent to enter any site..so only free sites are in danger...
so much to do.... |
Getting $2 off someone can be like getting blood from stone and may prevent good users looking for a free service from adding good content !
Just saying ;)
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
fighting with spam is so time consuming and neverending job that I simply give up to release any free site. ON allk wherte is membership I have 1 dollar fee and get only serious people there ..true not alot of people but better to have 90 unique users than 500 users wher 410 are spammers and give all my time to fight with them |
I have read this on german webside, i think this is a good idea.
" How long is a real visitor needs to write his message? Determined more than 16 seconds, and (even if he falls asleep in between) for no longer than 16 hours. Spam-bots on the other hand need only a few seconds in 76%, less than 1% of the bots scan the form only once, then use it for all subsequent spam. It's pretty rare that automated spam entries are made outside this period on the requirements of the form. In order to use this feature to spam prevention, you do not need to start a session - a hidden form field completely sufficient for this purpose:"
<?php define ('Zeit', time()); // Start time of the script set
# additional code to check: if (!isset($_POST['date'])) { /* field is missing ->Spam */ } elseif (!is_numeric($_POST['date'])) { /* manipulation ->Spam */ } elseif (intval($_POST['date']) > Zeit -10) { /* too fast ->Spam */ } elseif (intval($_POST['date']) < Zeit -10*3600) { /* old form ->Spam */ } else { /* kein Spam¿ -> maybe additional inspections and processing of the entry */ }
# more code to form: echo '<input name="date" type="hidden" value="', time(), '" />'; ?>
" Only the term comparison of filtered out 76% of all spam. And because spam bots hidden input fields normally transferred unchecked, this field should be defaced by not even naming or encoding of the value."
Maybe someone can build a mod for Dolphin with this script.
Here is the link to the website with more information: http://1ngo.de/web/captcha-spam.html
|
Help!! Help!! hello everyone, im also sick of these spammers, i tried to block emails by doing the following but now when new members fill out the join form and click join at the bottom the page does not go anywhere... nothing happens... I tried to trouble shoot and removed the e-mail block from admin profile fields and it works fine, members are able to join but without the e-mail field... can someone tell me what the hell happen?
what is the original code that goes in in the admin>profile fields>emai> advance>check ?
Thanks
running 7.0.8
Time ago, prolaznik has published another way for restrict some of email providers of spammer on registration, I've added the email to ban, and this works very well for me..
Step1.
/inc/ design.inc.php
at the end of the file find bx_import('BxDolAlerts');
and add this ABOVE it.
function ForbidenEmailProvider($Email)
{ $ForbidenEmailProvider[] = "@163.com";
$ForbidenEmailProvider[] = "@sohu.com";
$ForbidenEmailProvider[] = "@21cn.com";
$ForbidenEmailProvider[] = "@gmx.com";
$ForbidenEmailProvider[] = "@126.com";
$ForbidenEmailProvider[] = "@qq.com";
$ForbidenEmailProvider[] = "@yahoo.cn";
$ForbidenEmailProvider[] = "@mx8168.net";
$ForbidenEmailProvider[] = "@110mail.net";
$ForbidenEmailProvider[] = "@buybrandshop.info";
$ForbidenEmailProvider[] = "@lenfos.com";
$ForbidenEmailProvider[] = "@mailinator.com";
$ForbidenEmailProvider[] = "@tom.com";
$ForbidenEmailProvider[] = "@hotmilitararygirls.com";
$ForbidenEmailProvider[] = "@speaktolearn.net";
$ForbidenEmailProvider[] = "@qtyhosting.com";
$ForbidenEmailProvider[] = "@12gohere.net";
$ForbidenEmailProvider[] = "@boxedchristmascards.ne";
$ForbidenEmailProvider[] = "@yeah.net";
$ForbidenEmailProvider[] = "@free-medicine.net";
$ForbidenEmailProvider[] = "@satiny.co.uk";
$ForbidenEmailProvider[] = "@energyforthehome.com";
$ForbidenEmailProvider[] = "@dunkssb.net";
$ForbidenEmailProvider[] = "@pumpkincarving.org";
$ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
$ForbidenEmailProvider[] = "@cooljordanshoestore.com";
$ForbidenEmailProvider[] = "@betfairmethods.com"; foreach($ForbidenEmailProvider as $key => $value) { if ( strpos("zyx".$Email,$value) > 0 ) return false; }
return true;
}
Step2.
in administration / builders / profile fields (join form) edit the email field click on advanced and replace
return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);
WITH THIS
return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );
Step3.
in administration / settings / languages settings look for
_FieldError_Email_Check
and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this
Invalid email address / or the email provider you are using is blacklisted.
or whatever you like.
