Ejemplo n.º 1
0
 /**
  * Here we do the work
  */
 public function execute($comment)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $uid = $this->getUid();
     /**
      * Check for IP of url in blacklist
      */
     /*
      * regex to find urls $2 = fqd
      */
     $regx = '(ftp|http|file)://([^/\\s]+)';
     $num = preg_match_all("#{$regx}#", html_entity_decode($comment), $urls);
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='IPofUrl'", 1);
     $nrows = DB_numRows($result);
     $ans = PLG_SPAM_NOT_FOUND;
     for ($j = 1; $j <= $nrows; $j++) {
         list($val) = DB_fetchArray($result);
         for ($i = 0; $i < $num; $i++) {
             $ip = gethostbyname($urls[2][$i]);
             if ($val == $ip) {
                 $ans = PLG_SPAM_FOUND;
                 // quit on first positive match
                 $this->updateStat('IPofUrl', $val);
                 SPAMX_log($LANG_SX00['foundspam'] . $urls[2][$i] . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                 break;
             }
         }
         if ($ans == PLG_SPAM_FOUND) {
             break;
         }
     }
     return $ans;
 }
Ejemplo n.º 2
0
 /**
  * Here we do the work
  */
 public function execute($comment)
 {
     global $_CONF, $_TABLES, $_USER, $LANG_SX00;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='Personal'", 1);
     $nrows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace_callback('/&#(\\d+);/m', array($this, 'callbackDecimal'), $comment);
     // hex notation
     $comment = preg_replace_callback('/&#x([a-f0-9]+);/mi', array($this, 'callbackHex'), $comment);
     $ans = 0;
     for ($i = 1; $i <= $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         $val = str_replace('#', '\\#', $val);
         if (preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['foundspam'] . $val . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     return $ans;
 }
Ejemplo n.º 3
0
 /**
  * Disables a specified user
  *
  * @param    int $uid
  **/
 protected function disableUser($uid)
 {
     global $_TABLES, $_USER;
     $this->result = PLG_SPAM_ACTION_DELETE;
     DB_change($_TABLES['users'], 'status', USER_ACCOUNT_DISABLED, 'uid', $uid);
     SPAMX_log("User {$_USER['username']} banned for profile spam.");
 }
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_CONF, $_USER, $_TABLES, $LANG_SX00;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'MTBlacklist'", 1);
     $nrows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace('/&#(\\d+);/me', "chr(\\1)", $comment);
     // hex notation
     $comment = preg_replace('/&#x([a-f0-9]+);/mei', "chr(0x\\1)", $comment);
     $ans = 0;
     // Found Flag
     for ($i = 1; $i <= $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         if (@preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['fsc'] . $val . $LANG_SX00['fsc1'] . $uid . $LANG_SX00['fsc2'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     return $ans;
 }
 /**
  * Here we do the work
  *
  * @param  string $comment
  * @return int
  */
 public function execute($comment)
 {
     global $_TABLES, $_USER, $LANG_SX00, $LANG28;
     $uid = COM_isAnonUser() ? 1 : $_USER['uid'];
     // Get homepage URLs of all banned users
     $result = DB_query("SELECT DISTINCT homepage FROM {$_TABLES['users']} WHERE status = 0 AND homepage IS NOT NULL AND homepage <> ''");
     $numRows = DB_numRows($result);
     // named entities
     $comment = html_entity_decode($comment);
     // decimal notation
     $comment = preg_replace_callback('/&#(\\d+);/m', array($this, 'callbackDecimal'), $comment);
     // hex notation
     $comment = preg_replace_callback('/&#x([a-f0-9]+);/mi', array($this, 'callbackHex'), $comment);
     $ans = 0;
     for ($i = 0; $i < $numRows; $i++) {
         list($val) = DB_fetchArray($result);
         $val = str_replace('#', '\\#', $val);
         if (preg_match("#{$val}#i", $comment)) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['foundspam'] . $val . ' (' . $LANG28[42] . ')' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
             break;
         }
     }
     $this->result = $ans;
     return $ans;
 }
 function execute($comment)
 {
     global $result, $_CONF, $_TABLES, $LANG_SX00;
     $result = 128;
     // update count of deleted spam posts
     DB_change($_TABLES['vars'], 'value', 'value + 1', 'name', 'spamx.counter', '', true);
     SPAMX_log($LANG_SX00['spamdeleted']);
     return 1;
 }
 /**
  * Execute
  *
  * @param  $comment
  * @return int
  */
 public function execute($comment)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $this->result = PLG_SPAM_ACTION_DELETE;
     // update count of deleted spam posts
     $sql['mysql'] = "UPDATE {$_TABLES['vars']} " . "SET value = value + 1 " . "WHERE name = 'spamx.counter' ";
     $sql['pgsql'] = "UPDATE {$_TABLES['vars']} " . "SET value = CAST(value AS int) + 1 " . "WHERE name = 'spamx.counter' ";
     DB_query($sql);
     SPAMX_log($LANG_SX00['spamdeleted']);
     return PLG_SPAM_FOUND;
 }
Ejemplo n.º 8
0
 /**
  * Execute
  *
  * @param  string $comment
  * @return int
  */
 public function execute($comment)
 {
     global $result, $_CONF, $_TABLES, $LANG_SX00, $_USER;
     $url = COM_getCurrentURL();
     if (strpos($url, 'usersettings.php') !== false) {
         $this->result = PLG_SPAM_ACTION_DELETE;
         DB_change($_TABLES['users'], 'status', USER_ACCOUNT_DISABLED, 'uid', $_USER['uid']);
         SPAMX_log("User {$_USER['username']} banned for profile spam.");
     }
     return 1;
 }
Ejemplo n.º 9
0
/**
* Helper function for the curious: Log rejected trackbacks
*
* @param    string  $logmsg     Message to log
* @return   void
*
*/
function TRB_logRejected($reason, $url = '')
{
    global $_TRB_LOG_REJECTS;
    if ($_TRB_LOG_REJECTS) {
        $logmsg = 'Trackback from IP ' . $_SERVER['REMOTE_ADDR'] . ' rejected for ' . $reason . ', URL: ' . $url;
        if (function_exists('SPAMX_log')) {
            SPAMX_log($logmsg);
        } else {
            COM_errorLog($logmsg);
        }
    }
}
Ejemplo n.º 10
0
 /**
  * Here we do the work
  *
  * @param  string
  * @return int
  */
 public function execute($comment)
 {
     global $LANG_SX00;
     $ans = PLG_SPAM_NOT_FOUND;
     $uid = $this->getUid();
     $slv = new SLVbase();
     if ($slv->CheckForSpam($comment)) {
         $ans = PLG_SPAM_FOUND;
         SPAMX_log($LANG_SX00['foundspam'] . 'Spam Link Verification (SLV)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
     }
     // tell the Action module that we've already been triggered
     $GLOBALS['slv_triggered'] = true;
     return $ans;
 }
Ejemplo n.º 11
0
 /**
  * Check for spam links
  *
  * @param    string $post post to check for spam
  * @return   boolean         true = spam found, false = no spam
  *                        Note: Also returns 'false' in case of problems communicating with SLV.
  *                        Error messages are logged in Geeklog's error.log
  */
 public function CheckForSpam($post)
 {
     global $_SPX_CONF;
     $retval = false;
     if (empty($post)) {
         return $retval;
     }
     $links = $this->prepareLinks($post);
     if (empty($links)) {
         return $retval;
     }
     if (!isset($_SPX_CONF['timeout'])) {
         $_SPX_CONF['timeout'] = 5;
         // seconds
     }
     if ($this->_verbose) {
         SPAMX_log("Sending to SLV: {$links}");
     }
     $params = array(new XML_RPC_Value($links, 'string'));
     $msg = new XML_RPC_Message('slv', $params);
     $cli = new XML_RPC_Client('/slv.php', 'http://www.linksleeve.org');
     if ($this->_debug) {
         $cli->setDebug(1);
     }
     $resp = $cli->send($msg, $_SPX_CONF['timeout']);
     if (!$resp) {
         COM_errorLog('Error communicating with SLV: ' . $cli->getErrorString() . '; Message was ' . $msg->serialize());
     } else {
         if ($resp->faultCode()) {
             COM_errorLog('Error communicating with SLV. Fault code: ' . $resp->faultCode() . ', Fault reason: ' . $resp->faultString() . '; Message was ' . $msg->serialize());
         } else {
             $val = $resp->value();
             // note that SLV returns '1' for acceptable posts and '0' for spam
             if ($val->scalarval() != '1') {
                 $retval = true;
                 SPAMX_log("SLV: spam detected");
             } else {
                 if ($this->_verbose) {
                     SPAMX_log("SLV: no spam detected");
                 }
             }
         }
     }
     return $retval;
 }
Ejemplo n.º 12
0
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_USER, $LANG_SX00;
     $ans = 0;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     $slv = new SLVbase();
     if ($slv->CheckForSpam($comment)) {
         $ans = 1;
         SPAMX_log($LANG_SX00['foundspam'] . 'Spam Link Verification (SLV)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
     }
     // tell the Action module that we've already been triggered
     $GLOBALS['slv_triggered'] = true;
     return $ans;
 }
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_CONF, $_TABLES, $_USER, $LANG_SX00, $result;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     // get HTTP headers of the current request
     if (function_exists('getallheaders')) {
         $headers = getallheaders();
     } else {
         // if getallheaders() is not available, we have to fake it using
         // the $_SERVER['HTTP_...'] values
         $headers = array();
         foreach ($_SERVER as $key => $content) {
             if (substr($key, 0, 4) == 'HTTP') {
                 $name = str_replace('_', '-', substr($key, 5));
                 $headers[$name] = $content;
             }
         }
     }
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader'", 1);
     $nrows = DB_numRows($result);
     $ans = 0;
     for ($i = 0; $i < $nrows; $i++) {
         list($entry) = DB_fetchArray($result);
         $v = explode(':', $entry);
         $name = trim($v[0]);
         $value = trim($v[1]);
         $value = str_replace('#', '\\#', $value);
         foreach ($headers as $key => $content) {
             if (strcasecmp($name, $key) == 0) {
                 if (preg_match("#{$value}#i", $content)) {
                     $ans = 1;
                     // quit on first positive match
                     SPAMX_log($LANG_SX00['foundspam'] . $entry . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                     break;
                 }
             }
         }
     }
     return $ans;
 }
Ejemplo n.º 14
0
 function execute($comment)
 {
     global $result, $_CONF, $_USER, $LANG_SX00, $_SPX_CONF;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     $uid .= '@' . $_SERVER['REMOTE_ADDR'];
     $msg = sprintf($LANG_SX00['emailmsg'], $_CONF['site_name'], $uid, $comment);
     // Add headers of the spam post to help track down the source.
     // Function 'getallheaders' is not available when PHP is running as
     // CGI. Print the HTTP_... headers from $_SERVER array instead then.
