Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?

Spam attack again?

Asked Modified Viewed 2,095 times
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
asked
Senior Member

Hi,

I see a new member on my site, isaac11777, IP 151.204.179.29 (from Korcsii list http://www.php-fusion.co.uk/forum/vie...post_90701), but there are no spam posts still... There is an interesting thing in the profile - Last visit: Never... I´m runnig my site on the last version of php-fusion (6.01.9).
0 replies

13 posts

S
Sveinungs
S
  • Veteran Member, joined since
  • Contributed 935 posts on the community forums.
  • Started 3 threads in the forums
answered
Veteran Member

It's a bot ok, I guess.

The reason for Last visit: Never - It only means he's registered, but haven't logged in yet. Nothing strange about that. Darn bots...
0 replies
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
answered
Senior Member

I see... Thanks for your response - but main question is staying - I have the last version of php-fusion and the same bots still attacks... How it is possible?

P.S. Thanks to the whole php-fusion crew for a great work!
Edited by Drbo on 07-04-2007 14:42,
0 replies
W
WEC
W
WEC 10
  • Veteran Member, joined since
  • Contributed 946 posts on the community forums.
  • Started 5 threads in the forums
answered
Veteran Member

Try this. I'm 99.9% sure that it will stop the bot registrations:

Quote

WEC wrote:
On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

if ($settings['enable_registration']) {


Add below it:

// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##
0 replies
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
answered
Senior Member

Thx. I will try it, but, I hope, the really users will register without problems... :)
Edited by Drbo on 07-04-2007 14:57,
0 replies
W
WEC
W
WEC 10
  • Veteran Member, joined since
  • Contributed 946 posts on the community forums.
  • Started 5 threads in the forums
answered
Veteran Member

They will if they read what you write in the Basic realm=........... :)
0 replies
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
answered
Senior Member

Quote

WEC wrote:
They will if they read what you write in the Basic realm=........... :)


Wait a moment... Can you tell me, how it works exactly, please?
0 replies
W
WEC
W
WEC 10
  • Veteran Member, joined since
  • Contributed 946 posts on the community forums.
  • Started 5 threads in the forums
answered
Veteran Member

The WWW-Authenticate gives you a pop up where the user needs to enter the public username and pssword for registration. You define those by the:

$LOGIN = "Antispammer";
$PASSWORD = "opensesame";


So far the bots cannot read the username and password from the pop up, so they go to bug another site.
0 replies
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
answered
Senior Member

I see. It sounds good...
0 replies
B
biertju
B
  • Newbie, joined since
  • Contributed 4 posts on the community forums.
  • Started 1 thread in the forums
answered
Newbie

doesn't work.. somehow i can't get to register.php myself now, even though i fill in the right uname + password.. :@
0 replies
W
WEC
W
WEC 10
  • Veteran Member, joined since
  • Contributed 946 posts on the community forums.
  • Started 5 threads in the forums
answered
Veteran Member

Check spelling. User and password are case sensitive.

If you changed the variables a few times without refreshing your browser, then try to close browser and load it again.
0 replies
B
biertju
B
  • Newbie, joined since
  • Contributed 4 posts on the community forums.
  • Started 1 thread in the forums
answered
Newbie

well, i didn't change anything of the code at all, just added the way you said.. but when i enter uname + pass the popup comes up again, just like i didnt enter anything at all.. very weird..
0 replies
D
Drbo
D
Drbo 10
WinXP, Opera 12.14
  • Senior Member, joined since
  • Contributed 258 posts on the community forums.
  • Started 55 threads in the forums
  • Started this discussions
answered
Senior Member

What about this one? (PHP-Security System 1.7)

http://www.bs-fusion.de/
Edited by Drbo on 07-04-2007 15:50,
0 replies
W
WEC
W
WEC 10
  • Veteran Member, joined since
  • Contributed 946 posts on the community forums.
  • Started 5 threads in the forums
answered
Veteran Member

Quote

biertju wrote:
well, i didn't change anything of the code at all, just added the way you said.. but when i enter uname + pass the popup comes up again, just like i didnt enter anything at all.. very weird..


Could be related to your php version.

Quote

PHP Version Note: Superglobals, such as $_SERVER, became available in PHP » 4.1.0. $HTTP_SERVER_VARS has been available since PHP 3.


Read more:

http://www.php.net/manual/en/features...p-auth.php
0 replies

Labels

None yet

Statistics

  • Views 0 views
  • Posts 13 posts
  • Votes 0 votes
  • Topic users 4 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet