I'm getting the same spam attack on my site. Eric's reCaptcha plugin doesn't
work with web-kit browsers, so I haven't implemented it on my site yet.
The latest attack over the past few weeks has been the same 11name99 pattern
other users are reporting. Thanks for the code to ban
certain patterns, I'll put it on my site and give it a try. :)
I'd like to be
able to setup my site where a user has to verify their email address
before their updates are listed on the public timeline. With
my limited scripting knowledge, I know there probably isn't an easy way to
do that, but I'd appreciate any ideas.
A friend of mine setup an easy way to "ban" users with a script I've
attached. It will hide the banned users updates from the public timeline as
well as reset their profile and show them as banned.
-Greg
On Sun, Aug 2, 2009 at 2:45 PM, Evan Prodromou <[email protected]>wrote:
> egasus egasus wrote:
>
>>
>> Same here
>> now i am getting a similar spam attack..
>>
>>
> OK, that's definitely very serious.
>
> First thing I'd suggest is using Eric Helgeson's reCaptcha plugin for
> registration:
>
>
> http://gitorious.org/~erichelgeson/laconica/eric-dev2/trees/recaptcha-plugin<
> http://gitorious.org/%7Eerichelgeson/laconica/eric-dev2/trees/recaptcha-plugin
> >
>
> I haven't tried it or tested it but it's probably the best thing to use
> right now.
>
> Second, if you're sure there's a pattern in the user names, try this
> snippet of code in config.php:
>
> http://pastebin.ca/1516064
>
> Change the $nicknamePatterns global variable to suit your needs.
>
> Clearly we have a lot of work to do on the spamming end; at the very least
> we need plugins to support context-oriented tools like Bad Behaviour and
> SURBL as well as content-oriented tools like Bayesian filters, blocklists,
> Akismet, Mollom, and Defensio. More captcha tools and intelligence tests are
> probably worthwhile, too.
>
> -Evan
>
> --
> Evan Prodromou
> CEO, Control Yourself, Inc.
> [email protected] - http://identi.ca/evan - +1-514-554-3826
>
>
> _______________________________________________
> Laconica-dev mailing list
> [email protected]
> http://mail.laconi.ca/mailman/listinfo/laconica-dev
>
<?php
$db_user = "database_username";
$db_pass = "database_password";
$db_host = "database_hostname";
$db_name = "database_name";
$filename = "/home/path/to/laconica/config.php";
$userpass = "form_password";
$user = $_POST['un'];
$edited = Array();
$users = Array();
function banLaconica ( $user )
{
//Select the user's ID number. We'll use this to edit the profile and
hide the updates later.
global $result;
global $edited;
global $users;
$result = mysql_query( "SELECT `id` FROM `profile` WHERE `nickname` =
'$user' LIMIT 1;");
$results = mysql_fetch_array($result);
if ( !$results )
{
die("This user doesn't exist!"); //Just in case... :)
}
//Store user's ID for later use.
$uid = $results[0];
mysql_free_result( $result );
$result = mysql_query( "UPDATE `profile` SET `homepage` = NULL, `bio` =
'BANNED', `location` = NULL, `modified` = NOW() WHERE `id` = ".$uid." LIMIT
1;");
$edited[] = $uid;
$users[] = $user;
echo "Edited record for ".$user." (id = ".$uid.").<br />";
$result = mysql_query( "UPDATE `notice` SET `is_local` = -1, `modified`
= NOW() WHERE `profile_id` = ".$uid.";");
echo "Edited ". mysql_affected_rows()." notice records for ".$user."<br
/>";
}
if ( isset( $_POST['un'] ) && isset( $_POST['password'] ) && $_POST['password']
== $userpass )
{
$connect = mysql_connect($db_host, $db_user, $db_pass, $db_name);
if (!$connect)
{
die('A mySQL error has occured: ' . mysql_error());
}
mysql_select_db( $db_name, $connect );
$users = explode("\n", $_POST['un'] );
foreach( $users as $toban )
{
banLaconica( $toban );
}
echo "<b>".count( $edited )."</b> record(s) in profiles table were
edited.<br />";
$file = fopen( $filename, "a");
for ( $i = 0; $i < count( $edited ); $i++ )
{
fwrite( $file, '$config[\'profile\'][\'banned\'][] =
'.$edited[$i].'; //Ban on user: '.$users[$i] );
}
fclose( $file );
echo "<b>".count( $edited )."</b> ban records were added to the config
file.<br />";
}
else
{
echo "<form action=\"".$PHP_SELF."\" method=\"POST\"><table>";
echo "<tr><td>Usernames</td><td><textarea
name=\"un\"></textarea></td></tr>";
echo "<tr><td>Password</td><td><input type=\"password\"
name=\"password\" \></td></tr>";
echo "<tr><td> </td><td><input type=\"submit\" value=\"Ban\"
/></td>";
echo "</table></form>";
echo "<p>Enter the usernames to ban, one per line.</p>";
}
?>
_______________________________________________
Laconica-dev mailing list
[email protected]
http://mail.laconi.ca/mailman/listinfo/laconica-dev