     $msg .= "\n\n" . $LANG_SX00['headers'] . "\n";
     if (function_exists('getallheaders')) {
         $headers = getallheaders();
         foreach ($headers as $key => $content) {
             if (strcasecmp($key, 'Cookie') != 0) {
                 $msg .= $key . ': ' . $content . "\n";
             }
         }
     } else {
         foreach ($_SERVER as $key => $content) {
             if (substr($key, 0, 4) == 'HTTP') {
                 if ($key != 'HTTP_COOKIE') {
                     $msg .= $key . ': ' . $content . "\n";
                 }
             }
         }
     }
     $subject = sprintf($LANG_SX00['emailsubject'], $_CONF['site_name']);
     if (empty($_SPX_CONF['notification_email'])) {
         $email_address = $_CONF['site_mail'];
     } else {
         $email_address = $_SPX_CONF['notification_email'];
     }
     $to = array();
     $to = COM_formatEmailAddress('', $email_address);
     COM_mail($to, $subject, $msg);
     $result = 8;
     SPAMX_log('Mail Sent to Admin');
     return 0;
 }
Ejemplo n.º 15
0
 /**
  * Check for spam links
  *
  * @param    string  $post   post to check for spam
  * @return   boolean         true = spam found, false = no spam
  *
  * Note: Also returns 'false' in case of problems communicating with SFS.
  *       Error messages are logged in glFusion's error.log
  *
  */
 function CheckForSpam($post)
 {
     global $_SPX_CONF, $REMOTE_ADDR;
     $retval = false;
     $ip = $REMOTE_ADDR;
     if (empty($post) || $ip == '') {
         return $retval;
     }
     $arguments = array();
     $response = '';
     $http = new http_class();
     $http->timeout = 0;
     $http->data_timeout = 0;
     $http->debug = 0;
     $http->html_debug = 0;
     $http->user_agent = 'glFusion/' . GVERSION;
     $url = "http://www.stopforumspam.com/api";
     $requestArgs = '?f=serial&';
     if ($ip != '') {
         $requestArgs .= 'ip=' . $ip . '&';
     }
     $requestArgs .= 'cmd=display';
     $url = $url . $requestArgs;
     $error = $http->GetRequestArguments($url, $arguments);
     $error = $http->Open($arguments);
     $error = $http->SendRequest($arguments);
     if ($error == "") {
         $error = $http->ReadReplyBody($body, 1024);
         if ($error == "" || strlen($body) > 0) {
             $response = $response . $body;
             $result = @unserialize($response);
             if (!$result) {
                 return 0;
             }
             // invalid data, assume ok
             if (isset($result['ip']) && $result['ip']['appears'] == 1 && $result['ip']['confidence'] > (double) 25) {
                 $retval = true;
                 SPAMX_log("SFS: spam detected");
             }
         }
     }
     return $retval;
 }
Ejemplo n.º 16
0
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_USER, $LANG_SX00;
     $ans = 0;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     $sfs = new SFSbase();
     if ($sfs->CheckForSpam($comment)) {
         $ans = 1;
         SPAMX_log($LANG_SX00['foundspam'] . 'Stop Forum Spam (SFS)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
         SESS_setVar('spamx_msg', 'Failed Stop Forum Spam IP / username check');
     }
     // tell the Action module that we've already been triggered
     $GLOBALS['sfs_triggered'] = true;
     return $ans;
 }
Ejemplo n.º 17
0
 /**
  * Here we do the work
  */
 function execute($comment)
 {
     global $_USER, $_SPX_CONF, $LANG_SX00;
     if (!isset($_SPX_CONF['slc_max_links'])) {
         $_SPX_CONF['slc_max_links'] = 5;
     }
     $tooManyLinks = 0;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     $slc = new SLCbase();
     $linkCount = $slc->CheckForSpam($comment);
     if ($linkCount > $_SPX_CONF['slc_max_links']) {
         SPAMX_log($LANG_SX00['foundspam'] . 'Spam Link Counter (SLC)' . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
         $tooManyLinks = 1;
         SESS_setVar('spamx_msg', 'Too many links in post');
     }
     // tell the Action module that we've already been triggered
     $GLOBALS['slc_triggered'] = true;
     return $tooManyLinks;
 }
Ejemplo n.º 18
0
 /**
  * Check for spam links
  *
  * @param    string $post post to check for spam
  * @return   boolean         true = spam found, false = no spam
  *                        Note: Also returns 'false' in case of problems communicating with SNL.
  *                        Error messages are logged in Geeklog's error.log
  */
 public function CheckForSpam($post)
 {
     global $_SPX_CONF;
     $retval = false;
     if (!isset($_SPX_CONF['snl_enabled'])) {
         $_SPX_CONF['snl_enabled'] = false;
     }
     if (empty($post) || !$_SPX_CONF['snl_enabled']) {
         return $retval;
     }
     $links = $this->prepareLinks($post);
     if (empty($links)) {
         return $retval;
     }
     if (!isset($_SPX_CONF['snl_num_links'])) {
         $_SPX_CONF['snl_num_links'] = 5;
     }
     if ($links > $_SPX_CONF['snl_num_links']) {
         $retval = true;
         SPAMX_log('SNL: spam detected, found ' . $links . ' links.');
     }
     return $retval;
 }
Ejemplo n.º 19
0
 /**
  * Check for spam links
  *
  * @param    string  $post   post to check for spam
  * @return   boolean         true = spam found, false = no spam
  *
  * Note: Also returns 'false' in case of problems communicating with SFS.
  *       Error messages are logged in glFusion's error.log
  *
  */
 function CheckForSpam($post)
 {
     global $_SPX_CONF, $REMOTE_ADDR;
     require_once 'HTTP/Request2.php';
     $retval = false;
     $ip = $REMOTE_ADDR;
     if (empty($post) || $ip == '') {
         return $retval;
     }
     $request = new HTTP_Request2('http://www.stopforumspam.com/api', HTTP_Request2::METHOD_GET, array('use_brackets' => true));
     $url = $request->getUrl();
     $checkData['f'] = 'serial';
     if ($ip != '') {
         $checkData['ip'] = $ip;
     }
     $url->setQueryVariables($checkData);
     $url->setQueryVariable('cmd', 'display');
     try {
         $response = $request->send();
     } catch (Exception $e) {
         return 0;
     }
     $result = @unserialize($response->getBody());
     if (!$result) {
         return false;
     }
     // invalid data, assume ok
     if ($result['ip']['appears'] == 1 && $result['ip']['confidence'] > (double) 25) {
         $retval = true;
         SPAMX_log("SFS: spam detected");
     } else {
         if ($this->_verbose) {
             SPAMX_log("SFS: no spam detected");
         }
     }
     return $retval;
 }
Ejemplo n.º 20
0
 /**
  * Execute
  *
  * @param  string $comment
  * @return int
  */
 public function execute($comment)
 {
     global $_CONF, $LANG_SX00, $_SPX_CONF;
     $uid = $this->getUid() . '@' . $_SERVER['REMOTE_ADDR'];
     $msg = sprintf($LANG_SX00['emailmsg'], $_CONF['site_name'], $uid, $comment);
     // Add headers of the spam post to help track down the source.
     // Function 'getallheaders' is not available when PHP is running as
     // CGI. Print the HTTP_... headers from $_SERVER array instead then.
     $msg .= "\n\n" . $LANG_SX00['headers'] . "\n";
     if (function_exists('getallheaders')) {
         $headers = getallheaders();
         foreach ($headers as $key => $content) {
             if (strcasecmp($key, 'Cookie') != 0) {
                 $msg .= $key . ': ' . $content . "\n";
             }
         }
     } else {
         foreach ($_SERVER as $key => $content) {
             if (substr($key, 0, 4) == 'HTTP') {
                 if ($key != 'HTTP_COOKIE') {
                     $msg .= $key . ': ' . $content . "\n";
                 }
             }
         }
     }
     $subject = sprintf($LANG_SX00['emailsubject'], $_CONF['site_name']);
     if (empty($_SPX_CONF['notification_email'])) {
         $email_address = $_CONF['site_mail'];
     } else {
         $email_address = $_SPX_CONF['notification_email'];
     }
     COM_mail($email_address, $subject, $msg);
     $this->result = PLG_SPAM_ACTION_NOTIFY;
     SPAMX_log('Mail Sent to Admin');
     return PLG_SPAM_NOT_FOUND;
 }
Ejemplo n.º 21
0
 /**
  * Private internal method, this actually processes a given ip
  * address against a blacklist of IP regular expressions.
