php-general Digest 12 Oct 2012 08:28:09 -0000 Issue 8003
Topics (messages 319422 through 319429):
Re: Beneficial site spamming framework
319422 by: Joshua Kehn
319423 by: Ashley Sheridan
319424 by: Maciek Sokolewicz
319425 by: Maciek Sokolewicz
319427 by: tamouse mailing lists
appreciation
319426 by: David McGlone
319428 by: tamouse mailing lists
319429 by: Lester Caine
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
while true; do curl -X POST --data "field=value&field1=value1"
http://myblog.com/comment.php; done
Best,
–Josh
____________________________________
Joshua Kehn | @joshkehn
http://joshuakehn.com
On Oct 11, 2012, at 4:07 PM, Paul M Foster <pa...@quillandmouse.com> wrote:
> Folks:
>
> I've been getting spam comments on my personal blog (runs on
> self-written PHP blog software). I'd like to test some methods I've
> devised to prevent or block it. Does anyone know of a very lightweight
> framework for simulating an automated "form fill-out" on a site?
> Something where you could just add some code to designate the site for
> the "attack" and then what fields you wanted to send?
>
> This should be a relatively simple task for PHP and curl, but I'm not
> really familiar with the headers and that part of the HTTP conversation.
> Yes, I know this is a risky question for a public list. Feel free to
> contact me privately if you think the answer shouldn't be in the
> archives of a public list. Likewise, if you can point me to a source of
> quickly absorbable research on the subject. I frankly don't know how I'd
> google such a thing.
>
> Paul
>
> --
> Paul M. Foster
> http://noferblatz.com
> http://quillandmouse.com
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Joshua Kehn <j...@kehn.us> wrote:
>while true; do curl -X POST --data "field=value&field1=value1"
>http://myblog.com/comment.php; done
>
>Best,
>
>–Josh
>____________________________________
>Joshua Kehn | @joshkehn
>http://joshuakehn.com
>
>On Oct 11, 2012, at 4:07 PM, Paul M Foster <pa...@quillandmouse.com>
>wrote:
>
>> Folks:
>>
>> I've been getting spam comments on my personal blog (runs on
>> self-written PHP blog software). I'd like to test some methods I've
>> devised to prevent or block it. Does anyone know of a very
>lightweight
>> framework for simulating an automated "form fill-out" on a site?
>> Something where you could just add some code to designate the site
>for
>> the "attack" and then what fields you wanted to send?
>>
>> This should be a relatively simple task for PHP and curl, but I'm not
>> really familiar with the headers and that part of the HTTP
>conversation.
>> Yes, I know this is a risky question for a public list. Feel free to
>> contact me privately if you think the answer shouldn't be in the
>> archives of a public list. Likewise, if you can point me to a source
>of
>> quickly absorbable research on the subject. I frankly don't know how
>I'd
>> google such a thing.
>>
>> Paul
>>
>> --
>> Paul M. Foster
>> http://noferblatz.com
>> http://quillandmouse.com
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
To avoid having to create your own anti-spam system, I recommend Akismet, which
weights posts allowing you to set a rejection threshold. The great thing is
that it is constantly improving over time.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--- End Message ---
--- Begin Message ---
On 11-10-2012 22:18, Ashley Sheridan wrote:
I've been getting spam comments on my personal blog (runs on
self-written PHP blog software). I'd like to test some methods I've
devised to prevent or block it. Does anyone know of a very
lightweight
framework for simulating an automated "form fill-out" on a site?
Something where you could just add some code to designate the site
for
the "attack" and then what fields you wanted to send?
This should be a relatively simple task for PHP and curl, but I'm not
really familiar with the headers and that part of the HTTP
conversation.
Yes, I know this is a risky question for a public list. Feel free to
contact me privately if you think the answer shouldn't be in the
archives of a public list. Likewise, if you can point me to a source
of
quickly absorbable research on the subject. I frankly don't know how
I'd
google such a thing.
Paul
--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
To avoid having to create your own anti-spam system, I recommend Akismet, which
weights posts allowing you to set a rejection threshold. The great thing is
that it is constantly improving over time.
I've recently looked into the more modern captcha systems. I personally
can't stand the "standard" captcha of having to decipher what characters
are present on a distorted image. The last few years I've noticed that
more and more often I can't decipher what an image is supposed to say.
And after a few tries of unsuccesful replying what the image says, I
just give up. This seems to be a reverse-Turing-test by now. Computers
being able to guess better than humans.
Anyway, I wrote my own captcha system. I've noticed that simple things
like "what is the capital of the USA?" and then being able to choose
"Hong-Kong, Washington or Rome" or a question like "Is water wet or
dry?" work very very well. Just make up a bunch of these, and then
randomly pick one to have people answer on your blog. It completely
stopped registration spam on my forum. Simply because bots don't
understand such questions.
- Tul
--- End Message ---
--- Begin Message ---
On 11-10-2012 22:18, Ashley Sheridan wrote:
I've been getting spam comments on my personal blog (runs on
self-written PHP blog software). I'd like to test some methods I've
devised to prevent or block it. Does anyone know of a very
lightweight
framework for simulating an automated "form fill-out" on a site?
Something where you could just add some code to designate the site
for
the "attack" and then what fields you wanted to send?
This should be a relatively simple task for PHP and curl, but I'm not
really familiar with the headers and that part of the HTTP
conversation.
Yes, I know this is a risky question for a public list. Feel free to
contact me privately if you think the answer shouldn't be in the
archives of a public list. Likewise, if you can point me to a source
of
quickly absorbable research on the subject. I frankly don't know how
I'd
google such a thing.
Paul
--
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
To avoid having to create your own anti-spam system, I recommend Akismet, which
weights posts allowing you to set a rejection threshold. The great thing is
that it is constantly improving over time.
I've recently looked into the more modern captcha systems. I personally
can't stand the "standard" captcha of having to decipher what characters
are present on a distorted image. The last few years I've noticed that
more and more often I can't decipher what an image is supposed to say.
And after a few tries of unsuccesful replying what the image says, I
just give up. This seems to be a reverse-Turing-test by now. Computers
being able to guess better than humans.
Anyway, I wrote my own captcha system. I've noticed that simple things
like "what is the capital of the USA?" and then being able to choose
"Hong-Kong, Washington or Rome" or a question like "Is water wet or
dry?" work very very well. Just make up a bunch of these, and then
randomly pick one to have people answer on your blog. It completely
stopped registration spam on my forum. Simply because bots don't
understand such questions.
- Tul
--- End Message ---
--- Begin Message ---
On Thu, Oct 11, 2012 at 6:59 PM, Maciek Sokolewicz <tula...@php.net> wrote:
> On 11-10-2012 22:18, Ashley Sheridan wrote:
>>>>
>>>> I've been getting spam comments on my personal blog (runs on
>>>> self-written PHP blog software). I'd like to test some methods I've
>>>> devised to prevent or block it. Does anyone know of a very
>>>
>>> lightweight
>>>>
>>>> framework for simulating an automated "form fill-out" on a site?
>>>> Something where you could just add some code to designate the site
>>>
>>> for
>>>>
>>>> the "attack" and then what fields you wanted to send?
>>>>
>>>> This should be a relatively simple task for PHP and curl, but I'm not
>>>> really familiar with the headers and that part of the HTTP
>>>
>>> conversation.
>>>>
>>>> Yes, I know this is a risky question for a public list. Feel free to
>>>> contact me privately if you think the answer shouldn't be in the
>>>> archives of a public list. Likewise, if you can point me to a source
>>>
>>> of
>>>>
>>>> quickly absorbable research on the subject. I frankly don't know how
>>>
>>> I'd
>>>>
>>>> google such a thing.
>>>>
>>>> Paul
>>>>
>>>> --
>>>> Paul M. Foster
>>>> http://noferblatz.com
>>>> http://quillandmouse.com
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>
>> To avoid having to create your own anti-spam system, I recommend Akismet,
>> which weights posts allowing you to set a rejection threshold. The great
>> thing is that it is constantly improving over time.
