Hi All,
I "inherited" a forum on our site that I added some character filters and when I try to "SPAM" it with the exact url encoding that is stored in the spammed messages, my filter removes the urls and character I specifiy in MY post, but I think that the forum is being "hacked" and the spam is added to the posts after they have been submitted.
The reason I suspect this, is most posts are genuine comments about the site, but the similar SPAM address's are in post by different people.
I am not a "hacker expert" so I no point of reference in how "secure" is the forum (it's really just a guestbook)
The owners of the site do not want a full-blown, login required guestbook, so I added some code to slow down the spam, because we edit and delete the posts on a daily basis.
I would love to replace this with a guestbook that has the spam and url filter in place already, but I have not found a decent one out there.
Here is the code to "Add" a post to the guestbook (which includes my filter code).
<?
include "admin/connect.php";
$s=$_SERVER["REMOTE_ADDR"];
$ipbancheck="SELECT * from gb_banip where IP='$s'";
$ipbancheck2=mysql_query($ipbancheck);
while($ipbancheck3=mysql_fetch_array($ipbancheck2))
{
$IPBANNED=$ipbancheck3[IP];
}
if ($IPBANNED)
{
print "You have been banned from posting";
}
else
{
if (!isset($_POST['submit']))
{
print "<table border='1' cellpadding='6' bgcolor='#e1e1e1'><tr><td>";
print "<form method='post' action='addentry.php' name='form'>";
print "<b>Name: (required)</b><br> <input type='text' name='name' size='40'><br>";
print "<b>(optional) Homepage(include http://):</b><br><input type='text' name='homepage' size='40'><br>";
print "<b>(optional) E-mail:</b><br><input type='text' name='email' size='40'><br>";
print "<b>Comment:</b><br>";
print "<textarea rows='6' name='comment' cols='45'></textarea><br>";
print "<input type='submit' name='submit' value='submit'>";
print "</form><br>";
}
else if (isset($_POST['submit']))
{
$name=$_POST['name'];
$country=$_POST['country'];
$email=$_POST['email'];
$homepage=$_POST['homepage'];
$aim=$_POST['aim'];
$icq=$_POST['icq'];
$yim=$_POST['yim'];
$msn=$_POST['msn'];
$comment=$_POST['comment'];
if(!$name || !$comment)
{
print "<font color='red'>Name or comment not entered, please go back and sign again</font><br>";
}
else
{
// Filter out the bad content
$Keyword = (isset($_POST['comment'])) ? $_POST['comment'] : '';
$trimmedKeyword = trim($Keyword);
$trimmedKeyword = stripslashes($trimmedKeyword);
//filter special characters such as % ^ &
$filter = array("`","~", "\"" , "\\" , "!", "@" , "#" , "$" , "%" , "^" , "&" , "*" , "(", ")" , "+" , "{" , "}" , "[" , "]" , "<" , ">" , ";" , ":" , "?" , "/" ,"//" , "|" , "=", "http", "://", "www.","[url=http://phentermine", "viagra", "sex", ".com", ".org", ".edu", "penis", "breast", "enlargement", "web hosting", "pay day loans", "auto", "credit card terminal", "Money Makers", "matto", "Larry", "Yasemin Co.", "Jeffery", "airline ticket", "spyware windows nt", "Ottis", "spyware scan", "Mike Tyler", "microsoft sql server", "online tarot reading", "phentermine buy online", "prescription drugs", "pharmacy canada", "radiology continuing educ", "dell notebook", "valium tablet", "installing replacement", "installing replacement wi", "ibm notebook battery", "Abram", "flower silk", "play poker free", "sql server driver", "www", "auto insurance", "united airline fare", "sport betting online", "spyware remover", "viagra alternative", "air plane ticket", "notebook refurbished", "tramadol cheap price", "travel insurance quotes", "epson printer ink", "Jayson", "Robert", "Herman", "George", "Alton", "Christopher", "Lori", "Mark", "Alena", "online cigarettes", "home equity loan", "Sasha", "bad credit", "free casino cash", "air ticket", "Hannah", "Oswald", "Lori", "Tristin", "Michael", "William", "Samantha", "Richard", "sergius", "Gregg", "Miki", "Ange", "Trey", "Jane", "Matthew", "Ada", "Jony B.", "Brian", "Alexis", "Alton", "Rico", "Miki", "Brian", "Paul", "Carol", "Orlo", "Brian", "Kaylee", "Gilbert Arenas", "Jessica", "Marcellus", "Samantha", "Jasmine", "Lori", "Mortal Krue", "Jabo", "Tino Cereteli", "Marta Hueva", "Geny Krina", "Tonny Blerr", "Mark", "Micky", "Jennigston", "preteen lolita", "little lolitas", "portable basketball hoops", "Christ", "Sanekus", "Antony Shwarz", "Tommy Lee", "Bred Silver", "Buy Tramadol", "Frantichek Tenniken", "Buy tramadol", "Fransis Mentos", "John Rendis", "Jennis Jeckson", "Jad", "Buy viagra", "34000000000 jackpot lotte", "Colin", "Bob", "Kasius Mon", "Karas Adult Playground", "Texas", "Brendon Kleyton", "xanax", "Bam", "Dim", "Miranda Jenning", "people health", "replica rolex watch", "black girls pimp", "Funtik Shpuntik", "[url]", "[/url]", "[url", "[url=");
$trimmedKeyword = str_replace($filter, '', $trimmedKeyword);
$trimmedKeyword = preg_replace('#\s+#',' ',$trimmedKeyword);
$trimmed_arrayKeyword = explode(" ",$trimmedKeyword);
//////////////////
// Insert the data now its cleaned
$r=$_SERVER["REMOTE_ADDR"];
$day=date("D M d, Y H:i:s");
$timegone=date("U") ; //seconds since Jan 1st, 1970
$putinguestbook="INSERT INTO gbook(name, country, mail, homepage, comment, realtime, aim, icq, yim, msn, time,IP) VALUES('$name','$country','$email','$homepage','$trimmedKeyword','$day','$aim','$icq','$yim','$msn','$timegone','$r')";
mysql_query($putinguestbook);
print "Thanks for posting, you will now be redirected <META HTTP-EQUIV = 'Refresh' Content = '2; URL =index.php'> ";
}
}
}
?>
The address of the guestbook is http://www.intheclassroom.org/teachers/index.php
Thanks for the security help,
Don
