...

View Full Version : Resolved Shoutbox anti-spam



[vengeance]
09-05-2009, 12:53 AM
Hello.

I've coded a shoutbox for my webpage. It has several features like a bot speaking, quiz-system, coin drop, etc.
However - there's always these annoying people who keep spamming on the shoutbox with nonsense. Like, "ajsdiahdgisdigsjasdioajd" in 20 different posts.

They do this to either annoy the hell out of other people or get a higher post count. How can I prevent this?

I have one theory only, but I don't know how to start off.

- Check how many posts the user has posted within the last 5 seconds. (Can be bypassed if the user writes each message with a certain delay?)

I've also prevented users from posting messages which was the same as their last post. Like if they lag and they press enter twice or more, it'll only add one input to the database.

So any help please?

funnymoney
09-05-2009, 12:56 AM
simplest thing would be that active users have ignore button, so they can ignore another chatter

[vengeance]
09-05-2009, 12:58 AM
That doesn't help much with the post counter I have.

I forgot to mention I want to kick the user automatically out of the community (logging out) or mute them with a function of mine, which lasts for 10 minutes.

ckeyrouz
09-05-2009, 01:01 AM
How is the connection done from client to server?

funnymoney
09-05-2009, 01:03 AM
is there a way to see that community and all those bunch of spamers you worry about

[vengeance]
09-05-2009, 01:06 AM
How is the connection done from client to server?

Sorry, what? I'm not following.


is there a way to see that community and all those bunch of spamers you worry about

This is a new reopened project. The old one died because of lack of activity. And without anyone being online, some dudes log on to spam for a higher post count.

ckeyrouz
09-05-2009, 01:22 AM
I mean technically wise, what is the type of connection between the client and the server, what the nature of the objects that are being shared between client and server.

Am trying to know how the connection is made so I can try to help.

[vengeance]
09-05-2009, 01:24 AM
I mean technically wise, what is the type of connection between the client and the server, what the nature of the objects that are being shared between client and server.

Am trying to know how the connection is made so I can try to help.

Still, I'm not following. *shrug*

All I can say is it's running through simple HTML forms and working with my MySQL database.

And I have to go to bed now, so if you'd please help me out I'll get back to you asap. when I wake up! :thumbsup:

funnymoney
09-05-2009, 01:25 AM
;861701']This is a new reopened project. The old one died because of lack of activity. And without anyone being online, some dudes log on to spam for a higher post count.

don't worry about spamers or "false" users. i mean, that is internet's problem since 1990's, back a millennium ago. you need to find a way to check weather a true person is sitting back at the old PC (like using Captcha) or something similar that requires extra clients hand-ear-eye-finger coordination, plus checking for valid e-mail source etc..

but all in all, spam is sometimes welcome. i noticed quite ammount of new "intelligent" spam, that can help your dead website become more popular because ppl actualy think that there is some action going around there :D

ckeyrouz
09-05-2009, 01:27 AM
So try saving the sessionId in the database as well.
And then once you have the sessionId you can simply invalidate the session.

funnymoney
09-05-2009, 01:34 AM
i'm trying to save few beers in me self, but i still don't follow.

i have phpbb3 bulletin board, that with even lates updates has some spammers noising around. but who cares. i go on that forum a day or to for damage report, and worst thing i could see is maybe 10-20 viagra or similar stupid topics..

who cares, ppl of internet are aware of all this crazy crap going around with bots, spammers, etc, and i belive that they kinda shouln't care abouta spammer or two

ckeyrouz
09-05-2009, 01:51 AM
You are right about what you are saying, funnymoney.
What I am trying to do is help [vengence] do what he wants to do, that's it.

On the other hand I agree with you totally.

funnymoney
09-05-2009, 02:02 AM
On the other hand I agree with you totally.

maybe he agrees with us, and we will help him! :)

ckeyrouz
09-05-2009, 02:07 AM
Lol :d

[vengeance]
09-05-2009, 11:55 AM
I'm not looking to just ignore the spammers. They're enemies to me, and they need to be punished.

I just want to check, if they've written several messages within a few seconds - if true then auto-kick/mute the user.

That's really what I'm looking for.

funnymoney
09-05-2009, 01:23 PM
oh, so flooding is your problem :)

well, just add the time combined with user shouted. if time is less then 5 seconds, then consider it flooding...

funnymoney
09-05-2009, 01:55 PM
flood.php

<?php
session_start();

if (empty($_SESSION['time'])) {
$_SESSION['time'] = time();
}

if (time() - $_SESSION['time'] >= 10) {
print "you refreshed in more then 10 time()<br>";
unset($_SESSION['time']);
}
else {
print "you refreshed in less then 10 time()<br>";
}
if (!empty($_SESSION['time'])) {
print $_SESSION['time']."<br>";
}
print time()."<br>";
?>
<a href="flood.php">REFRESH</a>

Saturday, so i had some spare time :)

[vengeance]
09-05-2009, 02:14 PM
flood.php

<?php
session_start();

if (empty($_SESSION['time'])) {
$_SESSION['time'] = time();
}

if (time() - $_SESSION['time'] >= 10) {
print "you refreshed in more then 10 time()<br>";
unset($_SESSION['time']);
}
else {
print "you refreshed in less then 10 time()<br>";
}
if (!empty($_SESSION['time'])) {
print $_SESSION['time']."<br>";
}
print time()."<br>";
?>
<a href="flood.php">REFRESH</a>

Saturday, so i had some spare time :)

Yeah, sorry. Should've been "flood" then. xd

I made something along with that today. Log all the shouts in the database and check if the user has posted 4 shouts or more within 3 seconds.

If so then auto-kick, and it is logged as a kick in another table.
If they spam again, another kick.
Again, kick.

But on the 4th time it's auto-mute on 10 minutes.

However this can be bypassed if typed slowly, but still considered as nonsense shouts just to get a higher post count. Do you have any suggestions against this, or should I just stick with my manual functions for me and my moderators? (:kick/:mute)

funnymoney
09-05-2009, 02:43 PM
no, out of ideas. i guess, you could add ignore button for regular users, incase there are no moderators around. but if there are any mods around then it means The Thing is alive :)

[vengeance]
09-05-2009, 03:06 PM
no, out of ideas. i guess, you could add ignore button for regular users, incase there are no moderators around. but if there are any mods around then it means The Thing is alive :)

Alright thanks for your help.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum