|
PHP - Moved: Spam Bot Attack
This topic has been moved to Miscellaneous.
http://www.phpfreaks.com/forums/index.php?topic=354848.0 Similar TutorialsThis topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=320638.0 Hello dear friends , I'm under attack huge attack from spam bots and i need your help 1) i've a form with input text and input submit 2) no way to add html cause using js banned any < or > ..ect 3) the spam attack now post html code but it stored into database after automatically < and > removed as i mention in (2) okay add to your note i can't add captcha cuase my website for kids Now please allow me to explain this idea and let me know if it ture or there is another way else more simple 1) i will add hidden input with value shows "IP Number Of Poster" 2) by that way i will know the IP of the spammer 3) i will use php and mysql to create database table and store the IPs of spamming i collect so that when that spammer hit my website again , will not be able to view input form. What do you think ! is it right or bad solution or is there any any way the bad idea is that spam is not sure human cause it is stupid and post something meaningless and not ture and fake urls like this Code: [Select] theuzgfnpbmi, [url=http://gdtuaemvkpif.com/]gdtuaemvkpif[/url], [link=http://rsxtnszcpceq.com/]rsxtnszcpceq[/link], http://awpfgwtvqkdm.com/" theuzgfnpbmi, [url=http://gdtuaemvkpif.com/]gdtuaemvkpif[/url], [link=http://rsxtnszcpceq.com/]rsxtnszcpceq[/link], http://awpfgwtvqkdm.com/" please help if you have any suggestion or method how to stop such spammers thank you so much Well, I just want to know, if I add mysql_real_escape_string and strip_tags to a checkbox, does this mean it is 100% protected from SQL injection and XSS attack? For example: Code: [Select] <input type=checkbox' name="checkbox"/> $checkbox = mysql_real_escape_string(stip_tags($_POST['checkbox'])); Hi I need to test for XSS attack and aim is to break my own site. I am using strip_tags to strip all the HTML and tags. Is there any way for successful XSS attack even if strip_tags is used. Since I got my websocket PHP server running nicely with my MYSQL, I can now have some fun
Attack speed is very simple, but I need your help with the unixtimestamp.
For example, There is a field name called "last_attack" and each time a user attacks a mob and a skill was performed; it will be updated with:
time();Then I disable the attack button for 2 seconds client side, but I also check that value against time() serverside as well. Now let's say the user's attack speed is 1.30% I want to make that Attack Speed check, to check it dynamically. It should now check only if the attack was less than 1.7 seconds ago instead of 2 seconds. How do I split up the unixtimestamp to work with percents? Edited by Monkuar, 03 December 2014 - 02:11 PM. I have a javascript code that displays a monster hitting my character via client side only. It runs every 2 seconds via a setTimeout function.
My problem is... A user could just disable javascript all together, or craft their own code to disable the monster attack function.
I want to detect serverside if anything is being altered. If that makes sense.
This is EXTREMELY hard for me to explain, I have no idea but my game is essentially turn based at this point. THE MONSTER ONLY DOES DMG if a player HITS IT. That way, I can safely, and change the values serverside with MYSQL.
What I want is the monster to attack the player every 2 seconds or so (Which I have javascript code for already), but a user could just manipulate that code and then attack the mob and receive only that damage. I want it to be more of an action attack game, where the monster's attack automatically, but securely... If that makes sense, any idea?
Would I have to implement some type of timing mechanism or something serverside? Or once the player spawned that mob..? Not sure. (You only have XX Seconds to kill!), but that doesn't really fix the problem..
TLDR: Autoattack mob system serverside.
Edited by Monkuar, 19 January 2015 - 10:53 AM. Hello All, I am in desperate help here since my site was DDoS attacked by some one in turkey (Ips originate mostly from turkey, Germany, and some other Europe countries). I have installed the ddos deflation and most of the IPs are now blocked. I have a php file in my server that I use to input data into my database and my streaming servers. This file is called connect.php and the hacker is basically created an automated script that repeatedly call the connect.php file from a botnet resulting in both apache and mysql dead. I use connect.php in the following way http.open('get', "ajax/createchannel_1.php?channel=" + channelname + "&sitename=" + sitename + "&privateurl=" + privateurl + "&privateurlcheck=" + privateurlcheck); How can i change the connect.php so that it only accept execution from my server/ Please your help is greatly appreciated. ive been geting attacked by a spam bot it is inserting gibrish in one of my contact forms. i managed to block it with Code: [Select] if (empty($_POST['Email']) && !empty($_POST['CustomerEmail'])) Email is an empty text field with display:none for sometime it was clean and now it succeeds once in a while to insert a form. i dont want to use captcha , i think i will loose clients your advise A form is filled and the information is emailed to my address. The problem is it goes to the spam folder. Is it a problem with the email filter? I suppose I could whitelist the email address the server uses to email the info, but then spam would get through as well. Any ideas? Hi.. I want to implement a program for identifying spam emails using an algorithm naive bayes in php.. How to implement this ..can any one help me.. thanks in advance Hey My site is getting alot of spam and i need a way to keep up with what is being sent with some kinda system that will flag things which contain urls and chosen keywords. Problem i faced though was lets say a keyword was: skyspider Now some one could say sky or spider (as seperate words) but they still flagged. So "theres a spider in the sky" would be flagged when i only want "skyspider" flagged... does that make sense? What php function do i require to do such string checks like this? Thanks I 'm having some problem while sending mails . i am sending bulk mails using php script, der is no problem in the script. i hope some guys have faced similar issue. while i am sending