Stop spam-bots in PHPBB 2.x. Cheap, easy BOT stopper

Posted on June 5, 2007 by admin

WARNING!  As of this writing, this information pertains to the 2.x branch of phpBB.  I strongly recommend you upgrade to the latest phpBB.  As of April 28, 2009 that version is 3.0.4.  Please see http://phpbb.com

NOTICE: I have an updated phpBB patch for the 3.0.x version of phpBB.  Please search this blog for phpBB or look at the phpbb category for more tips and tricks.

In your active template file profile_add_body.tpl find the line:

<!-- Visual Confirmation -->

ABOVE that line, add:

<!-- BOT HACK -->
   <tr>
      <td class="row1"><span class="gen">Are you a robot? *</span></td>
      <td class="row2"><select class="post" name="imarobot">
      <option value="yes">yes</option>
      <option value="yes">of course</option>
      <option value="nope">Humans choose this one</option>
      </select> <span class="gen">Bot buster... choose the right one.</span></td>
   </tr>
<!-- BOT HACK -->

In your forum file includes/usercp_register.php find this section of code:

   else if ( $mode == 'register' )
   {
      if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
      {
         $error = TRUE;
         $error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Fields_empty'];
      }

AFTER that part, add this:

// BOT HACK
         if ( empty($HTTP_POST_VARS['imarobot']) )
         {
            die('NO BOTS');
         }
         else
         {
            if ($HTTP_POST_VARS['imarobot'] != 'nope')
            {
               die('NO BOTS');
            }
         }
// BOT HACK

And there you go.

Posted in How Tos, php, phpbb, spam | Leave a comment

Perl code to find an IP A in subnet B/C

Posted on June 5, 2007 by admin 
my $ip = '1.2.3.4';
my $block1 = '1.2.3.0/27';

if(checkip($ip, $block1)) {
    print STDOUT "$ip is in $block1\n";
}
else {
    print STDOUT "$ip is not in $block1\n";
}

sub checkip() {
    my $ip = shift;
    my $block = shift;
    
    @ip1 = split(/\./, $ip);
    $ip1 = $ip1[0] * 2**24 + $ip1[1] * 2**16 + $ip1[2] * 2**8 + $ip1[3];
    my @temp = split(/\//, $block);
    
    $ip2 = $temp[0];
    my $netmask = $temp[1];
    
    @ip2 = split(/\./, $ip2);
    $ip2 = $ip2[0] * 2**24 + $ip2[1] * 2**16 + $ip2[2] * 2**8 + $ip2[3];
    
    if( $ip1 >> (32-$netmask) == $ip2 >> (32-$netmask) ) {
            return 1;
    }
    return 0;
}
Posted in How Tos, ip addressing, ipv4, networking, perl, Programming | Leave a comment

PHP Header injection

Posted on May 21, 2007 by admin

I regularly shut down web sites that use the PHP mail() function. While the users of the sites mean well, they generally don’t do any checking before sending data to mail(). I’m not going to weigh in mail(). Enough has been said about it. Just remember to take your code and code security seriously.

Remember, never trust data submitted by site visitors. Sanitize the heck out of it.

Jelly and Custard has an excellent explanation of PHP Header Injection when using the PHP mail() function.

http://www.jellyandcustard.com/2006/02/24/email-header-injection-in-php/

http://www.jellyandcustard.com is an excellent PHP blog.

Posted in How Tos, Mail Post, php, Programming | Leave a comment