  *
  * @param   strint  $ip     IP address of comment poster
  * @return  int             0: no spam, else: spam detected
  * @access  private
  */
 function _process($ip)
 {
     global $_CONF, $_TABLES, $_USER, $LANG_SX00, $result;
     if (isset($_USER['uid']) && $_USER['uid'] > 1) {
         $uid = $_USER['uid'];
     } else {
         $uid = 1;
     }
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='IP'", 1);
     $nrows = DB_numRows($result);
     $ans = 0;
     for ($i = 0; $i < $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         $matches = false;
         if (strpos($val, '/') !== false) {
             $matches = $this->_matchCIDR($ip, $val);
         } elseif (strpos($val, '-') !== false) {
             $matches = $this->_matchRange($ip, $val);
         } else {
             $matches = preg_match("#{$val}#i", $ip) == 0 ? false : true;
         }
         if ($matches) {
             $ans = 1;
             // quit on first positive match
             SPAMX_log($LANG_SX00['foundspam'] . $val . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $ip);
             break;
         }
     }
     return $ans;
 }
 /**
  * Initial import of the MT Blacklist
  */
 function _initial_import()
 {
     global $_CONF, $_TABLES, $LANG_SX00, $_SPX_CONF;
     if (ini_get('allow_url_fopen')) {
         $blacklist = file($_SPX_CONF['mtblacklist_url']);
         $count = $this->_do_import($blacklist);
         if ($count > 0) {
             $display = sprintf($LANG_SX00['import_success'], $count);
             SPAMX_log($LANG_SX00['uMTlist'] . $LANG_SX00['uMTlist2'] . $count . $LANG_SX00['uMTlist3'] . '0' . $LANG_SX00['entries']);
         } else {
             $display = $LANG_SX00['import_failure'];
         }
     } else {
         // read blacklist from local file
         $fromfile = $_CONF['path_data'] . 'blacklist.txt';
         if (file_exists($fromfile)) {
             $blacklist = file($fromfile);
             $count = $this->_do_import($blacklist);
             if ($count > 0) {
                 $display = sprintf($LANG_SX00['import_success'], $count);
                 SPAMX_log($LANG_SX00['uMTlist'] . $LANG_SX00['uMTlist2'] . $count . $LANG_SX00['uMTlist3'] . '0' . $LANG_SX00['entries']);
             } else {
                 $display = $LANG_SX00['import_failure'];
             }
         } else {
             $display = sprintf($LANG_SX00['allow_url_fopen'], $_CONF['path_data']);
             $display .= '<p>' . COM_createLink($_SPX_CONF['mtblacklist_url'], $_SPX_CONF['mtblacklist_url']);
         }
     }
     // Import Personal Blacklist for existing users.
     $fromfile = $_CONF['path_html'] . 'spamx/blacklist.php';
     if (file_exists($fromfile)) {
         require_once $fromfile;
         $count = $this->_do_importp($SPAMX_BLACKLIST);
         $display .= $LANG_SX00['initial_Pimport'];
         if ($count > 0) {
             $display .= sprintf($LANG_SX00['import_success'], $count);
             SPAMX_log($LANG_SX00['uPlist'] . $LANG_SX00['uMTlist2'] . $count . $LANG_SX00['uMTlist3'] . '0' . $LANG_SX00['entries']);
         } else {
             $display .= $LANG_SX00['import_failure'];
         }
     }
     return $display;
 }
Ejemplo n.º 23
0
 /**
  * Private internal method, this actually processes a given ip
  * address against a blacklist of IP regular expressions.
  *
  * @param   strint  $ip     IP address of comment poster
  * @return  int             0: no spam, else: spam detected
  */
 private function _process($ip)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $uid = $this->getUid();
     /**
      * Include Blacklist Data
      */
     $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='IP'", 1);
     $nrows = DB_numRows($result);
     $ans = PLG_SPAM_NOT_FOUND;
     for ($i = 0; $i < $nrows; $i++) {
         list($val) = DB_fetchArray($result);
         $matches = false;
         if (strpos($val, '/') !== false) {
             $matches = $this->_matchCIDR($ip, $val);
         } elseif (strpos($val, '-') !== false) {
             $matches = $this->_matchRange($ip, $val);
         } else {
             $matches = preg_match("#^{$val}\$#i", $ip);
         }
         if ($matches) {
             $ans = PLG_SPAM_FOUND;
             // quit on first positive match
             $this->updateStat('IP', $val);
             SPAMX_log($LANG_SX00['foundspam'] . $val . $LANG_SX00['foundspam2'] . $uid . $LANG_SX00['foundspam3'] . $ip);
             break;
         }
     }
     return $ans;
 }
Ejemplo n.º 24
0
 /**
  * Deletes a given comment
  * (lifted from comment.php)
  * @param    int         $cid    Comment ID
  * @param    string      $sid    ID of object comment belongs to
  * @param    string      $type   Comment type (e.g. article, poll, etc)
  * @return   string      Returns string needed to redirect page to right place
  *
  */
 public function delcomment($cid, $sid, $type)
 {
     global $_CONF, $_TABLES, $LANG_SX00;
     $type = COM_applyFilter($type);
     $sid = COM_applyFilter($sid);
     switch ($type) {
         case 'article':
             $has_editPermissions = SEC_hasRights('story.edit');
             $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
             $A = DB_fetchArray($result);
             if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) {
                 CMT_deleteComment(COM_applyFilter($cid, true), $sid, 'article');
                 $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array($sid, 'article'));
                 DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
             } else {
                 COM_errorLog("User {$_USER['username']} (IP: {$_SERVER['REMOTE_ADDR']}) tried to illegally delete comment {$cid} from {$type} {$sid}");
             }
             break;
         default:
             // assume plugin
             PLG_commentDelete($type, COM_applyFilter($cid, true), $sid);
             break;
     }
     SPAMX_log($LANG_SX00['spamdeleted']);
 }
 /**
  * Deletes a given trackback comment
  *
  * @param    int         $cid    Comment ID
  * @param    string      $sid    ID of object comment belongs to
  * @param    string      $type   Comment type (e.g. article, poll, etc)
  * @return   void
  *
  */
 function deltrackback($cid, $sid, $type)
 {
     global $_TABLES, $LANG_SX00;
     if (TRB_allowDelete($sid, $type)) {
         TRB_deleteTrackbackComment($cid);
         if ($type == 'article') {
             $tbcount = DB_count($_TABLES['trackback'], array('type', 'sid'), array('article', $sid));
             DB_query("UPDATE {$_TABLES['stories']} SET trackbacks = {$tbcount} WHERE sid = '{$sid}'");
         }
         SPAMX_log($LANG_SX00['spamdeleted']);
     }
 }
Ejemplo n.º 26
0
 /**
  * Private internal method, this actually processes a given ip
  * address against a blacklist of IP regular expressions.