That's it you can add more email providers or remove some
$ForbidenEmailProvider[] = "@someprovider.";
|
The problem may be reduced for a while. Over the weekend the FBI (IIRC) seized around 170 domains featuring all the stuff we have come to know and hate -Uggs, fake Prada, football jerseys etc.
Since that happened the spam has dropped right off.
As my site is entirely user content driven with anything up to 50 new content submission accounts opened per day (that is going up as we get a higher Alexa ranking) we have to be careful about who we ban and I have significant genuine membership (and readership) from Asia, including China that there is no benefit to an outright ban.
What I have found is that if one takes away the 'toys' they need then the benefit of signing up is taken away and eventually one really does get filtered from their target lists.
So, we removed all opportunities to drop live links from comments, profiles etc.
The Chineses still send me nice pics with a dead link but I am not overly worried about those. People actually look at the pics and I remove the ones I don't want to see. ;)
TheDundy's suggestion is a good one. Timing is worth a look at. A script can signup, drop a link and be gone in a second (depending upon how fast your site runs) As no human is so fast then blocking very fast (or very slow) signups/customisation/first post is viable.
That said I have seen some autoposting tools that even go as far as to mimic the activity of a human in terms of typing out entries one letter at a time with randomisation. Very cool stuff. ;)
|
So excuse my ignorance what does CAPTCHA do? |
help help help , i'v been in contact with a member hear who apparenty is from china, after this I received domain name registrants on my NOT READY , temporary unavailable website.
Can I name this individual and the registrant emails ??
I am no coder or understand techniqual jargon, just about understand HTML so can anyone assist in adding what others have added for security such as emails ect.
|
help help help , i'v been in contact with a member hear who apparenty is from china, after this I received domain name registrants on my NOT READY , temporary unavailable website.
Can I name this individual and the registrant emails ??
I am no coder or understand techniqual jargon, just about understand HTML so can anyone assist in adding what others have added for security such as emails ect.
Since all Dolphin site navigation structures are the same, it makes us very vulnerable to anyone looking; no matter if your published or not.
It's a matter of the search. Just this simple search term in google returns mostly "Dolphin" sites.
Make a search using "inurl:my_page/add/"
ManOfTeal.COM a Proud UNA site, six years running strong! |
WOW...
DRautenbach....i feel for you..
my website is getting hit pretty hard!!!!. within the last 3 months I probably deleted over 700 spam accounts. I'm at the point I'm not even sure whos real and who isn't on my site. All i been doing is mass deleting users. I tried some of the advises found in the forums and it doesn't appear to be working.
Its been non-stop and Arvixe who does the hosting of my site is ready to shut my site down. its that bad!!!!
I'm at a point I'm ready to shut my site down..
R
|
WOW...
DRautenbach....i feel for you..
my website is getting hit pretty hard!!!!. within the last 3 months I probably deleted over 700 spam accounts. I'm at the point I'm not even sure whos real and who isn't on my site. All i been doing is mass deleting users. I tried some of the advises found in the forums and it doesn't appear to be working.
Its been non-stop and Arvixe who does the hosting of my site is ready to shut my site down. its that bad!!!!
I'm at a point I'm ready to shut my site down..
R
Robin,
Adding the additional question,
i.e.
- "What is 5+5"
- "Are you Human?"
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
to the join form has stopped 98% of my spamming, IT WORKS
ManOfTeal.COM a Proud UNA site, six years running strong! |
WOW...
DRautenbach....i feel for you..
my website is getting hit pretty hard!!!!. within the last 3 months I probably deleted over 700 spam accounts. I'm at the point I'm not even sure whos real and who isn't on my site. All i been doing is mass deleting users. I tried some of the advises found in the forums and it doesn't appear to be working.
Its been non-stop and Arvixe who does the hosting of my site is ready to shut my site down. its that bad!!!!
I'm at a point I'm ready to shut my site down..
R
Robin,
Adding the additional question,
i.e.
- "What is 5+5"
- "Are you Human?"
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
to the join form has stopped 98% of my spamming, IT WORKS
Hello newton27,
Thanks for the reply back. Finally had a chance to sit down and try your idea.. will let you know what happens..
Within the last 3 days I had 250 spammers hit my site and Im hoping, hoping this will stop them.. thanks again.
cheers..
|
It has worked for me, I still get the occasional spammer, but I can tell their actually human.
China is no longer a problem using the "Join by Country" module on some sites.
The chase now is the ones using hotmail and gmail, which I cannot block.
ManOfTeal.COM a Proud UNA site, six years running strong! |
|
It happened to my site for the last couple weeks from the WALL and SPY module. i had to remove these two modules to stop spam. And so far is ok. Not sure that Wall and Spy have security issue. |
Hey newton27,
Thanks for the link, man it worked. the difference is day and night.
from getting 20 to 30 spam a day to getting 1 spam with the last 4 days..
works!!
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
Thanks
R
|
So what did you do on your site? May I view it please? Thanks
Hey newton27,
Thanks for the link, man it worked. the difference is day and night.
from getting 20 to 30 spam a day to getting 1 spam with the last 4 days..
works!!
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
Thanks
R
|
Your welcome Robin.
This should be a core feature or an option at the least.
Hey newton27,
Thanks for the link, man it worked. the difference is day and night.
from getting 20 to 30 spam a day to getting 1 spam with the last 4 days..
works!!
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
Thanks
R
ManOfTeal.COM a Proud UNA site, six years running strong! |
So what did you do on your site? May I view it please? Thanks
Hey newton27,
Thanks for the link, man it worked. the difference is day and night.
from getting 20 to 30 spam a day to getting 1 spam with the last 4 days..
works!!
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
Thanks
R
And this is another shot
And results after you submit join form
And this is what you get using the email blocking mod.
ManOfTeal.COM a Proud UNA site, six years running strong! |
Hey Newton,
Thanks man. I appreciate it. I also sent you an email regarding another question.
|
Hey Newton,
Thanks man. I appreciate it. I also sent you an email regarding another question.
your welcome, you have mail..
ManOfTeal.COM a Proud UNA site, six years running strong! |
Rules → http://www.boonex.com/terms |
I was having this issue, everyday 10 to 15 sign ups with nothing important or meaningful on my site, just a bare site and yet these sign ups from the crappy spam stuff.
Anyway, no more.
What happened, I had my splash page installed and template. The splash has all the standard questions to register (username, pwd, confirm pwd and email).
Then system takes you to a 2nd page of registration where you have to click on User Terms and their is a Captcha.
That is it.
Now I noticed no more spam sign ups. Zero.
Why am i telling you this? So that you too can avoid the same problem. I am not sure which portion of the sign up process has worked, but it has and it is such a joy.
|
I've figured out why the join button was ceasing to function for some on Prolaznik's fix...
In design.inc.php, the code in my file was different to others (unsure whether due to previous modifications or discrepancies between version 7.0.3 and other versions...
At the bottom of your design.inc.php, you should see the following two lines:-
$oZ = new BxDolAlerts('system', 'design_included', 0); $oZ->alert();
What is directly above these two lines? If you don't see the following line, then this will likely fix the issue:-
bx_import('BxDolAlerts');
Copy and paste the following into your design.inc.php file above:-
$oZ = new BxDolAlerts('system', 'design_included', 0); $oZ->alert();
===
//block registrations using specific email providers function ForbidenEmailProvider($Email)
{ $ForbidenEmailProvider[] = "@163.com"; $ForbidenEmailProvider[] = "@sohu.com"; $ForbidenEmailProvider[] = "@21cn.com"; $ForbidenEmailProvider[] = "@gmx.com"; $ForbidenEmailProvider[] = "@126.com"; $ForbidenEmailProvider[] = "@qq.com"; $ForbidenEmailProvider[] = "@yahoo.cn"; $ForbidenEmailProvider[] = "@mx8168.net"; $ForbidenEmailProvider[] = "@110mail.net"; $ForbidenEmailProvider[] = "@buybrandshop.info"; $ForbidenEmailProvider[] = "@lenfos.com"; $ForbidenEmailProvider[] = "@mailinator.com"; $ForbidenEmailProvider[] = "@tom.com"; $ForbidenEmailProvider[] = "@hotmilitararygirls.com"; $ForbidenEmailProvider[] = "@speaktolearn.net"; $ForbidenEmailProvider[] = "@qtyhosting.com"; $ForbidenEmailProvider[] = "@12gohere.net"; $ForbidenEmailProvider[] = "@boxedchristmascards.ne"; $ForbidenEmailProvider[] = "@yeah.net"; $ForbidenEmailProvider[] = "@free-medicine.net"; $ForbidenEmailProvider[] = "@satiny.co.uk"; $ForbidenEmailProvider[] = "@energyforthehome.com"; $ForbidenEmailProvider[] = "@dunkssb.net"; $ForbidenEmailProvider[] = "@pumpkincarving.org"; $ForbidenEmailProvider[] = "@theory-test-practice.co.uk"; $ForbidenEmailProvider[] = "@cooljordanshoestore.com"; $ForbidenEmailProvider[] = "@betfairmethods.com"; foreach($ForbidenEmailProvider as $key => $value) { if ( strpos("zyx".$Email,$value) > 0 ) return false; }
return true;
}
bx_import('BxDolAlerts');
===
The entire bottom of your design,inc.php page should read:-
$oForm = new BxTemplFormView($aForm);
bx_import('BxDolAlerts'); $sCustomHtmlBefore = ''; $sCustomHtmlAfter = ''; $oAlert = new BxDolAlerts('profile', 'show_login_form', 0, 0, array('oForm' => $oForm, 'sParams' => &$sParams, 'sCustomHtmlBefore' => &$sCustomHtmlBefore, 'sCustomHtmlAfter' => &$sCustomHtmlAfter, 'aAuthTypes' => &$aAuthTypes)); $oAlert->alert();
$sFormCode = '<div style="text-align: center; margin-top: 8px;"><a href="modules/?r=deanos_facebook_connect/login_form"><img border="0" src="' . BX_DOL_URL_ROOT . 'modules/deano/deanos_facebook_connect/templates/base/images/fbconnectbut.png"></a></div>' . $oForm->getCode(); $sJoinText = (strpos($sParams, 'no_join_text') === false) ? '<div class="login_box_text">' . _t('_login_form_description2join', BX_DOL_URL_ROOT) . '</div>' : ''; return $sCustomHtmlBefore . $sFormCode . $sCustomHtmlAfter . $sJoinText; }
//block registrations using specific email providers function ForbidenEmailProvider($Email)
{ $ForbidenEmailProvider[] = "@163.com"; $ForbidenEmailProvider[] = "@sohu.com"; $ForbidenEmailProvider[] = "@21cn.com"; $ForbidenEmailProvider[] = "@gmx.com"; $ForbidenEmailProvider[] = "@126.com"; $ForbidenEmailProvider[] = "@qq.com"; $ForbidenEmailProvider[] = "@yahoo.cn"; $ForbidenEmailProvider[] = "@mx8168.net"; $ForbidenEmailProvider[] = "@110mail.net"; $ForbidenEmailProvider[] = "@buybrandshop.info"; $ForbidenEmailProvider[] = "@lenfos.com"; $ForbidenEmailProvider[] = "@mailinator.com"; $ForbidenEmailProvider[] = "@tom.com"; $ForbidenEmailProvider[] = "@hotmilitararygirls.com"; $ForbidenEmailProvider[] = "@speaktolearn.net"; $ForbidenEmailProvider[] = "@qtyhosting.com"; $ForbidenEmailProvider[] = "@12gohere.net"; $ForbidenEmailProvider[] = "@boxedchristmascards.ne"; $ForbidenEmailProvider[] = "@yeah.net"; $ForbidenEmailProvider[] = "@free-medicine.net"; $ForbidenEmailProvider[] = "@satiny.co.uk"; $ForbidenEmailProvider[] = "@energyforthehome.com"; $ForbidenEmailProvider[] = "@dunkssb.net"; $ForbidenEmailProvider[] = "@pumpkincarving.org"; $ForbidenEmailProvider[] = "@theory-test-practice.co.uk"; $ForbidenEmailProvider[] = "@cooljordanshoestore.com"; $ForbidenEmailProvider[] = "@betfairmethods.com"; foreach($ForbidenEmailProvider as $key => $value) { if ( strpos("zyx".$Email,$value) > 0 ) return false; }
return true;
}
bx_import('BxDolAlerts'); $oZ = new BxDolAlerts('system', 'design_included', 0); $oZ->alert();
if ((int)$_GET['idAff']) BxDolService::call('inviter', 'accept_affiliate', array());
?>
Then also follow the other steps from Prolaznik:-
Step2.
in administration / builders / profile fields (join form) edit the email field click on advanced and replace
return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);
WITH THIS
return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );
Step3.
in administration / settings / languages settings look for
_FieldError_Email_Check
and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this
Invalid email address / or the email provider you are using is blacklisted.
or whatever you like.
That's it you can add more email providers or remove some
$ForbidenEmailProvider[] = "@someprovider.";
|
I was having this issue, everyday 10 to 15 sign ups with nothing important or meaningful on my site, just a bare site and yet these sign ups from the crappy spam stuff.
Anyway, no more.
What happened, I had my splash page installed and template. The splash has all the standard questions to register (username, pwd, confirm pwd and email).
Then system takes you to a 2nd page of registration where you have to click on User Terms and their is a Captcha.
That is it.
