Mod/Hack: Adding Akismet spam-checking to Coppermine commenting - Page 4 Mod/Hack: Adding Akismet spam-checking to Coppermine commenting - Page 4
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Mod/Hack: Adding Akismet spam-checking to Coppermine commenting

Started by pharaohweb, July 13, 2006, 07:09:05 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

fcollingwood

Revisited over the weekend, and have hacked Coppermine to death. Unfortunately, I haven't pluginised the hacks, but if you understand PHP, and are able to alter MySQL tables, you should be able to install it.

Hack Features:
Spam comments are added into the comment DB table, but are not displayed.
You can report false negatives to Akismet
You can report false positives to Akismet
You can submit abuse reports and delete the spam at the click of a button.

Can be found here

fcollingwood

And now here's an even easier way to block spam......

Just add this directly after the include/require (Or function, if you have them) declarations in db_input.php:

if(preg_match(/"db_input.php"/,$_SERVER['HTTP_REFERER'])) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);


As the spammers generally just call db_input.php with the POST variables set, the referer is usualy <gallery url>/db_input.php (if the gallery is used as it should be, the referer will be displayimage.php)

This is a much easier to implement hack, downside is, there is no reporting; with my previous hack, I've been annoying a prolific spammer over the last few days, as every abuse report has been ending up in their email inbox over the last few days, as the reports are emailed to the domain registrant. They've now blocked mail from my mailserver  ;D. It's also caused >20 of their sites to be taken down, and also 6 compromised spambots have been fixed

Joachim Müller

Downside: legitimate users (non-spammers) who run a privacy app like Norton Internet Security will not have the referer var populated and therefor will fail to be able to post comments without an error message.

fcollingwood

Should be ok - it tests for the presence of "db_input.php" in the referer var, and blocks if it finds it. If the variable is empty, everything will proceed as normal.

It does work, I'm running NIS, and I can post on my gallery.........

Joachim Müller

Spammers will adopt to this technique pretty fast and not send a referer then.

fcollingwood

Ah well - there's the rest of the hack then (Moved all of the spam related functions to a single include today)......either way, I've gone from lots of spam to nothing, while still getting legitimate comments.

Anrulz

Hi guys I think after installing akismet I am not able to upload any pictures.
Test user: Boramir:12345678

I live in germany so the site is also in german I want to make it english but I cant after setting up to english it becomes german again my english better than german how can I use it always english ?

Anrulz

I cant see edit ...

www.hababam.biz/galeri is my gallery

Anrulz

Hi guys I think after installing akismet I am not able to upload any pictures.
Test user: Boramir:12345678
www.hababam.biz/galeri

I live in germany so the site is also in german I want to make it english but I cant after setting up to english it becomes german again my english better than german how can I use it always english ?

Thanks a lot appreciated.

Anrulz

GauGau sorry for cross posting , it is an upload problem actually so I wanted to open a thread there as well , did you understand the problem ?

Anrulz

Can somebody please tell me how do I delete this akismet thing and return my gallery back to old values because it is non sense anymore because spam bots are spamming like hell...So that at least I can upload pictures again ...

Joachim Müller


michiel

Hi,
After attempts to include Captcha in my album (http://lorelei.dwaalgasten.nl/frummel/index.php the conclusion appeared to be, unfortunately, that my hosting firm does not support it. Now I have turned to Askimet. However, I just get the white page, and the db_input.php page. At the forum several sollutions are suggested; this is what I have done sofar:
- I use Coppermine 1.4.8 and PHP4
- I have today downloaded the latest askimet.class.php file, and included in the root folder
- I have included Vody's (reply 25) suggestion; result is the white page
- I have included fcollingwood' suggestions (reply 54 and next 56): still the white page
Any other suggestions, please?
Thanks!

Joachim Müller

Quote from: michiel on May 12, 2007, 01:01:26 PM
- I use Coppermine 1.4.8
May or may not be related, but upgrading to the most recent stable release (currently cpg1.4.10) is absolutely mandatory no matter what.

JLB

First, thanks very much to everyone involved in creating and refining this hack. I'm using fcollingwood's file with Coppermine 1.4.10 and installation was (or seemed to be) a snap.

I have some issues that I hope are minor, but I'd like to try to solve them myself before posting for help.  What I want to know is what logfiles would be associated with the actions taken by the hack code?  I'd like to see if I can find that I've made a simple error just by reading those logs.

