Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
CJ Webmaster Forums Forum Index -> PHP Scripts » CJ Tag Board

Post new topic   Reply to topic
multipart message spamming
View previous topic :: View next topic  
Author Message
spaamie1



Joined: 30 Jul 2005
Posts: 2

PostPosted: Sat Jul 30, 2005 6:57 am    Post subject: multipart message spamming Reply with quote

note: I'm not using the official government definition of "unsolicited advertising" here...when I use the word spam I'm talking about gobbledegook design to clog up my tagboard.

Lately my tagboard has been attacked by someone posting "multipart messages in MIME format". There seems to be no "name" field and no ip address that I can ban. The messages look like emails (as you'd expect from the MIME reference). There is no content to the messages, only headers. The "from" line is always a bunch of random letters @ my domain and "bergkoch8@aol.com" is always CCed. Each line of the email is posted as a separate tag, taking up 15-20 tags each time and effectively obliviating anything else on the tagboard.

When I go to the admin page to remove the spam there is always a blank "Edit - Delete" line at the top of the page, and if I remove that blank line my entire tagboard is erased. The old tags still show up in the archive but not on the tagboard itself. I can go into the archive file itself and manually delete everything, but it's kind of a pain.

This has happened to me four times in the last week. I tried altering a field name in the code, in hopes that this was a bot and the altered name would disable it, but no such luck. I can't figure out exactly how this person is posting this rubbish, but apparently there's a hole somewhere that is being exploited.

My husband just deleted the latest evidence, but I'm sure there will be more soon. My URL: http://jinxfold.org/

Any help would be appreciated.
Back to top
View user's profile Send private message
PHPDUMMY
CJ-Design.com Moderator



Joined: 09 Mar 2005
Posts: 529
Location: South East Kentucky,U.S.A.

PostPosted: Sat Jul 30, 2005 10:48 am    Post subject: Reply with quote

The best suggestion that I can give you is to do the following....

You need a script which will do several functions , the scripts will more than likely be found under php scripts.

you need a script that will:
A > detect browser ,
Why ? because certain browsers such as "Crazy Browser" denies web-servers from detecting the IP# of the user.
Example :
If (browser = "Crazy Browser"){
DONT SHOW THE TAG-BOARD
}

This script will be very long and tedious , you can search around at php.net and you'll find a list which has already been compiled listing all known browsers , it is very long.

B > resolve IP# ,
This script should go before ( A Script ) , to initially detect the IP# , if no IP# returned then dont show the tag-board , this will speed up the performance of script ( A ).

C > A Ban by Contry code script ,
Example: China , as this is the country which web-sites recieve the majority of "Denial Of Service Attacks" , which is why alot of web-sites get shut down. Theres several other factors to consider , it is a necessary script , none the less .

D > A script which will detect wether a user is utilizing a proxy server or not ,
Example :
A.O.L. users use a proxy so their true IP# is always hidden , while you may not be experiencing any problems out of A.O.L. users , you may wish to permit the user , while denying another service which hides it's users behind a proxy , so you may wish to just cut that buisness out instead.

In truth , the scripts listed are the only actual way to secure any tag-board , It's also the only true way that a web-site can actually ban any IP# .
_________________
Cheers,
Danny
C-J Search Engine All Tidied Up V4.0http://www.cj-design.com/forum/viewtopic.php?t=1820

C-J Search Engine MySQL !http://www.cj-design.com/forum/viewtopic.php?t=1555
Back to top
View user's profile Send private message
spaamie1



Joined: 30 Jul 2005
Posts: 2

PostPosted: Sat Jul 30, 2005 1:37 pm    Post subject: Reply with quote

Apparently this "[edited]" thing is a big problem. Try Googling that address...

Back to top
View user's profile Send private message
PHPDUMMY
CJ-Design.com Moderator



Joined: 09 Mar 2005
Posts: 529
Location: South East Kentucky,U.S.A.

PostPosted: Sat Jul 30, 2005 8:16 pm    Post subject: Reply with quote

Unless you apply the necessary scripts I suggested , then you are left with the following choices;
1> continue as you have been doing and manually editing out the spam.
2> apply the suggested scripts.
3> discontinue the use of the tag-board script all together.

To beat it all , by posting the abusers e-mail in this forum , you have just contributed to the users spam methods.

As a proven fact , anyone faced with this abusers attacks , the web-site administrators will do just as you did , they will search for answers . in doing so they will do just as you did , they will post the users post which is hitting each and every search engine through the affected web-sites search engine rankings.

All php forums hit the search engines , not necessarily the forum but the content within the forum . more than likely ,your post is already indexed by lots of search engines.
_________________
Cheers,
Danny
C-J Search Engine All Tidied Up V4.0http://www.cj-design.com/forum/viewtopic.php?t=1820

C-J Search Engine MySQL !http://www.cj-design.com/forum/viewtopic.php?t=1555
Back to top
View user's profile Send private message
PHPDUMMY
CJ-Design.com Moderator



Joined: 09 Mar 2005
Posts: 529
Location: South East Kentucky,U.S.A.

PostPosted: Sat Jul 30, 2005 8:34 pm    Post subject: Reply with quote

Beg my forgiveness , it seems as though James seriously needs to update his script to do the following which will discontinue the spam exploit.

Kill the \r and \n characters in all fields.

Thank you for sharing your concerns , In doing so , you've also led to the findings of a script exploit Wink Good Job !
_________________
Cheers,
Danny
C-J Search Engine All Tidied Up V4.0http://www.cj-design.com/forum/viewtopic.php?t=1820

C-J Search Engine MySQL !http://www.cj-design.com/forum/viewtopic.php?t=1555
Back to top
View user's profile Send private message
Graz73



Joined: 20 Jul 2005
Posts: 15

PostPosted: Mon Sep 12, 2005 12:31 pm    Post subject: Reply with quote

I seem to be having the same problem. What are you talking about with the "Kill the \r and \n characters in all fields. "

How do I fix that?

In addition to that type of spam, I am getting ones like this:
(Which I CAN IP block)
-------------------------------------------------------------------
----------@------.com:
---------@------------comContent-Type: multipart/mixed; boundary="===============0759256150=="MIME-Version: 1.0Subject: 9bd6fbf5To: -----------@--------.combcc: ------------@----------.comFrom: --------@------.comThis is a multi-part message in MIME format.--===============0759256150==Content-Type: text/plain; charset="us-ascii"MIME-Version: 1.0Content-Transfer-Encoding: 7bitsiahqhy--===============0759256150==--
< /small>
-------------------------------------------------------------------
Note: the email addresses have been removed...
_________________
Back to top
View user's profile Send private message ICQ Number
darkcarnival
CJ-Design.com Admin



Joined: 10 Jul 2003
Posts: 1259
Location: Michigan

PostPosted: Mon Sep 12, 2005 2:21 pm    Post subject: Reply with quote

this spammer has been around alot latly.

to fix it for the tagboard might be a higher challege Sad i just say that as the mesage boc must be able to make /n

ip banning wont work as this person is just making ips up. though ill look into a fix for this Wink

but to fix this look here:

http://www.cj-design.com/forum/viewtopic.php?t=1687

now you will have to edit the names to fit the script.

phpdummy: yea james should do some updating on his scripts, maybe he'll get some free time soon Smile
_________________
List of Mods to James Scripts!
http://www.cj-design.com/forum/viewtopic.php?t=1798

Elite Bulletin Board, comming 1/12/05
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Graz73



Joined: 20 Jul 2005
Posts: 15

PostPosted: Mon Sep 12, 2005 2:44 pm    Post subject: Reply with quote

I'm confused... I don't think I even HAVE an /n or /r directory...

That topic you pointed me to was about webmail. I don't even have email that is supposed to work from my domain, but these spammers seem to be trying that somehow...
_________________
Back to top
View user's profile Send private message ICQ Number
darkcarnival
CJ-Design.com Admin



Joined: 10 Jul 2003
Posts: 1259
Location: Michigan

PostPosted: Mon Sep 12, 2005 5:37 pm    Post subject: Reply with quote

your not getting it /n and /r is php for adding a new line Wink

also it doesnt matter if you have a email or not you match the spammers label sadly Wink

also i directed you to that as that is the solution that i found.

there is another solution i found which might suit this script more, adding a image vertify should eliminate the issue all together. but im working on that currently so ill post back when i get that created.
_________________
List of Mods to James Scripts!
http://www.cj-design.com/forum/viewtopic.php?t=1798

Elite Bulletin Board, comming 1/12/05
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PHPDUMMY
CJ-Design.com Moderator



Joined: 09 Mar 2005
Posts: 529
Location: South East Kentucky,U.S.A.

PostPosted: Sat Sep 17, 2005 1:48 pm    Post subject: Reply with quote

In short.........


It's the same exploit in any script which uses MIME content.

both the Web-Mail & tagboard use MIME.

Both scripts use the following:

\n and or \r

within the scripts.

The spam attacks that have been happening around the web have been exploiting this.

If you manipulate the script and remove these portions of the script that say "\n" and or "\r" then all your content will be on 1 continous line.

the "\n" stands for "newline"
the "\r" stands for "return"
_________________
Cheers,
Danny
C-J Search Engine All Tidied Up V4.0http://www.cj-design.com/forum/viewtopic.php?t=1820

C-J Search Engine MySQL !http://www.cj-design.com/forum/viewtopic.php?t=1555
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    CJ Webmaster Forums Forum Index -> PHP Scripts » CJ Tag Board All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional, Mods by CJ Website Design