Spam attack again?: PHPFusion 6 Support

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Hi,

I see a new member on my site, isaac11777, IP 151.204.179.29 (from Korcsii list http://www.php-fusion.co.uk/forum/vie...post_90701), but there are no spam posts still... There is an interesting thing in the profile - Last visit: Never... I´m runnig my site on the last version of php-fusion (6.01.9).

0 replies

It's a bot ok, I guess.

The reason for Last visit: Never - It only means he's registered, but haven't logged in yet. Nothing strange about that. Darn bots...

0 replies

I see... Thanks for your response - but main question is staying - I have the last version of php-fusion and the same bots still attacks... How it is possible?

P.S. Thanks to the whole php-fusion crew for a great work!

Edited by Drbo on 07-04-2007 15:42, 17 y

0 replies

Try this. I'm 99.9% sure that it will stop the bot registrations:

Quote

WEC wrote:
On the WWW-Authenticate, could one of those with spam registration problems try this:

In register.php find:

Code Download source

if ($settings['enable_registration']) {

Add below it:

Code Download source

// ## set the public username and password for the registration
 $LOGIN = "Antispammer";
 $PASSWORD = "opensesame";

if ( (!isset($_SERVER['PHP_AUTH_USER'])) || ! (($_SERVER['PHP_AUTH_USER'] == $LOGIN) && ( $_SERVER['PHP_AUTH_PW'] == $PASSWORD )) ) {
   header("WWW-Authenticate: Basic realm=\"Access Registration with User: Antispammer Password: opensesame\"");
   header("HTTP/1.0 401 Unauthorized");
   //error("Unauthorized access...");
   echo "Unauthorized access...";
    exit;
   }
// ##

0 replies

Thx. I will try it, but, I hope, the really users will register without problems... :)

Edited by Drbo on 07-04-2007 15:57, 17 y

0 replies

They will if they read what you write in the Basic realm=........... :)

0 replies

Quote

WEC wrote:
They will if they read what you write in the Basic realm=........... :)

Wait a moment... Can you tell me, how it works exactly, please?

0 replies

The WWW-Authenticate gives you a pop up where the user needs to enter the public username and pssword for registration. You define those by the:

Code Download source

$LOGIN = "Antispammer";
$PASSWORD = "opensesame";

So far the bots cannot read the username and password from the pop up, so they go to bug another site.

0 replies

I see. It sounds good...

0 replies

doesn't work.. somehow i can't get to register.php myself now, even though i fill in the right uname + password.. :@

0 replies

Check spelling. User and password are case sensitive.

If you changed the variables a few times without refreshing your browser, then try to close browser and load it again.

0 replies

well, i didn't change anything of the code at all, just added the way you said.. but when i enter uname + pass the popup comes up again, just like i didnt enter anything at all.. very weird..

0 replies

What about this one? (PHP-Security System 1.7)

http://www.bs-fusion.de/

Edited by Drbo on 07-04-2007 16:50, 17 y

0 replies

Quote

biertju wrote:
well, i didn't change anything of the code at all, just added the way you said.. but when i enter uname + pass the popup comes up again, just like i didnt enter anything at all.. very weird..

Could be related to your php version.

Quote

PHP Version Note: Superglobals, such as $_SERVER, became available in PHP » 4.1.0. $HTTP_SERVER_VARS has been available since PHP 3.

0 replies

Category Forum

Official Core Support - 6

Labels

None yet

Statistics

Views 0 views
Posts 13 posts
Votes 0 votes
Topic users 4 members

0 participants

Notifications

Track thread

You are not receiving notifications from this thread.

Spam attack again?

13 posts

PHPFusion

Resources

Community

Development