NTNUJAVA Virtual Physics Laboratory
Enjoy the fun of physics with simulations!
Backup site http://enjoy.phy.ntnu.edu.tw/ntnujava/
October 22, 2017, 11:41:06 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Progress is impossible without change; and those who cannot change their minds cannot change anything. ..."George Bernard Shaw(1865-1950, Irish dramatist, essayist and critic, Nobel Prize for Literature 1925)"
Google Bookmarks Yahoo My Web MSN Live Netscape Del.icio.us FURL Stumble Upon Delirious Ask FaceBook

Pages: [1]   Go Down
  Print  
Author Topic: How to block some programs which can register and confirm account automatically!  (Read 81503 times)
0 Members and 1 Guest are viewing this topic. Click to toggle author information(expand message area).
Fu-Kwun Hwang
Administrator
Hero Member
*****
Offline Offline

Posts: 3080



WWW
«
Embed this message
on: February 28, 2009, 08:39:04 pm »

However, some program can bypass the above procedure. Like Xrumer or Zunker...
Code:
Xrumer allows to post in phpBB and PHP-Nuke (with any modification), yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and phorum.org.
 Basically, it follows the process below:

   It looks for websites where comments can be inserted.
   It registers itself as a user.
   It posts the message.

This type of websites usually include human verification codes, in order to make automatic registration more difficult for this kind of robots or they use filters in order to block IP addresses that carry out suspicious operations.
Thatæ—§ why, this program is able to recognize the texts in the images. It also allows to connect to a list of proxies in order to use different IP addresses.

To prevent posting by programs like the above examples:
Add javascript code to check if data in the form is enter with key stroke.
For example:
1. add a hidden variable in the form to be checked:
2. add javascript to username input textfield: onkeyup="this.form.checkme.value=1;">
3. add javascript code to check it before user submit the form: onsubmit="if(this.form.checkme.value!=1)return false;else return true;">

if you want to see updated blacklist please click

-*-
Logged
lookang
Hero Member
*****
Offline Offline

Posts: 1784


http://weelookang.blogspot.com


WWW
«
Embed this message
Reply #1 on: March 02, 2009, 12:01:20 pm » posted from:SINGAPORE,SINGAPORE,SINGAPORE

i am not sure how to add this codes in my own forum simple machine forum php.


I wonder if anyone has made this codes modifications in SMF forum mods (modification)?

It is more easy to adopt if i can just upload, expand it and deploy it like a mods.

basically, the mods just find the codes, and then replace it with another codes. if all finds and replacement are true, the mods will signal success! But i have not made one myself yet Sad

Let me explore more about this and come back.
I do get a couple of registration on my forum each day or so Smiley I go check
Logged
lookang
Hero Member
*****
Offline Offline

Posts: 1784


http://weelookang.blogspot.com


WWW
«
Embed this message
Reply #2 on: March 02, 2009, 12:13:37 pm » posted from:SINGAPORE,SINGAPORE,SINGAPORE

ok. i am convince i need this codes. http://66.7.205.91/~lookangc/index.php?board=55.0
i have many posts that could be from bots automatically register n post

how do i add them in where of my php files, there are many files.

Thanks!
Logged
Fu-Kwun Hwang
Administrator
Hero Member
*****
Offline Offline

Posts: 3080



WWW
«
Embed this message
Reply #3 on: March 02, 2009, 02:34:55 pm »

When you create a lock, there is a key to unlock it.

I have used phpBB for my web site. But it was hacked several years ago.  Embarrassed
Because phpBB was so popular and the code are freely available.
So hacker can study all the protections and find out solution to break in.
Due to so many unrelated messages posted everyday.
I wrote my own code to host all the simulations between 2001-2007 (it is still available).  Cool
However, the system is not familar to most of the users.
The web site still attracted many visitors, but the average posted messages reduced a lot.  Sad

I switch to this system on 2007/02/14, because the system was not the most popular one and seems to have many security features at the time.

However, the code are public available. So someone find ways to hack the system. Angry
Yes. I can add modifications code and post it in SMF forum mods.
However, someone will find the way to hack it soon.
For examples: Visual verfication image was added and user has to type in verfication code from the image.
But program like x r u m e r  can recognize the image. It can read email and click link to confirm the account automatically. That is why so many users use it to add links to web site. (The program cost nearly $520). ---I do not want to add link to help it.

I think the best way is to add a simple but unique solution to prevent it. Shocked
The above method I posted does not really prevent the form to be submitted by the hacker.
But the value for checkme submitted to the server will be 0 instead of 1.
So I block the registration with added code (Normal user registration will be the same as usual).

The average number for registered users was 50-60 per days last month.
It reduced to 25 yesterday (from the record: 26 were blocked ).

