SPAM - Again - How did they.....

[webwerx]

And it is starting again. This time its some kind of new to me. A Spammer did submit the following Content to my Directory:

Code:

Title         : ...
Url           : http://www.pgdisdetta.info/gazzetta-ufficiale
Description  :  gazzetta ufficiale     gazzetta ufficiale   anna tatangelo     anna tatangelo   pokemon giochi     pokemon giochi   rodi     rodi   office     office   yahoo es     yahoo es   sblocco     sblocco   winx it     winx it   mare     mare   per trucchi     per trucchi   tutto porno     tutto porno   arredamenti     arredamenti   lady     lady   piedi     piedi   viaggio     viaggio   space     space   storie porno     storie porno   fumetti     fumetti   www escortforum it     www escortforum it   trucchi     trucchi   decorazioni     decorazioni   mediaset     mediaset   www tatoo it     www tatoo it   lavoro     lavoro   clipart     clipart   piedi     piedi   trucchi     trucchi   winx it     winx it   mediaset     mediaset   yahoo es     yahoo es   space     space   mare     mare   pokemon giochi     pokemon giochi   www escortforum it     www escortforum it   fumetti     fumetti   sblocco     sblocco   storie porno     storie porno   anna tatangelo     anna tatangelo   viaggio     viaggio   rodi     rodi   www tatoo it     www tatoo it   tutto porno     tutto porno   decorazioni     decorazioni   clipart     clipart   gazzetta ufficiale     gazzetta ufficiale   per trucchi     per trucchi   office     office   arredamenti     arredamenti   lady     lady   lavoro     lavoro
Category     : Regional > Cities > Cities A - D
Contact       : ...
Email         : Umberto9415@yahoo.com

First of all, all of my Categories do need approval when submitting a new link. But this one did go through, BUT within the SUSPENDED links. But how the Hell did he do it?

Could somebody please doublecheck this, can Dodi answer my Question?
Does anybody else is having this problem or is this just the start of a new Spam Campaign?

[Bruceper]

This would need to be done quickly, within the next few hours if possible.

Could you send me a copy of your RAW server logs please? Most servers only keep raw logs for a maximum of 24 hours so unless this happened recently and you act quickly this information could be lost.

You can PM me a URL to download the log or PM me for my email address or send it via the help desk and I can get it that way too.

[webwerx]

PM in your inbox with direct Link to the Log Files

Oh and it was at 7:11 PM, guess it was this IP 195.225.177.137

[inspireme]

see this :
http://www.nicecoder.com/community/s...ead.php?t=5044

Also, people are now adding basic listings for free, i have had 2 do this, without payment, and without any approval...

[Bruceper]

I see where the issue is/was in the logs. We just need to wait and we'll see what happens.

[webwerx]

OK then, I will relax and wait

[webwerx]

OK, here we go. The next Wave is running. Three Submissions today with the same stuff and the same work.

PM is on the way with the Link to the detailled Logs.

[esm]

I haven't tested the following but you are welcomed to

in add.php change the bottom as follows

Code:

  /*===================================================
    main
  ===================================================*/
function check_origin() {
		return ($_SERVER['HTTP_REFERER'] == "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
} 

  if (empty($pflag)) {
    ShowFormAddUrl();
  }
  elseif ($pflag == 'add' && check_origin()) {
    ProcessFormAddUrl();
  }
  else {
    ShowFormAddUrl();
  }

the check_origin function merely checks to see if the actual submission is coming from your website or from some other website. if someone wants to test it with me, let me know.

if you use it, let us know if it works.



.

[esm]

you could write it as follows

Code:

  /*===================================================
    main
  ===================================================*/
function check_origin() {
  return ($_SERVER['HTTP_REFERER'] == "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
} 

  if ($pflag == 'add' && check_origin()) {
    ProcessFormAddUrl();
  }
  else {
    ShowFormAddUrl();
  }

.

