Sex Adds being added to reviews by Anonymous?????

Posted: Thu Oct 26, 2006 4:39 pm

I have never allowed anonymous posting on my site and i also have the approve membership module installed.

I spoke with chatserv about this and he said someone has found out my site is not using a default Your Account module and is exploting it.

When i try the following, It just gives me a page cannot be found error.
http://www.mysite.net/index.php/reviews.html?rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah"

I'm going to check the Ulsoft site to see if Arnold knows anything about this and i'll post back. In the mean time, if you know how i would go about fixing this, that would be great. Thanks.

registered · Posted: Thu Oct 26, 2006 9:23 pm

Sorry about that, I meant

modules.php ? name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

(without the space ... it was added to bypass the GoogleTap rules on this site)

Posted: Thu Oct 26, 2006 10:59 pm

thanks for the quick reply. this is very strange, that gives me a version of my site but with no CSS and everything looks way different.
maybe im not typing that in right. I'm so noob still.

if you have a free moment, could you go to my site real quick and see what that gives you. this is what i tried to access.

http://mysite.net/home/index.php
modules.php/name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

Posted: Thu Oct 26, 2006 11:19 pm

Seems to block it for me
http://ethugsrus.net/home/modules.php?name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

Posted: Thu Oct 26, 2006 11:29 pm

evaders99 wrote:

Seems to block it for me
http://ethugsrus.net/home/modules.php?name=Reviews&rop=savecomment&xanonpost=1&uname=test&id=1&score=1&comments=blah

Ok i think thats because i had it blocked to unregistered users (sorry).
ill unblock it right now.

OMG Shocked

, when i go to that link, there is hundreds of spam comments from penis enlarment to drugs and porno. and the strange thing is, my site doesn't show me as being an admin. it shows that im logged into my site account , but not my god account. this is starting to worry me.
no wonder i have been getting the (max_questions) error so much.
this lame spammer is creating that problem with all of these links.

i dont understand how someone can post comments to reviews that dont exist.

ok well im not going to have this module activated so people with see all of this spam, so ill activate it again, when some one can take a look at it.
thanks

Posted: Fri Oct 27, 2006 1:01 am

thebishop - do you have a control panel with your hosting account?
If you have, would you allow me access so I can go through the server log to see how they are doing this?
If you can allow me access, please PM me the details and I'l take a look as son as I can.

Posted: Fri Oct 27, 2006 1:07 am

will pm you details ASAP. and TYVM.

Posted: Fri Oct 27, 2006 1:29 am

Done

Posted: Fri Oct 27, 2006 7:27 pm

I'm sure this is an exploit in the Your Account module, probably due to using the non default YA module that comes with the approve membership module. So i have used phpMyadmin to delete the 656 URL comments that the spammer was able to post in the reviews module. ( I just emptied the table).

my question is, if i add the following code to the modules/Reviews/index.php, to stop unregistered users from being able to submit reviews, will that also stop them from being able to spam the reviews comments or will this person still be able to use the YA module exploit to spam more comments. I do not want to stop using the approve membership module because i have to have the abilitie to approve new members. or would it be better to just install the default Your Account module from chatservs latest patch and then install NSN_Your_Account_760_330. thanks for any replies.

Quote:

if (!is_user($user)) {
echo "You need to be
<a href=\"account.html\">logged in</a> or
<a href=\"account-new_user.html\">become a member</a>
to submit reviews.";
} else {

As an after thought, is there anyway that the next version of RavenNuke could include an approve membership module that would not be exploitable through the YA module.

Posted: Sat Oct 28, 2006 11:45 pm

It looks like it should work.

Posted: Sun Oct 29, 2006 3:49 am

Thanks evaders99, i added that code to the reviews/index.php so we will see if that stops this spammer. I also installed the NSN_Your_Account_760_330 module to see if it was more functional.