(It seems to detect spam properly -- my "new comments" email indeed appends the fact that the comment has been marked as spam.  However, the comments are still visible to users.  Also, "Report and Delete" seems to hang, with no effect that I can tell.)

Thanks,
Joe

JLB

^^OK, I've solved my problem, and this may help others as well.

I was only looking at the "Last Comments" page as an anonymous user to determine whether it was working properly.  What I eventually figured out was that it WAS blocking spam comments from being shown with individual pictures, but not on the "Last Comments" page.

Since this is the page my wife tends to view most often, it was important to me to get this fixed.

****************************
DISCLAIMER:
I'm NOT a PHP or SQL Expert. 
I'm NOT EVEN a PHP noob.
The only testing that was done was that this fixed MY problem on MY Coppermine 1.4.10 install.
****************************

It appears that the comments shown on the "Last Comments" page are queried from the section of code that begins on Line 963 of functions.inc.php (in /include)

I made very minor changes to two queries in this section, and it seems to have fixed the problem.

The first is on Line 979

The ORIGINAL, UMODIFIED QUERY:
$query = "SELECT COUNT(*) from {$CONFIG['TABLE_COMMENTS']}, {$CONFIG['TABLE_PICTURES']}  WHERE approved = 'YES' AND {$CONFIG['TABLE_COMMENTS']}.pid = {$CONFIG['TABLE_PICTURES']}.pid $TMP_SET $keyword)";

All I did was ad an "AND" to check that is_spam=0.  If you don't change this query, your spam comments will still be masked, but it will count ALL the records, and show you empty pages where the spam comments would be.

Modify the above query to match this:
$query = "SELECT COUNT(*) from {$CONFIG['TABLE_COMMENTS']}, {$CONFIG['TABLE_PICTURES']}  WHERE approved = 'YES' AND {$CONFIG['TABLE_COMMENTS']}.is_spam = 0 AND {$CONFIG['TABLE_COMMENTS']}.pid = {$CONFIG['TABLE_PICTURES']}.pid $TMP_SET $keyword)";


One more query to do.  It's on line 993.  This is the one that actually loads the comments (vs counting the comments it intends to load).

This is the ORIGINAL, UNMODIFIED QUERY:
$query = "SELECT $select_columns FROM {$CONFIG['TABLE_COMMENTS']} as c, {$CONFIG['TABLE_PICTURES']} as p WHERE approved = 'YES' AND c.pid = p.pid $TMP_SET $keyword) ORDER by msg_id DESC $limit";

Again, I just added an AND.  Modify it to match this:
$query = "SELECT $select_columns FROM {$CONFIG['TABLE_COMMENTS']} as c, {$CONFIG['TABLE_PICTURES']} as p WHERE approved = 'YES' AND c.pid = p.pid AND c.is_spam = 0 $TMP_SET $keyword) ORDER by msg_id DESC $limit";

I don't know enough to know whether it will be in exactly the same place on every install, nor whether functions.inc.php is the same on every 1.4.10 install, so that's why I thought it would be better to just post exactly what I did.  It does, however, work.

Joe

JLB

^^ And just one more note.  If it wasn't clear from my post, the changes I posted are to be done in addition to application of fcollingwood's hack, which is linked at the top of page 4 of this thread.  I intend to keep a copy of his files, so if he removes hosting at some point, PM me and I will provide his files + my changes.

Joe

fcollingwood

Thanks for tidying up the loose ends there Joe - Glad the hack helped.

fcollingwood

Here is a source of comment spam:

http://www.netgainhosting.net/

As you can see, they make mention of rover-host.com, a spammer friendly hosting outfit. I've had quite a few attempts at spamming originate from their hosts, which are 64.22.110.34 and 64.22.110.35.

I spoke nicely to the abuse department of my hosting company, they went and had a look, and have now configured their firewalls to drop incoming traffic from these two hosts. You may want to do the same.

deandre81

is any of this up to date cause i got the akismet but it only comes as a 28kb file named "akismet.php" along with a gif image file "akismet.gif"
version 2.0
or have i downloaded the wrong thing....
because i get a blank screen in firefox but get this error in explorer
Fatal error: Call to undefined function: add_action() in /home/content/d/e/a/deandre81/html/coppermine/akismet.php on line 25