I don't know if anybody else is experiencing this. I got my shoutbox working and was spam free for about a whole week. Then of course the bastards found me.
So i turned it to members only can shout. When i am not logged in you can see the shouts, but there is no shout form or submit button, so i figured all was good since visitors now can't get to the shoutbox.
Today when i looked i had viagra crap all over the place, about 15 entries of it. I double checked and it is members only. I have now deleted them all, but any idea how they might do this? I checked in the tables too to see if they had joined as members and then spammed and that was not the case, they had guest id's.
Any idea how to prevent this happening?
thanks
jacci
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Do you have the captcha turned on? If not, I'd enable that. (Though, I don't use the shoutbox, so you'll want to make sure it requires authentication for that block.)
I do have captcha enabled, although i am unsure how to make it come on the shoutbox. The only options in the shout block are for time and date formatting and allow guests to shout.
But if i have it turned off so visitors cant post in the shout, i assumed that woudl mean that you woudl have to be a logged on member to be able to post at all. when i am not logged in, all i see are the shouts, i cant see a form to post the shout in. So i am puzzled just how the hell they are doing it.
Since i turned it to members only, i have deleted probably about 30 spams tonight alone.
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
I've had spam problems on my site (ridiculous ones, since no one can post links in it and it screens out the code), and changing it so that members only can post seemed to take care of it. I do use the captcha for new registrations and anon reviews..
In the shoutbox, member names should show up as links. Visitors names should not be links. Try clicking on the spammer's name next time before you delete them. (I just looked at your site and it doesn't look like a link. I am not logged in, and I don't see boxes to post anything).
Maybe your changes didn't take. Check your database.
Did you modify your shoutbox in any way? If I were you, I would reupload the shoutbox folder.
Or there might be a bug, but when I switched mine to members only, it solved the problem.
Maybe you should try changing your database password or something, just in case.
Whoever said nothing is impossible never tried slamming a revolving door.
url: https://www.potionsandsnitches.org/fanfiction
php: 7.4.33 msql: 5.6.51-community GPL
efic version: 3.5.5 latest patches: yes
bridges: none mods: challenges, tracker, story end, beta, word
I checked my tables and in block_variables for the shoutbox i have
a:3:{s:9:"shoutdate";s:9:"m-d-y G:i";s:10:"shoutlimit";s:2:"15";s:11:"guestshouts";i:0;}
and my block status is 2
for that to not allow guest shouts is that reading correctly, i am not sure what it is supposed to actually say, although i am guessing the 0 means no shout for guests.
i am going to upload the folder again and see if that helps.
thanks, will let you know if that fixes thigns.
jacci
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Mine:
a:3:{s:9:"shoutdate";s:9:"m-d-y G:i";s:10:"shoutlimit";s:2:"15";s:11:"guestshouts";i:0;}
a:3:{s:9:"shoutdate";s:12:"M j, Y h:i a";s:10:"shoutlimit";s:2:"10";s:11:"guestshouts";i:0;}
Yours.
They look similar.
In the admin Site Settings I have:
Use captcha verification: Yes
In my datatabase, captcha has the setting "1" in the settings table.
Whoever said nothing is impossible never tried slamming a revolving door.
url: https://www.potionsandsnitches.org/fanfiction
php: 7.4.33 msql: 5.6.51-community GPL
efic version: 3.5.5 latest patches: yes
bridges: none mods: challenges, tracker, story end, beta, word
I have my captcha set to on in admin and have just checked table and it is one.
the only thing i have messed with in the shoutbox.php is adding an extra line break so there is a space between each consecutive shout, but that is it.
i am thinking to just can the whole thing i think cos right now i am deleting viagra crap every 5 mins and it is driving me totally insane.
sniffers π‘ took me soo long to get the damn thing workign too and now i am going to throw it away.
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Aw, i'm sorry. π
It's pretty strange that visitors can post still though. Check your online info and see if you can get the IP info of the person on... try blocking them.
Whoever said nothing is impossible never tried slamming a revolving door.
url: https://www.potionsandsnitches.org/fanfiction
php: 7.4.33 msql: 5.6.51-community GPL
efic version: 3.5.5 latest patches: yes
bridges: none mods: challenges, tracker, story end, beta, word
I never added captcha to the shoutbox. I'm doing it now for the next update. It's probably a bot posting from an offsite form.
Ah that was my theory, i had the issue for a week, but he left eventually. Your filter works great ^^. Thanks for the update.
I am rebuilding efiction! Join us on irc! #efiction at
I have set it now to inactive, yet i am still getting spammed like crazy. I am just deleting them by the options in the blocks page at the moment to keep it under control.
Should i delete the shoutbox files in blocks in order to stop this? And then perhaps just reload it again later, leave the tables intact?
thanks
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Try this as an interim solution. Open blocks/shoutbox/shoutbox.php and find this line.
if(isset($_POST['shout'])) {
Change it to:
if(isset($_POST['shout']) && $loggedin) {
That should keep shouts from being sent if someone's not logged in.
thanks tammy, have made the modifications and i will let you know how it goes.
Found and deleted about 50 this morning, despite being inactive. Death to all spammers and hackers i say!!!!
Hopefully all will be good now.
thanks
jacci
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Update:
that modification seems to be doing jsut fine tammy.
i was averaging probably 10 spams per hour and it has been over 12 hours now and not a single one π
you are a genius
thanks
jacci
why is nothing ever easy?
url: http://www.pretendercentre.com/missingpieces/
php: 5.2.5 msql: 5.0.45-community
efic version: 3.4.3 latest patches: yes
bridges: none mods: challenges, displayword, beta-search
Hi
is there something to add captcha to the shout box php if u r not logged in please. I have set it for guests as it is just for
my own stuff to be hosted.
I turned it on in the admin.
thanks Kate
