UBB.Dev
Posted By: 3DUSER Post Flooding - 10/08/2001 1:33 AM
I thought this problem was fixed yet my board was subjected to an attack yesterday of someone making mass threads under any nickname he chose. It could have been a lot worse if someone would have done a little more scripting to make random usernames/subjects/messages but it was a basic script and they didn't do it for very long. I somewhat stopped them because they were coming from the same IP but it didn't seem that the ban on the IP in the admin section worked. I just hardcoded the IP into addpost.php I thought that this line was supposed to prevent this:

// Make sure this isn't being called via GET
if ($GLOBALS[REQUEST_METHOD] == "GET") {
exit;
}

Any ideas how this would be possible to stop? I'm using PHP version 5.4.2
Posted By: Rick Re: Post Flooding - 10/08/2001 4:08 AM
That bit of code you presented only prevents them from calling the forms via the GET method. It sounds like maybe they have created a form that manipulates the REFERER variable and allows for submissions. There really isn't an easy way to fix this, but it's been requested to have some sort of timer on posting so this is something I've been trying to figure out how to work this one.

Right now it's necessary to ban the IP. This feature should work, but it might be necessary to upgrade.
Posted By: dannylin Re: Post Flooding - 10/08/2001 6:49 AM
That won't be an easy issue to handled with but I thought a credit system should at least help to prevent from spamming.

I thought we should first think of this question: 'why did users keep spamming?'.

* maybe they're not satisfied with your web service, or argue with you or someone
* maybe just want to increase the number of post to be on the top of the billboard

So if there's a credit system, the administrator can then define their own rule on postings. They have to manage the user levels & authorities, limitations to their communirty. For instance, you can define a new registered user a READ-ONLY authority during the first 3 days after they get registered. Or you can define not to accumulate the number of post if a message is less then 3 lines. Or to put bounds on the number of concurrent threads from the same IP, etc.
Posted By: 3DUSER Re: Post Flooding - 10/08/2001 12:25 PM
This person can put in any username they want (even other people's nicks) so the spam protection would have to be based at least somewhat on IP.
Posted By: Rick Re: Post Flooding - 10/08/2001 3:09 PM
What version are you current running?
Posted By: 3DUSER Re: Post Flooding - 10/08/2001 5:07 PM
5.4.2
Posted By: Rick Re: Post Flooding - 10/09/2001 4:55 AM
If you can you might want to upgrade. There have been some changes to the ban function that should eliminate the problems you are having with it.
Posted By: 3DUSER Re: Post Flooding - 10/09/2001 12:55 PM
I plan to upgrade when I get some time to put all my hacks into the new version. []/testimages/icons/smile.gif[/] If it doesn't do so in 5.4.4 already, you should check the IP ban before the username ban.
© UBB.Developers