[webwerx]

Tried it and I get this:

PHP Code:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /path/to/my/indexu/templates_c/%%71^714^714F4B17%%header.html.php:7) in /path/to/my/indexu/filters/filter.start_session.php on line 24 


[esm]

Tried it and I get this:

Code:

Warning: session_start() [function.session-start]: 
Cannot send session cache limiter - headers already sent 
(output started at /path/to/my/indexu/templates_c/%%71^714^714F4B17%%header.html.php:7)
in /path/to/my/indexu/filters/filter.start_session.php on line 24

whenever I have seen "headers already sent" it has meant that output has already been started (with an echo or print statement) and then PHP encounters the session command.

the hack does not output anything to the screen. I tried it and it worked for me. check your typing

did you make any other changes? try "uninstalling" it and running the page.


.

[webwerx]

Well, today I received about 70 Submissions by spamming my Directory and about 30 Website Comments from the same Source. Nothing "bad" happened so far, because all the submitted Links were classified as "suspended", which is a good thing
But I dont like it, I have a bad feeling about it. I guess something will happen in the near Future. Dont know what, but I think those Guys are trying something special.

Or maybe its just Paranoia

So, ok, I did try it again with the code submitted by esm, thanks by the way, your help is very appreciated.

I added the Code you posted here in line 380 (about) like this:

Code:

/*===================================================
    main
  ===================================================*/
function check_origin() {
  return ($_SERVER['HTTP_REFERER'] == "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
} 

  if ($pflag == 'add' && check_origin()) {
    ProcessFormAddUrl();
  }
  else {
    ShowFormAddUrl();
  }

  include "application.php";

  RunPreFilter(__FILE__);

  if ($only_registered_can_add_link == 1) {
    ExecuteFilter("validate_user");
  }

  if ($require_visit_category && empty($cat)) {
    DisplayTemplate($theme_path . "add_error.html");
    RunPostFilter(__FILE__);
  }
  else {
    //get all id
    $category_obj = new clsCategory;
    $category_obj->table_name = "idx_category";
    $arr_cat                  = $category_obj->GetChildren(0);
    $dummy                    = array_shift($arr_cat); // remove 0

    if ($require_visit_category && !in_array($cat, $arr_cat)) {
      DisplayTemplate($theme_path . "add_error.html");
      RunPostFilter(__FILE__);
    }
  }
  
  if (!empty($cat)) {
    // get category permission
    $query      = "select permission from idx_category where category_id = '$cat'";
    $result     = $dbConn->Execute($query);
    $permission = $result->Fields('permission');

    if ($permission == 2) {
      DisplayTemplate($theme_path . "add_not_allowed.html");
      RunPostFilter(__FILE__);
    }
  }

  if (empty($pflag)) {
    ShowFormAddUrl();
  }
  elseif ($pflag == 'add') {
    ProcessFormAddUrl();
  }

  RunPostFilter(__FILE__);

?>

A thing I really dont know about is the rest of the Code? Is it correct that I add it between the original Code? In original it starts like this in line 380

Code:

/*===================================================
    main
  ===================================================*/

  include "application.php";

  RunPreFilter(__FILE__);

  if ($only_registered_can_add_link == 1) {
    ExecuteFilter("validate_user");
  }

  if ($require_visit_category && empty($cat)) {
    DisplayTemplate($theme_path . "add_error.html");
    RunPostFilter(__FILE__);
  }
  else {
    //get all id

.....and so on.

Or do I have to do something else? I am not a PHP Coder Guys, so please understand and be nice

Thanks

[inspireme]

ok lets keep it simple, remove what you have done and try this :


// verify input
if (empty($_POST['captcha_key']) || empty($_SESSION['captcha_key']))
$error_msg = $msg["10120"];
if ($_SERVER['HTTP_REFERER'] != "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])
$error_msg = $msg["You must visit our website to submit a link"];

the black text is for context.

report back if it works, and more importantly if it helps stop some of the submissions.

[webwerx]

OK, I added the two lines of Code and I can submit Listings and I get the Confirmation Mails. Everything works fine.
Now lets wait for the Spammers EAT THIS !

Thanks inspireme, hope this will make their spammer lives a bit harder.

[webwerx]

OOOOOOOOOOOOOOH that was fast.

New Submission in my Directory, does not need approval, but goes under the Suspended Links. Another Buddy is spamming now with his Porn Site. So it seems not to work.
And while I am typing, another one from the DOT.CN Guy again. Nope, sorry, that does not seem to stop them.