I run a chan site and i recently found the source code to a bot that is used to spam my site, now i would like to know how to implement a fix without intializing the captcha. I haven't included the top which includes the spam text and shall modify it so it doesnt include my site. But i was thinking i could just rename the wakaka.pl to something and make it ip ban anyone who tries to access it?
function bPost($threadid,$comment){
$da = fsockopen("img.*.org", 80, $errno, $errstr);
if (!$da) {
echo "$errstr ($errno)<br/>\n";
echo $da;
} else {
srand ((double) microtime( )*1000000);
$comment = urlencode($comment);
$postdata = "task=post&name=&link=&field2=&parent=".$threadid."&pwd=".md5(rand(11111111,99999999))."&field4=".$comment;
$salida ="POST /b/wakaba.pl HTTP/1.1\r\n";
$salida.="Host: img.*.org\r\n";
$salida.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Win32)\r\n";
$salida.="Content-Type: application/x-www-form-urlencoded\r\n";
$salida.="Content-Length: ".strlen($postdata)."\r\n";
$salida.="Connection: close\r\n\r\n";
$salida.=$postdata;
fwrite($da, $salida);
while (!feof($da))
$response.=fgets($da, 128);
$response=split("\r\n\r\n",$response);
$header=$response[0];
$responsecontent=$response[1];
if(!(strpos($header,"Transfer-Encoding: chunked")===false)){
$aux=split("\r\n",$responsecontent);
for($i=0;$i<count($aux);$i++)
if($i==0 || ($i%2==0))
$aux[$i]="";
$responsecontent=implode("",$aux);
}
return chop($responsecontent);
}
}
foreach($posts as $post)
{
bPost($thread, $post);
echo "<b>Posted:</b> " . $post . "<br /><br />\n";
ob_flush();
flush();
sleep(4);
}
?>
> User-Agent: Mozilla/4.0 (compatible; MSIE 7.0b; Win32)
I don't think real IE7 ever uses that exact user agent string.
You have two options. You are either dealing with some idiot who found some flood source and thought it was really neat. Anything you do will stop him. You can just ban his IP. Or else, you're dealing with someone who really has it in for you can actually write code, and they'll just change their code and jump proxies if you try to stop them. In that case, turn on captcha.
You could also ban their IP and turn on the proxy check if you really don't like captchas.
>>2
Maybe so, im gonna be enabling a .htaccess referer bit
>>3
I would most likely say its the 1st one cept they just dislike the site, that version 1.5 apparantly, they had v1 too and it still had 4chan at the top. But im pretty sure anything i would do can just be evaded by rewriting just a small part.
>>4
IP ban does nothing when its multiple people doing it or their using tor. Proxy check might be an option but quite a few other legit people use it too...
And i really dislike captcha, wish there was some form that would be auto filled by the HTTP browser but not by a spambot
>>5
anything a browser can do, a spambot can do faster.
Theoretically you could have some Javascript that fills in a form element with some string, but sooner or later, probably sooner, the script writer would figure out how to emulate that, and it would also lock out people who disable Javascript. So you're kind of stuck with captchas.
Just keep it on long enough that the bothersome people forget about you, and then turn it off again.
I swear Tor is going to be banned out of existence. Great idea, but...
i would assume people wouldnt mind enabling javascript just for a hidden element that needs to be filled.
I forgot to include abit at the top but it is a php script.