Now I noticed no more spam sign ups. Zero.
Why am i telling you this? So that you too can avoid the same problem. I am not sure which portion of the sign up process has worked, but it has and it is such a joy.
That's good, but, I do think it effects SEO to use a splash page, the jury is still out on this one.
ManOfTeal.COM a Proud UNA site, six years running strong! |
That's good, but, I do think it effects SEO to use a splash page, the jury is still out on this one.
Yeah, if the splash page knocked him so far down in the SERPs that not even the spammers could find him I wouldn't consider that a "fix" lol.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
For the splash page if it is set well and without limiting the entry at the site contents has no problems.. my site on Google with SEO is almost at the top..
i use the block for Spammers email that I have posted time ago in this forum, and block after 5 attempts to wrong password for 5-hour and i solved the problem of spam, from 3 months, 0 Spammers and 3000 real user..
Templates and Modules for Dolphin 7.3 http://www.boonex.com/market/posts/Giovanni_m |
Splash pages do not affect SERP, it all depends on how you set it up. At the end of the day, you can have the best SEO site with no members and you will not show.
SEO is not just about keywords, titles and content on page. You need hits as well and many other factors that we do not realize.
I would rather have a site with good number of members and have an average SEO, then the other way around.
Don't forget that the splash page is not the only page you SEO. You have many internal pages that also come into play that need to be SEO.
That's good, but, I do think it effects SEO to use a splash page, the jury is still out on this one.
Yeah, if the splash page knocked him so far down in the SERPs that not even the spammers could find him I wouldn't consider that a "fix" lol.
|
I have a splash page and my spam is dropped to 0 a big ZERO. Don't know exactly what part work the best but i think that my join.php is no more usable so maybe thats the reason or maybe recaptcha. But no bot or spammers. I am getting more signups due to the page looks like fb. lol so much to do.... |
So there you go, another living proof. Perhaps we should find out about users that have splash and don't and see which ones get more spam. not only that it may have something to do with the join page.
I have a splash page and my spam is dropped to 0 a big ZERO. Don't know exactly what part work the best but i think that my join.php is no more usable so maybe thats the reason or maybe recaptcha. But no bot or spammers. I am getting more signups due to the page looks like fb. lol
|
join.php is like a big fat magnet to spammers. Usually, they are going to run http://biglistopfdomainnames.com/join.php to find the pages to attack with spam maybe?
By adding a splash page, you've introduced a second step their scripts aren't prepared for?
http://towtalk.net ... Hosted by Zarconia.net! |
It looks like bots are used to search and join Dolphin sites. If site have some non standard features bots fail, some of the noticed features to prevent bots are:
- splitting join form into steps
- splash screen (I think splash involves hiding real join form too)
Rules → http://www.boonex.com/terms |
A little heads up. For all of you that have made use of these changes. Updating to 7.08 completely replaces the inc/design.inc.php file....
AAAARGH!
http://towtalk.net ... Hosted by Zarconia.net! |
i've done those changes but i still get like alots of spam suers registered from hotmail and gmail! this is not the way! cant we replace this chapta thing with rechapta or something more powerful? |
i've done those changes but i still get like alots of spam suers registered from hotmail and gmail! this is not the way! cant we replace this chapta thing with rechapta or something more powerful?
I still get the spammer accounts as well but no posting of blogs because of the spam tools provided.
Have you "enabled" the spam tools in your admin section, do you have your askimet key installed?
It's best to fine tune these settings along with using this added filter.
ManOfTeal.COM a Proud UNA site, six years running strong! |
So what did you do on your site? May I view it please? Thanks
Hey newton27,
Thanks for the link, man it worked. the difference is day and night.
from getting 20 to 30 spam a day to getting 1 spam with the last 4 days..
works!!
http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
Thanks
R
This is a follow up to this post because of some PM's I've received; I realized I didn't actually post how I added this math question, so here it is.
Go to admin-->builders-->profile fields || drag a new item/block up
click on block and add
System Name --> MathQuestion
Caption --> What is 5+5?
Description--> To complete the join form, you must prove your human.
select "Text" from drop down at the bottom,
Then click on Advanced tab on top, check off mandatory and set min value to 1 and max value to 10
In the "check" field put this;
return strtolower($arg0) == '10';
Click save.. Make new language key for block name .
This is actually an edit of
rhimpr's post from another topic, http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm
ManOfTeal.COM a Proud UNA site, six years running strong! |
I love this thread and hopefully it has helped a lot of people.. hopefully it will also make Boonex realize they REALLY needs some sort of pagination for this forum. This page is huggggggge lol. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Son, I am dissapoint.
CRTL + F , "cloudflare" ... nothing..
I have one word for you all, "cloudflare".
|
I love this thread and hopefully it has helped a lot of people.. hopefully it will also make Boonex realize they REALLY needs some sort of pagination for this forum. This page is huggggggge lol.
There's a bigger one. Just check out Ilbellodelwebs IBDW support thread.
http://towtalk.net ... Hosted by Zarconia.net! |
Its nothing fancy but I had 1 to 5 spam accounts a day signing up on the site. It was getting exhausting. I added a new question to the join form and maybe see one account a month now. Example "If you are human enter the number 1 in the box". Use the built in matching boonex already has and if the number one is not entered then the form does not go through and no membership created. This works because these memberships are automated bots and not actually real people. My site is great now!
Create a New field in the Join Form
Builders- Profile Fields- Join Form
-
System Name "RUHUMAN"
-
Caption: Enter the number "1" here to prove you are human.
-
Description: Enter the number "1" to prove you are human and not an automated robot.
-
Type: Number
-
Mandatory: Yes
-
Min Value: 1
-
Max Value: 1
-
Default Value: 0
- Anything not mentioned for this section leave it blank
-
Mandatory Error Messages: You must type the number 1 in this field to prove you are human.
- Enter this same message in both the Minimum and Maximum blocks and leave the rest blank.
NOW CLICK SAVE
Just drag and drop the "RUHUMAN" block where you want it to show up on your join form. Unless someone enters the number "1" the form should not process. That should stop most automated registrations. It did for me. I dont think I forgot anything. That should be all you have to do.
|
I have added the 5+5 question and changed the join.php to register.php and now waiting for the effect it shows. What you think should i need something else? so much to do.... |
@Prashank25
Sounds like you are set up pretty good. Just wait and see if that produces your desired results.
|
Its nothing fancy but I had 1 to 5 spam accounts a day signing up on the site. It was getting exhausting. I added a new question to the join form and maybe see one account a month now. Example "If you are human enter the number 1 in the box". Use the built in matching boonex already has and if the number one is not entered then the form does not go through and no membership created. This works because these memberships are automated bots and not actually real people. My site is great now!
Create a New field in the Join Form
Builders- Profile Fields- Join Form
-
System Name "RUHUMAN"
-
Caption: Enter the number "1" here to prove you are human.
-
Description: Enter the number "1" to prove you are human and not an automated robot.
-
Type: Number
-
Mandatory: Yes
-
Min Value: 1
-
Max Value: 1
-
Default Value: 0
- Anything not mentioned for this section leave it blank
-
Mandatory Error Messages: You must type the number 1 in this field to prove you are human.
- Enter this same message in both the Minimum and Maximum blocks and leave the rest blank.
NOW CLICK SAVE
Just drag and drop the "RUHUMAN" block where you want it to show up on your join form. Unless someone enters the number "1" the form should not process. That should stop most automated registrations. It did for me. I dont think I forgot anything. That should be all you have to do.
I tried this 2 days ago and it looks like it has stopped those bots
THANKS!!!!
|
Its nothing fancy but I had 1 to 5 spam accounts a day signing up on the site. It was getting exhausting. I added a new question to the join form and maybe see one account a month now. Example "If you are human enter the number 1 in the box". Use the built in matching boonex already has and if the number one is not entered then the form does not go through and no membership created. This works because these memberships are automated bots and not actually real people. My site is great now!
Create a New field in the Join Form
Builders- Profile Fields- Join Form
-
System Name "RUHUMAN"
-
Caption: Enter the number "1" here to prove you are human.
-
Description: Enter the number "1" to prove you are human and not an automated robot.
-
Type: Number
-
Mandatory: Yes
-
Min Value: 1
-
Max Value: 1
-
Default Value: 0
- Anything not mentioned for this section leave it blank
-
Mandatory Error Messages: You must type the number 1 in this field to prove you are human.
- Enter this same message in both the Minimum and Maximum blocks and leave the rest blank.
NOW CLICK SAVE
Just drag and drop the "RUHUMAN" block where you want it to show up on your join form. Unless someone enters the number "1" the form should not process. That should stop most automated registrations. It did for me. I dont think I forgot anything. That should be all you have to do.
I tried this 2 days ago and it looks like it has stopped those bots
THANKS!!!!
Your welcome Tony! Just make sure you are able to still sign up with a legitimate account. Create a test account to make sure it works as it should. Try the wrong numbers a few times and then the right one to make sure it will still create new accounts. Hey my first instruction mod! Glad it helped. Ive seen where where other people have done it to their installations but I never yet seen where someone broke it down step by step and tell you how to do it. Maybe they have though. I am a skim reader sometimes and a lot of information on here I have not seen yet.
|
5 + 5 could possibly be perceived as a question a bot could answer at some point. This idea has been around for a small amount of time and it is one most bot creators aren't tackling yet.
That is the secret word though .... yet.
5 plus five would be better than 5+5 in my book. Just a thought...
http://towtalk.net ... Hosted by Zarconia.net! |
@DRautenbach This seems like a deja vu :) I’ve been using Dolphin for about 5 years now. And the most critical issues I’ve been encountering with Dolphin has been with SECURITY. My Blogs were getting approved somehow without my approval, things were getting published on my site without my approval - at one point, I had to shutdown my site because it looked like a Marketing Hub for China :-) My Dolphin sites have been consuming so much resources on my dedicated server to the point where it brought down my whole server. As result, I paid the consequences..
Long story short: Get hold of Mr. MSCOTT at: http://www.boonex.com/mscott - I can assure you that you will be happy with the results..
It took me 5 years of headaches with some Chinese & Russian SPAMMERS, and now for the last 7 months after I applied some security Mods with the help of MSCOTT - I can focus on my business in hopes to make some revenues and not spend my wheels chasing CHINA !
Mr. MSCOTT has saved me all the security headaches I encountered for the last 5yrs. He installed Mod_security and CSF firewall and he added some custom security work that he put together for his sites/clients, and he configured everything for me properly. I just can’t thank him enough for the great assistance and the extra efforts he has done for me to make my Dolphin sites as stable as they are today and most importantly. Today, I have NO more SPAMs, no more fake emails, and no more intrusions :-)
To see what I am talking about, here are some Alerts/Hackers from China & Russia I’ve been getting and were STOPPED promptly before they could harm my system:
IP: 222.186.24.25 (CN/China/-) Failures: 3 (mod_security) Interval: 300 seconds Blocked: Permanent Block
IP: 188.143.232.8 (RU/Russian Federation/-) Failures: 3 (mod_security) Interval: 300 seconds Blocked: Permanent Block
I would highly recommend MSCOTT to any one who is or has been having security issues with his Dolphin sites, you will be happy with his services indeed. I am :-)
Regards,
|
Hello @Morocco,
I'm using mod_security too and splitting join form. Today, I have no more spammers' registrations. But I have a member who is often banned by csf and mod_security and who is not a spammer. I don't understand why this member is always banned and I don't find the rule which ban my member. Is it possible that you give me your mod_security rules ?
Thank you. Alex. |
@Aleka2a: Any time mod_sec bans someone is lists a rule number in the email it sends you. Just take that rule number and search for it in /usr/loacal/apache/conf/modsec2.user.conf
The only rule I have ever had problems with when using Dolphin is #950004, it thinks the smileys :-) are XSS attempts and blocks the person. Was the person you mentioned using smileys in their description?
@Morocco, thanks bro!!!
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
@Aleka2a: Any time mod_sec bans someone is lists a rule number in the email it sends you. Just take that rule number and search for it in /usr/loacal/apache/conf/modsec2.user.conf
The only rule I have ever had problems with when using Dolphin is #950004, it thinks the smileys :-) are XSS attempts and blocks the person. Was the person you mentioned using smileys in their description?
@Morocco, thanks bro!!!
mscott,
I installed the module mod_evasive; helps protect the server from DDOS attacks and mod_security; helps protect the server from attacks right?
I find that when uploading music now I get a 403 forbidden error on pages, am I blocking myself?
I'm new to server's, this one has been running for couple years without these installed; I decided to install to be safer. Here is a link to my server phpinfo http://www.duvallocals.info/phpinfo.php
I might add, after uploading a music file is when I get a temp ban, then am able to view pages again. Is this normal? I don't want members to see these blocks. I have no problems with spam now that I did the math question, I just thought I'd add extra security..
I followed this http://www.linuxlog.org/?p=135 to do the install.
I guess the question I want to ask is, can this be "loosened" some?
Thanks in advance
ManOfTeal.COM a Proud UNA site, six years running strong! |
I've never used mod_evasive before. I looked into it at one point but I found lots of people who weren't really happy with it plus I had never really had a problem wtih DDOS attacks.
To figure out what's blocking you look in your error log (usr/local/apache/logs/error_log) right after you try and upload a song. If it was mod_evasive you can change the settings in http.conf. I found these through Google, but like I said I've never used it so this is just a shot in the dark:
<IfModulemod_evasive20.c>
DOSHashTableSize 4096
DOSPageCount 5
DOSSiteCount 50
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 25
DOSEmailNotify email@site.com
</IfModule>
After you change the settings don't forget to restart apache.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thanks, I seen that during the install. Increasing these numbers might help?