>>
> I've recently looked into the more modern captcha systems. I personally
> can't stand the "standard" captcha of having to decipher what characters are
> present on a distorted image. The last few years I've noticed that more and
> more often I can't decipher what an image is supposed to say. And after a
> few tries of unsuccesful replying what the image says, I just give up. This
> seems to be a reverse-Turing-test by now. Computers being able to guess
> better than humans.
>
> Anyway, I wrote my own captcha system. I've noticed that simple things like
> "what is the capital of the USA?" and then being able to choose "Hong-Kong,
> Washington or Rome" or a question like "Is water wet or dry?" work very very
> well. Just make up a bunch of these, and then randomly pick one to have
> people answer on your blog. It completely stopped registration spam on my
> forum. Simply because bots don't understand such questions.
>
> - Tul
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
The reCAPTCHA de facto standard most sites use is painful for many of
us. Many times I cannot decipher the visual words, and the audio
version is quite impossible for me to figure out.
The http://textcaptcha.com/ site has some very good ideas about using
captchas, and even *more* insight into why you might not need them at
all: http://textcaptcha.com/really and http://textcaptcha.com/why
offer great explanations and ideas. The method Tul describes above is
very much in line with what they are proposing and offering as a
service, should one need one.
I run a few public wikis, and amazingly have never had a spam problem.
The wiki is locked to editing, however, the guest user and password
are shown in plain text right on the login page. Even the commenting
system, which is open to anyone, doesn't ever get any spam, and the
"sekrit code" you have to enter is printed right in front of the box
in plain text. The extent to which some people think they need to go
to avoid spam are largely wasted, I feel.
--- End Message ---
--- Begin Message ---
Dear everybody :-)
I wanted to thank everyone for helping me out on the stuff that I had been
trying to do in the last couple weeks. I know I was unorganized, confused,
flustered and burnt out. But after all the feedback, and getting a swift kick
in the arse from Jim and Govinda telling me not to let anyone intimidate me,
and quite a few other good points, I went back to my original plan and used
opendir. After I got this down and understood it, It made me realize how glob
worked and I wrote the same thing using glob as I did with opendir. I feel
good about this and what's even better, I killed 2 birds with 1 stone.. LOL
Anyway, I just wanted to let everyone know I appreciated all the feedback. :-)
<!-- using opendir-->
$page = $_SERVER['PHP_SELF'];
//directories
$dirBase = "images/property_pics";
//get album
$get_the_album = $_GET['album'];
if (!$get_the_album){
echo "<p />Select an album:<p />";
$handle = opendir($dirBase);
while(($file = readdir($handle)) !==FALSE){
if(is_dir($dirBase."/".$file) && $file != "." && $file != ".."){
echo "<a href='$page?album=$file'>$file</a><br />";
}
}
closedir($handle);
}
else{
if(!is_dir($dirBase."/".$get_the_album) || strtr($get_the_album, ".") !=NULL
|| strtr($get_the_album, "\\") !=NULL){
echo "Album does not exist.";
}
else {
// echo "$get_the_album";
$handle = opendir($dirBase. "/" . @$get_the_album);
while(($file = readdir($handle)) !== FALSE){
if ($file != "." && $file != ".."){
echo "<div id='imageStack'><a href='$dirBase/$get_the_album/$file'
rel='lightbox[image]'><img src=$dirBase/$get_the_album/$file height='150'
width='150'></a><br /></div>";
}
}
closedir($handle);
}
}
<!--end of using opendir-->
<!start of using glob-->
function myglob(){
$result = mysql_query("SELECT * FROM properties");
while($row = mysql_fetch_array($result)){
$MLS_No = $row['MLS_No'];
}
$images = glob('images/property_pics/' .$MLS_No.'/*');
foreach ($images as $image){
echo "<div id='imageStack'><a href='$image' rel='lightbox[MLS_No]'><img
src='$image' width='200' height='200'></a></div>";
}
}
<!--end of using glob-->
--
David M.
--- End Message ---
--- Begin Message ---
On Thu, Oct 11, 2012 at 8:02 PM, David McGlone <da...@dmcentral.net> wrote:
> Dear everybody :-)
>
> I wanted to thank everyone for helping me out on the stuff that I had been
> trying to do in the last couple weeks. I know I was unorganized, confused,
> flustered and burnt out. But after all the feedback, and getting a swift kick
> in the arse from Jim and Govinda telling me not to let anyone intimidate me,
> and quite a few other good points, I went back to my original plan and used
> opendir. After I got this down and understood it, It made me realize how glob
> worked and I wrote the same thing using glob as I did with opendir. I feel
> good about this and what's even better, I killed 2 birds with 1 stone.. LOL
> Anyway, I just wanted to let everyone know I appreciated all the feedback. :-)
>
> <!-- using opendir-->
> $page = $_SERVER['PHP_SELF'];
>
> //directories
> $dirBase = "images/property_pics";
>
>
> //get album
> $get_the_album = $_GET['album'];
>
> if (!$get_the_album){
> echo "<p />Select an album:<p />";
> $handle = opendir($dirBase);
> while(($file = readdir($handle)) !==FALSE){
> if(is_dir($dirBase."/".$file) && $file != "." && $file != ".."){
> echo "<a href='$page?album=$file'>$file</a><br />";
> }
> }
> closedir($handle);
> }
> else{
>
> if(!is_dir($dirBase."/".$get_the_album) || strtr($get_the_album, ".") !=NULL
> || strtr($get_the_album, "\\") !=NULL){
> echo "Album does not exist.";
> }
>
>
> else {
>
> // echo "$get_the_album";
> $handle = opendir($dirBase. "/" . @$get_the_album);
> while(($file = readdir($handle)) !== FALSE){
> if ($file != "." && $file != ".."){
>
>
> echo "<div id='imageStack'><a href='$dirBase/$get_the_album/$file'
> rel='lightbox[image]'><img src=$dirBase/$get_the_album/$file height='150'
> width='150'></a><br /></div>";
>
> }
> }
> closedir($handle);
> }
>
> }
>
> <!--end of using opendir-->
>
> <!start of using glob-->
> function myglob(){
>
> $result = mysql_query("SELECT * FROM properties");
> while($row = mysql_fetch_array($result)){
> $MLS_No = $row['MLS_No'];
> }
> $images = glob('images/property_pics/' .$MLS_No.'/*');
> foreach ($images as $image){
> echo "<div id='imageStack'><a href='$image' rel='lightbox[MLS_No]'><img
> src='$image' width='200' height='200'></a></div>";
> }
> }
> <!--end of using glob-->
> --
> David M.
>
Hi, David, glad you're sticking with it.
I don't understand what you're trying to do here, though:
> if(!is_dir($dirBase."/".$get_the_album) || strtr($get_the_album, ".") !=NULL
> || strtr($get_the_album, "\\") !=NULL){
> echo "Album does not exist.";
> }
PHP function strtr takes 2 or 3 arguments, but if only supplying a
simple string for argument 2, you *must* supply a string for argument
3 as well.
When I try this:
$ php -r '$s = strtr("a string","."); var_dump($s);'
This is the result:
PHP Warning: strtr(): The second argument is not an array in Command
line code on line 1
PHP Stack trace:
PHP 1. {main}() Command line code:0
PHP 2. strtr() Command line code:1
bool(false)
which indicates the strtr function call failed.
What is it you want to do there? Are to trying to see if
$get_the_album contains a "." or a backslash? If so, you will want to
use some sort of search or match facility, not the character
substitution function of strtr. If so, something like this will work
instead:
if (
! is_dir($dirBase."/".$get_the_album) // this is not a directory
|| ! strpos($get_the_album, '.') // directory name does
not contain a period
|| ! strpos($get_the_album, '\') // directory name does
not contain a backslash
)
{
echo "Album does not exist.";
}
If that isn't what you want to do, could you provide a simple sentence
(not code) of what you want to do there?
--- End Message ---
--- Begin Message ---
David McGlone wrote:
I feel
good about this and what's even better, I killed 2 birds with 1 stone.. LOL
Anyway, I just wanted to let everyone know I appreciated all the feedback.:-)
One thing to remember David is there are normally 10 ways of doing something in
PHP and the best one is always number 11 ...
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
--- End Message ---