So far i have only one problem with the NSN YA module, the only links that work in the Your Account area are, "logout exit" and "messages", if i click on any of the other links, the page just refreshes. no one can do any of the following
Change Info, Change Home , Comments Setup , Select Theme.
hehe any help appreciated.

[EDIT]
well i tried the CNB_Your_Account_750_441 for my installation of nuke 7.6-3.3 and it works flawlessly, so far.

RavensScripts

Posted: Sun Nov 12, 2006 3:44 pm

Just to update this thread, I'm throwing a 'Comments' module together so that admins can view the last xx number of comments from News and Reviews.
I'll also throw in some admin delete function to make it easier to remove unwanted comments.

Evaders99 fix works fine but I'm guessing a comment module might also be handy in case you have registered users posting comment spam too.

Posted: Sun Nov 12, 2006 4:02 pm

most excellent Guardian. you da man.
let me know were i can get it when it's ready. Wink

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Some other options include moderating comments, stripping out HTML from comments, or adding NOFOLLOW tags to all links in comments (this stops search engines from giving credit to the linked site, wasting the time of comment spammer).

Posted: Sun Nov 12, 2006 4:37 pm

thebishop - ran out of time to finish what I wanted to do but I have completed for News comments and Reviews comments including the deleting function.
I wanted to include Poll comments but I guess it could wait till I have more time.

If I don't get it packaged up tonight it will be in the morning.

kguske - excellent idea's!!
Although I would like to think the html stripping *should* be a part of the core nuke, I do not see any reason why I couldn't (when I get the time) get my module to iterate through the comments fields and do the stripping.
Hmm, certainly worth considering, thanks!!

Posted: Sun Nov 12, 2006 5:27 pm

Those should be added to any module that allows comments - as well as email notification (configurable, of course).

Posted: Sun Nov 12, 2006 5:35 pm

Agree - all my module does is list all the comments posted (already in the DB) so the admins have an at-a-glance view to spot any comment spam (order by date DESC) instead of having to click all the comment links in News atc.

Posted: Sun Nov 12, 2006 5:44 pm

Nice - that will definitely be helpful in cleaning up spam comments in News and Reviews (the primary targets, it seems).

Posted: Sun Nov 12, 2006 6:01 pm

I hope so. I just had an hour or so spare today so thought I would get a grip on it as it's been on my 'to do' list for so long.

Posted: Mon Nov 13, 2006 4:44 am

hmm check this out and let me know what you think guardian.
it looks like it may do some good.
http://www.homelandstupidity.us/software/bad-behavior/

Posted: Mon Nov 13, 2006 6:50 am

I have released the 'Comment' module and it's available from my site.

Our Spam Stopper module uses some code from Bad Behaviour and employs other checks against the refering url.
I have not had time to implement it fully within the forums in terms of posting,replying etc but the methodology it uses it pretty good.

Basically, Spam Blocker looks at the incoming referer and tries to validate the link they followed from an external site to your, it also checks to see if the incoming IP when converted to a hostname matches the incoming data (in other words, that they cross reference each other and produce a match) then as a final check, it looks up the incoming IP or domain to see if it is already listed within three seperate external blacklists like Spamhaus.

Posted: Mon Nov 13, 2006 10:00 am

Bad Behavior has done great on my site. I'll try out 2.0.7 and see how it goes

Posted: Mon Nov 13, 2006 12:49 pm

I have just completed getting it working within the Forums environment, I'll keep you posted on how it does.

Posted: Mon Nov 13, 2006 4:28 pm

Guardian2003: I'll stop by your site and pick up the comment module.
I'm also going to install bad behavior later tonight.
for now im going to sleep, i been up all night messing with my new site. LOL.

Posted: Wed Nov 15, 2006 12:13 pm

evaders99 do you have a ported copy of bad behavior for phpNuke because i cannot find it anywere.

Guardian2003 i had to catch up on some much needed sleep over the last 24 hours but i will DL the comment module and test it out.