I found that no media will play now, audio or video, you tube embeds play fine.
I guess I will try to back out the install.
ManOfTeal.COM a Proud UNA site, six years running strong! |
If it's mod_security blocking the media from playing it will add a line in /usr/local/apache/logs/error_log everytime it happens. If you don't see anything in there it must be something else.
You can also install this free mod_sec control panel that will let you turn it on and off easily:
http://configserver.com/cp/cmc.html
If you turn mod_sec off and the media still doesn't play then something else is causing it.
If you add that email line to the mod_evasive config in http.conf it should email you every time it blocks something.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
@Aleka2a: Any time mod_sec bans someone is lists a rule number in the email it sends you. Just take that rule number and search for it in /usr/loacal/apache/conf/modsec2.user.conf
The only rule I have ever had problems with when using Dolphin is #950004, it thinks the smileys :-) are XSS attempts and blocks the person. Was the person you mentioned using smileys in their description?
@Morocco, thanks bro!!!
Hello mscott,
I did not know that CSF could send an email to each banishment. Thank you for the info and sorry for the late reply (internet access problem).
The person I mentioned doesn't use smileys in his description.
Alex. |
Yes, it sends an email for each one to the email address for the root account.
If you aren't getting the emails just check the Apache error log and the rule numbers are listed there too.
@Aleka2a: Any time mod_sec bans someone is lists a rule number in the email it sends you. Just take that rule number and search for it in /usr/loacal/apache/conf/modsec2.user.conf
The only rule I have ever had problems with when using Dolphin is #950004, it thinks the smileys :-) are XSS attempts and blocks the person. Was the person you mentioned using smileys in their description?
@Morocco, thanks bro!!!
Hello mscott,
I did not know that CSF could send an email to each banishment. Thank you for the info and sorry for the late reply (internet access problem).
The person I mentioned doesn't use smileys in his description.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
I was out messing around on another site and I spotted something that intrigued me.
When they created their bot question, they just left it blank. Right next to it was the caption (Bot trap, please leave blank)
It must work. I can see a bot trying to put something in the box.
http://towtalk.net ... Hosted by Zarconia.net! |
ManOfTeal.COM a Proud UNA site, six years running strong! |
Thank you all for your posts. I have added both the blank field and the "enter number" field to my join page. We'll see what happens. |
This topic needs to be put on the active topics list so it remains at the top. As far as I am concerned, it is the single best thread on this site for information on how to solve spam issues. Since so many of you seem to be burning up the forum with the spam question again, I thought I'd make it easier to find....
I'm just sayin....
http://towtalk.net ... Hosted by Zarconia.net! |
Thank you all for your posts. I have added both the blank field and the "enter number" field to my join page. We'll see what happens.
If you need to you can do the split of the join form making it a two step process which is the best block for bots.
"Split Join Form
You are able to split the Join form into the several pages, just "transfer" some blocks to the next pages: Click on Join block title in join area and in an opened window of its properties choose Join Page different from "0", and Save. That's all. The new Join page is created and your block is transferred to this page."
http://www.boonex.com/trac/dolphin/wiki/ProfileFieldsBuilder
ManOfTeal.COM a Proud UNA site, six years running strong! |
Csampson |
Since I have allowed registrations from US IP addresses only, and at the same time integrated Maxmind's proxy detection service, which blocks access to the join form via US based anonymous proxy servers, I have not had a single spammer registration in two years. I don't use any of the built in anti spam tools Prior to that, it was about a dozen a day. If your site has a local focus, this is a highly effective way to stop spammer registrations.
Spammers outside the US don't seem to care if you can trace their origin. Spammers inside the US however, don't seem to want anyone to track them down, so they ALL appear to work through anonymous proxies, and the Maxmind service is excellent for this. In the unlikely event you get a spammer registration from an IP that can be associated with an individual, you have ways to make their pathetic life miserable. Maxmind has an excellent service...not sure why I'm the only one here that uses it. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
ManOfTeal.COM a Proud UNA site, six years running strong! |
the math addition question and split join pages has worked 100% for me
and yes blocking china too lol
|
Thanks to everyone for sharing. Yesterday, I used the step by step instructions given by Giovanni_m above and it worked 100%. I came in today to find no spammer where normally I would have had up to 30 new members! Thanks to Boonex for providing this platform even though they fall short in offering the necessary tutorials themselves. New at this but getting there |
|