NOTE (2009): This is not what you want. This stuff is very, very old.
I once decided to take a few minutes to doctor up my old ShoutBox to use a mini-blacklist.
I highly recommend taking these steps if you use ShoutBox:
1) Open the file "shoutbox_langpack_english.php" in a text editor. On or about line #31, paste in the following definition.
Any phrase between the second set of quotes will do - perhaps, "Thank you for attempting to post, but we are declining such messages"
2) Open the file "shoutbox.php" in a text editor. Go to around line # 116, and find this:
if (isFlooding() >= 3) {
$error .= _PROCESS_FLOODING;
}
Add a few spaces after that "if" statement so you can paste in another one. Paste this "if" statement after (below) the one above:
|insest|banned|passion|b-d-s-m|matur|snurl|ayke|01j|cpa-site|manga|ra-pe|xdrow|adult-chat|anime1|secureroot|taboo|
adultnonstop|xxx|fetish|porn|gotovoyeur|anal|adultpersonality|i-twinks|greatlatina|camsweb|ebonyz|boys4you|rape|
maturex|mt-forum|beastiality|webcams|seduces|insest|xbig|seex4u|naturals|
ayke|logos-sonnerie|pantyhose|xsonnerie|logos|cumfiesta|xanal|sex|boys-1-time |cock|teen|tits|member|incsx|
full-access|anti-trust|inc-diary|qooqle|milf|nigritude|romance|onzin|gay|
violent|penis|bestiality|satisfaction|anim|incest/i", $url)) {
$error = _SPAM_MAN;
}
Note: I will try, for awhile, to keep the above statement up to date with the phrases in urls that have been posted here by spammers. Feel free to make me aware of other offending urls.
The words between the pipes are found in the urls that the spammers are leaving. You can add as many more as necessary.
So, that's it. Easy, eh? I'd advise you to implement this today, because I still think the ShoutBox is kinda fun, and the spammers have been wrecking it!
Comments
38 Responses to ShoutBox Spam - Here’s A Partial FixTrackbacks
- : aardvark.dj: ShoutBox Spam - Here’s A Partial Fix I was on the verge of taking the Shoutbox off the site. I was. A good 75% of all the posts it received were not so subtle links to sites that professed to offer pictorial representations of acts that were...
Tracked at 2004 05 11 05:35:09 - : Diva Maggie dot com: ShoutBox Spam - Here’s A Partial Fix Good morning Oscar has come...
Tracked at 2004 05 11 08:16:05 - : scramsam: ShoutBox Spam - Here’s A Partial Fix I've had my shoutbox up for quite some time now and in the last six months the spam has gotten out of hand. I took care of that problem today. Thanks Oscar....
Tracked at 2004 05 12 16:22:31 - : dotFAF.com: ShoutBox Spam - Here’s A Partial Fix For the past few months i like many other Shoutbox users have been getting spam shouts on our boxes. The most annoying thing being links ot porn sites being used as the poster's URL. Oscar of ofhills.com came up with a solution to reject shouts that ha...
Tracked at 2004 05 18 17:54:57 - CurtG's Blogathon: ShoutBox Spam - Here’s A Partial Fix My hats off to these guys - Oscar and Faf for helping put an end to obnoxious Shoutbox spam. It was becoming almost a daily routine to delete the crap the spammers were posting, and I considered taking my SB down for good. Just in time - Oscar created ...
Tracked at 2004 06 13 07:20:34
Tell us your thoughts...
And (as you probably know) if you want a pic to show with your comment, go get a gravatar!
Next entry: Netflix Queue For Expression Engine
Previous entry: Jerry Reed's Drive In
ShoutBox Spam - Here’s A Partial Fix
Posted by Oscar on Sun, 5/9/04 at 08:43 PM
Filed under: •
Comments: 38 Comments/Trackbacks
OFH Solo Banjo/Guitar mp3's
pretty good if you like pickin'
January 8th, 2006 at 03:11 pm
Thanks!! Fantastic~!!
September 29th, 2004 at 02:37 pm
Yes, thanks Faf! I’ve seen this too, and DID go and inspect the source when I realized there had to be SOMETHING up, and now I just delete anything I don’t recognize. You’re also right about posting the lists. I’ve been meaning to remove mine for awhile now! Thanks for the info!
September 29th, 2004 at 02:31 pm
Ok the spammers have a new strategy:
they still use urls but dont link directly to porn sites.
You may get an innocent link like donnas-site and if u bother to check u’ll find what is a seemingly innocent single page site by some donna “something”. on inspecting the source however, you find a lot of links to porn sites etc.
one characteristic of these sites is a tendency to always show a link back to the page u came from though i’ve come accross one tha was very professionally made.
if fooled me enough that i didnt bother looking at the source.
Also i’d advice u guys not to post your current ban list on here since all u’re doing is drawing a lot of porn hits here as well as unintentionally promoting the spam sites if it’s included in ur banlist.
On a side note, i have about 56 keywords now in my personal list and will be willing to send it to anyone that is interested:
mail me at paakofi+shbox @t gmail.com
if people seem interested in integrating their lists, i might get to work on a more efficient way to do it as i might have menioned in earlier comments
July 4th, 2004 at 09:35 pm
I linked this post through to the Webfroot Shoutbox forum.
Visitors: you may want to look there for other / further solutions…
June 12th, 2004 at 06:03 pm
Yes, I agree. For whatever reason, the filters have not altered the spammers behaviors - they keep doing the same thing, with many many urls, and that’s it. Part of the reason it seems like a bot, but who knows?
June 12th, 2004 at 08:29 am
I dont believe IP banning works much anyway.
If they ever take to using IP addresses as thier URLs, i’ll just ban any “urls” that dont have only numbers in them after the http:// bit has been stripped.
I dont know a lot of people that have numbers only sites and if they do… too bad.
That will be the simple solution but there could be another way of finding out whether a string IS an ip address or not… eg. by stripping the http from it, then “splitting” it by the dots (.). If we get four parts… then it is an ip address. so eg. 193.45.34.67. split it using the . as a separator. we have 193 and 45 and 34 and 67. It’s four items…. must be an IP address.
I dought a lot of non spammers will be caught out this way.
June 7th, 2004 at 05:06 pm
I bet it’s the creators trying to get the community to come up with an effective ban solution
June 6th, 2004 at 09:13 am
Thanks Jeff. Yeah, I have an ip banning code in my ShoutBox also (Can’t remember if it came that way or I added it as a hack), but I haven’t found it helpful since all the ip’s seem spoofed.
As for the url, they haven’t taken (yet) to using ip’s in the url, and have generally put innocuous crap in the text area along with a porn url. Hence, my current code. Since I don’t want to do one lick of unnecessary work, I figured I would “drive off” each of those bridges when we get to them, i.e., when my pals the spammers start spamming that way.
As we saw today, there seem to be limitless url’s to spam with. But, I figure if my code slows ‘em down a little, then great. I am still completely mystified as to how these links pay off. Especially if the spams are manually entered! Seems to me these guys would be better off with a job, but what do I know? Anyway, I hope my code decreases their effective hourly wage. That’s my goal - economic sanctions
June 5th, 2004 at 06:18 pm
Oscar, Just played with your shoutbox and noticed that the words your matching against are in the URL. You should also add the check to the name edit box as they could simply put in an IP number instead of the URL and use the name field to relay the intent.
June 5th, 2004 at 06:11 pm
Hey this is great. Adds another layer of protection. In addition to this you should also ban by a part of the IP. ie:
$banned_segment = array();
$banned_segment[] = ‘213.161’;
$banned_segment[] = ‘213.93.’;
$banned_segment[] = ‘194.135’;
foreach($banned_segment as $banned) {
$ip = $_SERVER[‘REMOTE_ADDR’];
$ipsegment = substr($ip, 0, 7);
if($ipsegment == $banned){
echo “You have been banned! Silly spammer kicks are for trids”;
exit();
This does block ranges of an address, it is also looking at the first 7 characters of an IP, simply add more lines beginning with $banned_segment to add more to the array. This gets added to viewshoutbox.php and expanded.php, right at the top.
May 26th, 2004 at 06:21 pm
Hmmm, interesting. I never really thought that part of it through. BTW, I thought the NOCACHE meta tag prevented the browser from caching, and had nothing to do with what the spider does with a page. Is this wrong?
May 25th, 2004 at 08:18 pm
I believe that spammers manually spam since they have nothing better to do than make money off affiliate programs so they probably have the time to manually search google for blogs/shoutboxes to get improved results. I know that for sure, as the number one result for the term hentai is a spammer, and the link trader oscar which serps number 2 has ever since put a lot more ads since he converts far less now that he lost the number 1 position. The only way to kill spam is to deny pagerank via “NOCACHE” in meta tags.
May 22nd, 2004 at 09:40 pm
Amazing Job!! Thanks so much for this fix. The admins have been trying to figure out a way to stop them for a long time, but they haven’t been able to come up with anything that worked yet. thanks so much!
May 18th, 2004 at 07:23 pm
Yes! Fantastic. That’s how it SHOULD have been done in the first place! Great work.
May 18th, 2004 at 06:01 pm
Ok, visit http://www.dotfaf.com/v2/entry.php?title=20040518_shoutboxspam_list_manager.
I’ve setup phase one of my proposal. Now you can add to the list without tampering with shoutbox.php.
May 18th, 2004 at 07:21 am
I’ve already changed the name of my expanded.php but it’s had no effect.
Someone on the Webfroot forum was about to talk me through renaming the form fields which apparently helps. Also adding a hidden field with a unique name is supposed to help.
I’m a complete PHP dunce so I’m not sure how to go about it.
theaardvark.
May 18th, 2004 at 04:28 am
Thanks for this, great work!
May 17th, 2004 at 08:40 am
Hi Faf! Thanks for the ideas, and the spirit of cooperation! Please feel free to implement this if you have the time and inclination - it sounds great, but between trying to keep up with Netflix and the rest of my life, I fear I might not get to it for awhile.
Everytime I get spammed, I add the key url fragment to my own code and also to the sample I have posted, but they may be endless. I suppose we should also try to figure out how the spam bot works (maybe someone knows this already). I assume it searches for expanded.php, and uses that. So we might think of renaming key files like expanded.php. Believe I’ll change mine to f_u_spammer.php, just in keeping with my original post.
Anyway, thanks again for the ideas, and let’s all try to collaborate to keep the shoutbox workable!
May 16th, 2004 at 11:23 pm
I’ve worked on some shoutbox code in the past and as with most of you i’ve been hit with the shoutbox spam problem.
I’ve got a few suggestions on how we can tackle this problem better:
We need a pooled location for all the URLs. It’ll be easier to set it up when that one file is updated people that “refresh” their local list will have the full list
Also people should be allowed the option of having local lists.
A way to achieve it is to “require” two files one for the pooled list and one for the local list.
I could have a stab at this but i though you might wanna do it yourself.
May 14th, 2004 at 08:32 pm
Yes, Rachel, that’s a good idea. I’ll see if I can set that up somehow soon. It seems they may have limitless urls, but I figure we’ll just keep growing the list.
Page 1 of 2 pages 1 2 >