I knew there are many users registered but never post message.  I found many of those accounts never visit one of the message in this forum, when I check the log files. They only registered and leave several URLs as part of their personal profile. That is why I only allow registered users to be able to view other user's personal profile.

Sent me Themes/default/Register.template.php and Sources/Register.php via private message.
I can modify the code for you and send them back.

I would suggest you: do not allow anyone to view the board link in your message (only visible to yourself).
Because it will help the program to find where the program works (I believe the program use search engine to find web sites as their target).
I also create a board stored all those banned topics.
In the last two weeks, I have to remove those messages more and more often. So I decided to modify the code during the weekend to prevent those messages/registrations.
It is working (at least up to now).  Wink

I am aware that someday they will find another way to break in.
I just have to fix it then.  Angry  It might becomes a never ending war! Sad
Logged
lookang
Hero Member
*****
Offline Offline

Posts: 1784


http://weelookang.blogspot.com


WWW
«
Embed this message
Reply #4 on: April 17, 2009, 07:34:40 am » posted from:SINGAPORE,SINGAPORE,SINGAPORE

your SMF codes work well on my forum http://66.7.205.91/~lookangc/index.php , there is rarely any registration now which is correct!

Thanks for solving robot register and confirm account automatically!
Logged
melayu43
Newbie
*
Offline Offline

Posts: 1

«
Embed this message
Reply #5 on: October 03, 2009, 09:37:16 am » posted from:Ipoh,Perak,Malaysia

by far, SF is the most secure CMS i've used so far ...
Logged
kenmajor
Newbie
*
Offline Offline

Posts: 2

«
Embed this message
Reply #6 on: November 24, 2011, 10:39:45 am » posted from:-,-,COLOMBIA

I've just applied these to my sites, lets see if works, thanks for the info in advance!
Logged
kenmajor
Newbie
*
Offline Offline

Posts: 2

«
Embed this message
Reply #7 on: November 24, 2011, 10:41:02 am » posted from:-,-,COLOMBIA

hope this works those xrumer's have been spamming my sites to the end of this world
Logged
desertrose3
Newbie
*
Offline Offline

Posts: 11

Physics <3


«
Embed this message
Reply #8 on: January 16, 2012, 05:14:51 am » posted from:Lahore,Punjab,Pakistan

There are so many programs out there now to overpass all the plug-ins and everything now though  Undecided
Logged
smith8890
watchlist
Newbie
*
Offline Offline

Posts: 2

«
Embed this message
Reply #9 on: February 07, 2012, 02:46:54 pm » posted from:Dhaka,Dhaka,Bangladesh

I am impressed by the quality of information on this website. There are a lot of good resources here.
I am sure I will visit this place again soon.-*-
Logged
diagobd2
watchlist
Newbie
*
Offline Offline

Posts: 1

«
Embed this message
Reply #10 on: April 27, 2013, 02:37:01 pm » posted from:Guangzhou,Guangdong,China

I am aware that someday they will find another way to break in.



-*-
Logged
cpsclicker
Newbie
*
Offline Offline

Posts: 2

«
Embed this message
Reply #11 on: September 30, 2013, 01:51:28 pm » posted from:PASIG,MANILA,PHILIPPINES

I have my own forum site too and this xrummer makes me nuts. How can I prevent this to happen?
Logged
EbinGeorge
Newbie
*
Offline Offline

Posts: 2

«
Embed this message
Reply #12 on: October 08, 2017, 09:26:31 pm » posted from:AMSTERDAM,OHIO,UNITED STATES

There are number of websites, and so it is not easy to find out a genuine site for the successful completion of discussions in any of the forums. in the case of Dubai Curtains, Al barsha will be the right option. So think twice before choosing any of the services or websites.
Logged
Pages: [1]   Go Up
  Print  
Progress is impossible without change; and those who cannot change their minds cannot change anything. ..."George Bernard Shaw(1865-1950, Irish dramatist, essayist and critic, Nobel Prize for Literature 1925)"
 
Jump to:  


Related Topics
Subject Started by Replies Views Last post
how to make x and y axis automatically on the drawing panel
Questions related to EJS
lookang 4 13227 Last post August 10, 2007, 02:35:48 pm
by lookang
Block feeder
Molecular Workbench
concord 0 5190 Last post December 23, 2007, 06:40:34 am
by concord
Usuful computer software/programs for physics teaching/learning
Physics related resources
Fu-Kwun Hwang 1 6912 Last post September 01, 2016, 05:08:18 pm
by RandyFO
Friction force and motion of the block
dynamics
ahmedelshfie 0 2959 Last post May 11, 2010, 01:57:25 am
by ahmedelshfie
V(t) and a(t) for a block sliding from a hill with a spring
dynamics
ahmedelshfie 0 2743 Last post May 29, 2010, 12:09:39 am
by ahmedelshfie
Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
Page created in 0.069 seconds with 22 queries.since 2011/06/15