|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
I have been out in the wild for a while and upon my return I find that our stopforumspam submissions are not reaching their destination. Any suggestions?
7.5.8
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
When logged into the Stop Forum Spam site, what does your My Spammers page say? Is your API key from Stop Forum Spam installed correctly in the UBB configurations? (If there is no key it will not submit users, or log submissions to the My Spammers page).
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
It says: "Here is a list of your contributions. If you need to remove an entry, please click on the minus symbol in the far right next to the entry. You have a total of 541 submissions
The last submission shown is:
14-May-16 23:41 180.234.111.62 kawrapakma kawrapakma@gmail.com
There have been daily submissions since that date but they are not in the stopforumspam database. Also when A moderator hits the the Report Spammer Button nothing seems to happen.
I forgot where the API is stored? Is it possible it became corrupt by some nefarious activity?
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
Found it and the key is correctly entered.
The API status is "can connect".
I am trying a new API Key.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
White screens when you try to submit, hmm; do your error logs have any new entries, specifically 503 errors? It's possible that your webhost recently installed Suhousin (probably about the same time your most recent entry into the SFS database was) and it could be killing the request... In fact, I put a lot of time into UBB.threads v7.6.0+ System Requirement Test - 20160222 because of Suhosin errors over the years. The API key for SFS (the configuration options and a "Test" link are also on this page) are stored at: CP -> Master Settings -> Primary Settings -> Stop Forum Spam
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
New API didn't make any difference. Our HC scanned the server and found:
We have disabled the known malicious script by removing read, write and execute privileges on the file:
SCAN ID: 061516-0120.839 TIME: Jun 15 02:23:34 -0500 PATH: /home/2/4/1/1026/1026/public_html/ {HEX}gzbase64.inject.unclassed.15 : /home/2/4/1/1026/1026/public_html/forums/templates/2011.php
They suggest changing FTP and database passwords. FTP is easy and done. What are the steps to change the database passwords? I assume I would have to close the forum to do these steps?
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
2011.php isn't a valid UBB.threads file; seems someone either exploited something on the server or uploaded the file to the server and chose that folder to store the file in as it's not generally accessed by anyone doing anything other than upgrading a site.
You should ask them to look at your server logs for any type of activity around the time that the file was created.
To change the MySQL password, you'd just simply open the /includes/config.inc.php file and change the password line, after updating the password through the MySQL settings page supplied by your host.
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
The stopforumspam tech is asking: (I can't recall where the submission code is located.....)
Are you able to check the submission code add tell me if it looks anything like that, specifically with the fclose() - the variable names aren't an issue, just if its fput() and then fclose()
$fp = @fsockopen("www.stopforumspam.com", 80); if ($fp) { fputs($fp, "POST /add.php HTTP/1.1\n" ); fputs($fp, "Host: www.stopforumspam.com\n" ); fputs($fp, "Content-type: application/x-www-form-urlencoded\n" ); fputs($fp, "Content-length: ".strlen($sfsData)."\n" ); fputs($fp, "Connection: close\r\n\r\n"); fputs($fp, $sfsData); fclose($fp);
|
|
|
|
Joined: Apr 2004
Posts: 1,945 Likes: 145
|
Joined: Apr 2004
Posts: 1,945 Likes: 145 |
UBB.threads 7.5.9 /scripts/adduser.inc.php
I believe its at the end of the file.
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
This from the stopforumspam.com tech that I have been working with:
"I think I've found the problem as I think its down to an upgraded (to fix a security issue) version of the nginx web server. Thanks for pointing this out, I'll work on fixing it now"
I will add more to this later.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Let me know if it ends up having been an issue with their server versus a SuHosin Filter issue; if it ends up being a filter problem with Suhosin and the host has to whitelist a script, v7.6.0 has that code in additional places.
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
They had me add this code before the last fclose:
$output = ''; while( !feof( $fp ) ) { $output .= fgets( $fp, 1024); } fclose($fp);
Submissions resumed with that line included.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
adduser.inc.php function PostToHost($data) {
$fp = fsockopen("www.stopforumspam.com",80);
fputs($fp, "POST /add.php HTTP/1.1\n" );
fputs($fp, "Host: www.stopforumspam.com\n" );
fputs($fp, "Content-type: application/x-www-form-urlencoded\n" );
fputs($fp, "Content-length: ".strlen($data)."\n" );
fputs($fp, "Connection: close\n\n" );
fputs($fp, $data);
$output = ''; while( !feof( $fp ) ) { $output .= fgets( $fp, 1024); }
fclose($fp);
fclose($fp);
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Let me know if your stats start increasing again; I went and looked at my own and indeed they stopped on May 12th. I'm testing some coding changes based on their supplied one liner (be sure you only have one fclose, you may have errors printing to your error log while having two). The proposed change (for adduser.inc.php, v7.6.0 adds similar coding to login.inc.php as well): function PostToHost($data) {
$fp = fsockopen("www.stopforumspam.com", 80);
fputs($fp, "POST /add.php HTTP/1.1\n");
fputs($fp, "Host: www.stopforumspam.com\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\n");
fputs($fp, "Content-length: ".strlen($data)."\n");
fputs($fp, "Connection: close\n\n");
fputs($fp, $data);
$output = ""; while(!feof($fp)) { $output .= fgets($fp, 1024); }
fclose($fp);
}
Last edited by Gizmo; 06/27/2016 9:35 PM.
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
If I plugged in the 7.6.0 code above would it function correctly in version 7.5.8?
Maybe I am getting over confident changing stuff.........
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
It's ultimately your supplied code with the extra fclose removed.
|
|
|
|
Joined: Jan 2012
Posts: 95
journeyman
|
journeyman
Joined: Jan 2012
Posts: 95 |
I removed the extra fclose.
Still submitting spammers as per the prescribed design parameters.
Did the additional line of code work for you also?
Thanks.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
I haven't had any spam submissions, since my testing on my test script on the 28th, on my three sites running the alpha of 7.6.0 ( UBBDev, A Gardeners Forum, and UGN Security).
|
|
|
|
Joined: Feb 2007
Posts: 1,294 Likes: 2
Veteran
|
Veteran
Joined: Feb 2007
Posts: 1,294 Likes: 2 |
I have had 2 spammers try to register but in my spam stuff I had not seen any submissions registered.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
There is a "PostToSFS" function in admin/test_stopforumspam.php file that needs to be updated as well; I've renamed this function for 760 and updated it as well in our main development pages so that it'll be pushed out to the beta group.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
0 members (),
502
guests, and
178
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|