bulk emails, i figured out that - few mails are going to spam not into their INBOX. can you guys pls give some hint to resolve this issue. .. Hi This subject doesn't really have a category but is driving me mad. I use the mail() function to send out emails to a news group forum that I have created. This forum does the same. I am getting the emails placed in a spam folder. Is there any way around this. I have been told that it has something to do with no reverse DNS. I get emails like DoNotReply@bt.com. This email address doesn't exist. How does the email system know this, and is there a way around it. TIA Desmond. i am using mail functions in php and i am sending mails but the mails are going to spam in gmail and for yahoo its going to inbox. my problem is i want to send the email to inbox only as most of them use gmail ....should i use any smtp or any other mail library functions? can anyone guide me? Hi; I had an email from my hosting company which said that my account was hacked and one script in images folder is trying to send thousands of spams(file name : "/public_html/images/sm5vy7.php"). they blocked my account and asked me to check if there is any script or code that may cause this problem. The only server side page I had was a contact.php file that has mail() function in it. the code is like this; "if( isset($_POST['submit'])) { $name=$_POST['name']; $comment=$_POST['comment']; $email=$_POST['email']; $phone=$_POST['phone']; $to = "sample@gmail.com"; $subject = "sample"; $message = "sample"; $from = "$email"; $headers = "Content-type:text;charset=utf-8" . "\r\n"; $headers .= "From: $from" . "\r\n"; mail($to,$subject,$message,$headers); }" My question is "can the code I used cause any security problem that someone be able to create a php file in my images folder or someone has accessed my account?" Thank you in advance I'm really in a big trouble im having some robots injecting gibberish i wnat to deny amy links in the requesttext of the form for some reason i tested it and it accepted a http link Code: [Select] if (preg_match("/http/i","$RequestText")){ exit();} thanks The script below works but it goes straight to the junk folder only since i added the parts below to the form. (the form is in another file) How do i stop it from going to the junk folder. Quote $error = $_GET['error']; $httpagent = getenv ('HTTP_USER_AGENT'); $url = $_SERVER['HTTP_REFERER']; Code: [Select] <?php require_once "Mail.php"; $optional = $_POST['optional']; $error = $_POST['error']; $url = $_POST['url']; $httpagent = $_POST['browser']; $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; $from = "Web server <removed>"; $to = "Admin <removed>"; $subject = "Someone has submitted an error."; $body = "Someone has submitted an error.\n". "Error: $error\n". "URL: $url\n". "Web browser: $httpagent\n". "Anything else you want to add?: $optional\n". "IP: $ip\n"; $host = "removed"; $username = "removed"; $password = "removed"; $headers = array ('From' => $from, 'To' => $to, 'Subject' => $subject); $smtp = Mail::factory('smtp', array ('host' => $host, 'auth' => true, 'username' => $username, 'password' => $password)); $mail = $smtp->send($to, $headers, $body); if (PEAR::isError($mail)) { echo("<p>" . $mail->getMessage() . "</p>"); } else { header('Location: thank-you.html'); } ?> Ok, so I want to make a comment spam filter for my site. I know the basic logic, but have yet to figure out how to write the functions. I have a database table called comments that has a column called "time", which contains a unix timestamp value of when it was posted. Basically what I want to do is this: When a user tries to post a comment, the script determines with a database query if they have posted a comment in the last 120 seconds. So basically I have to find the current time, and the time it was 120 seconds before the current time. Then I have to find any comments posted by the user that were made after the 120 second mark. My database query should then look something like this, right? Code: [Select] $query = mysql_query("SELECT * FROM comments WHERE author = ".$_SESSION['id']." AND time > '".$120secondsago"'"); Please correct me if my logic is wrong, which it very well may be, but how would I find the unix timestamp code from 120 seconds before the current time? Note that 120 seconds is just an example and also that I have not worked with dates in mysql very often. $query = mysql_query("SELECT * FROM comments WHERE author = ".$_SESSION['id']." AND time i got the below code from google, need to adapt it to use, it works, but i just need it to over write on the file instead of appending to the file , please help, i am not a coder nor understand much of this, if someone could change it for me please:
function logText($text)
{
$ts = date("D d-m-y h:i A",time());
$toLog = "[" . $ts . "] " . $text;
$fh = fopen("logFile.txt", 'a');
fwrite($fh, $toLog."\n");
fclose($fh);
}
Edited December 13, 2020 by requinix
Below is my contact from - and I have set anti spam question as I don't like captcha. How to I code the post/human bit so it is case insensitive?
<div class="one-half-column-right" id="contactform">
<form method="post" action="index.php#contactform">
<label>Name*</label>
<div class="clear"></div>
<input name="name" placeholder="Type Here">
<label>Email*</label>
<div class="clear"></div>
<input name="email" type="email" placeholder="Type Here">
<label>Message</label>
<textarea name="message" placeholder="Type Here"></textarea>
<label>*If today is Tuesday, what is tomorrow? <br> [lowercase answer please]<br> (Anti-spam)</label>
<input name="human" placeholder="Type Here">
<input id="submit" name="submit" type="submit" value="Submit">
</form>
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'From: Website Form';
$to = ‘name@name.com’;
$subject = 'website form enquiry';
$human = $_POST['human'];
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
if ($_POST['submit'] && $human == ‘wednesday’) {
if (mail ($to, $subject, $body, $from)) {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
Request has been sent. We will get back to within 48 hours!<br></p>';
} else {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
Something went wrong, go back and try again!</p>';
}
} else if ($_POST['submit'] && $human != '') {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
You answered the anti-spam question incorrectly!</p>';
}
?>
<!--// form //-->
|
|||||||