Previous Thread
Next Thread
Print Thread
Rate Thread
#212086 10/07/2001 6:33 PM
Joined: Jul 2001
Posts: 14
Newbie
Newbie
Offline
Joined: Jul 2001
Posts: 14
I thought this problem was fixed yet my board was subjected to an attack yesterday of someone making mass threads under any nickname he chose. It could have been a lot worse if someone would have done a little more scripting to make random usernames/subjects/messages but it was a basic script and they didn't do it for very long. I somewhat stopped them because they were coming from the same IP but it didn't seem that the ban on the IP in the admin section worked. I just hardcoded the IP into addpost.php I thought that this line was supposed to prevent this:

// Make sure this isn't being called via GET
if ($GLOBALS[REQUEST_METHOD] == "GET") {
exit;
}

Any ideas how this would be possible to stop? I'm using PHP version 5.4.2

Sponsored Links
Joined: May 1999
Posts: 3,039
Guru
Guru
Offline
Joined: May 1999
Posts: 3,039
That bit of code you presented only prevents them from calling the forms via the GET method. It sounds like maybe they have created a form that manipulates the REFERER variable and allows for submissions. There really isn't an easy way to fix this, but it's been requested to have some sort of timer on posting so this is something I've been trying to figure out how to work this one.

Right now it's necessary to ban the IP. This feature should work, but it might be necessary to upgrade.


UBB.threads Developer
Sally #212088 10/07/2001 11:49 PM
Joined: Apr 2001
Posts: 50
Journeyman
Journeyman
Offline
Joined: Apr 2001
Posts: 50
That won't be an easy issue to handled with but I thought a credit system should at least help to prevent from spamming.

I thought we should first think of this question: 'why did users keep spamming?'.

* maybe they're not satisfied with your web service, or argue with you or someone
* maybe just want to increase the number of post to be on the top of the billboard

So if there's a credit system, the administrator can then define their own rule on postings. They have to manage the user levels & authorities, limitations to their communirty. For instance, you can define a new registered user a READ-ONLY authority during the first 3 days after they get registered. Or you can define not to accumulate the number of post if a message is less then 3 lines. Or to put bounds on the number of concurrent threads from the same IP, etc.

Mr. B #212089 10/08/2001 5:25 AM
Joined: Jul 2001
Posts: 14
Newbie
Newbie
Offline
Joined: Jul 2001
Posts: 14
This person can put in any username they want (even other people's nicks) so the spam protection would have to be based at least somewhat on IP.

Joined: May 1999
Posts: 3,039
Guru
Guru
Offline
Joined: May 1999
Posts: 3,039
What version are you current running?


UBB.threads Developer
Sponsored Links
Sally #212091 10/08/2001 10:07 AM
Joined: Jul 2001
Posts: 14
Newbie
Newbie
Offline
Joined: Jul 2001
Posts: 14
5.4.2

Joined: May 1999
Posts: 3,039
Guru
Guru
Offline
Joined: May 1999
Posts: 3,039
If you can you might want to upgrade. There have been some changes to the ban function that should eliminate the problems you are having with it.


UBB.threads Developer
Sally #212093 10/09/2001 5:55 AM
Joined: Jul 2001
Posts: 14
Newbie
Newbie
Offline
Joined: Jul 2001
Posts: 14
I plan to upgrade when I get some time to put all my hacks into the new version. []/testimages/icons/smile.gif[/] If it doesn't do so in 5.4.4 already, you should check the IP ban before the username ban.


Link Copied to Clipboard
Donate Today!
Donate via PayPal

Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.

Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
Recommended Hosts
We have personally worked with and recommend the following Web Hosts:
Stable Host
bluehost
InterServer
Visit us on Facebook
Member Spotlight
Posts: 70
Joined: January 2007
Forum Statistics
Forums63
Topics37,573
Posts293,925
Members13,849
Most Online5,166
Sep 15th, 2019
Today's Statistics
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
Top Posters
AllenAyres 21,079
JoshPet 10,369
LK 7,394
Lord Dexter 6,708
Gizmo 5,833
Greg Hard 4,625
Top Posters(30 Days)
Top Likes Received
isaac 82
Gizmo 20
Brett 7
Morgan 2
Top Likes Received (30 Days)
None yet
The UBB.Developers Network (UBB.Dev/Threads.Dev) is ©2000-2024 VNC Web Services

 
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20221218)