  *
  * @param   strint  $ip     IP address of comment poster
  * @return  int             0: no spam, else: spam detected
  * @access  private
  */
 function _process($type, $email = '', $ip = '', $username = '')
 {
     global $_TABLES, $_SPX_CONF, $LANG_SX00;
     if (!isset($_SPX_CONF['sfs_username_confidence'])) {
         $_SPX_CONF['sfs_username_confidence'] = (double) 99.0;
     }
     if (!isset($_SPX_CONF['sfs_email_confidence'])) {
         $_SPX_CONF['sfs_email_confidence'] = (double) 50.0;
     }
     if (!isset($_SPX_CONF['sfs_ip_confidence'])) {
         $_SPX_CONF['sfs_ip_confidence'] = (double) 25.0;
     }
     $arguments = array();
     $response = '';
     $http = new http_class();
     $http->timeout = 0;
     $http->data_timeout = 0;
     $http->debug = 0;
     $http->html_debug = 0;
     $http->user_agent = 'glFusion/' . GVERSION;
     $url = "http://www.stopforumspam.com/api";
     $requestArgs = '?f=serial&';
     if ($ip != '') {
         $requestArgs .= 'ip=' . $ip . '&';
     }
     if ($email != '') {
         $requestArgs .= 'email=' . urlencode($email) . '&';
     }
     if ($username != '') {
         $requestArgs .= 'username='******'&';
     }
     $requestArgs .= 'cmd=display';
     $url = $url . $requestArgs;
     $error = $http->GetRequestArguments($url, $arguments);
     $error = $http->Open($arguments);
     $error = $http->SendRequest($arguments);
     if ($error == "") {
         $error = $http->ReadReplyBody($body, 1024);
         if ($error != "" || strlen($body) == 0) {
             return 0;
         }
         $response = $response . $body;
         $result = @unserialize($response);
         if (!$result) {
             return 0;
         }
         // invalid data, assume ok
         if (isset($result['ip']) && $result['ip']['appears'] == 1) {
             if ($result['ip']['confidence'] > (double) $_SPX_CONF['sfs_ip_confidence']) {
                 SPAMX_log($type . ' - Found ' . $type . ' matching ' . 'Stop Forum Spam (SFS)' . 'for IP ' . $ip . ' with confidence level of ' . $result['ip']['confidence'] . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                 return 1;
             } else {
                 COM_errorLog("Spamx: SFS found match on IP, but confidence level was only " . $result['ip']['confidence']);
             }
         }
         if (isset($result['email']) && $result['email']['appears'] == 1) {
             if ($result['email']['confidence'] > (double) $_SPX_CONF['sfs_email_confidence']) {
                 SPAMX_log($type . ' - Found ' . $type . ' matching ' . 'Stop Forum Spam (SFS)' . 'for email ' . $email . ' with confidence level of ' . $result['email']['confidence'] . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                 return 1;
             }
         }
         if (isset($result['username']) && $result['username']['appears'] == 1) {
             if ($result['username']['confidence'] > (double) $_SPX_CONF['sfs_username_confidence']) {
                 SPAMX_log($type . ' - Found ' . $type . ' matching ' . 'Stop Forum Spam (SFS)' . 'for username ' . $username . ' with confidence level of ' . $result['username']['confidence'] . $LANG_SX00['foundspam3'] . $_SERVER['REMOTE_ADDR']);
                 return 1;
             }
         }
         // Passed the checks
         return 0;
     }
     return 0;
 }
Ejemplo n.º 27
0
 /**
  * Check if spam IP
  *
  * @param    string  $post   post to check for spam
  * @return   boolean         true = spam found, false = no spam
  *
  * Note: Also returns 'false' in case of problems communicating with SFS.
  *       Error messages are logged in Geeklog's error.log
  *
  */
 function CheckForSpam($post)
 {
     global $_SPX_CONF, $_TABLES;
     if (!isset($_SPX_CONF['sfs_enabled'])) {
         $_SPX_CONF['sfs_enabled'] = false;
     }
     if (!$_SPX_CONF['sfs_enabled']) {
         return PLG_SPAM_NOT_FOUND;
         // invalid data, assume ok
     }
     if (!$_SPX_CONF['sfs_confidence']) {
         $_SPX_CONF['sfs_enabled'] = 25;
     }
     if (!isset($_SPX_CONF['timeout'])) {
         $_SPX_CONF['timeout'] = 5;
         // seconds
     }
     $ip = $_SERVER['REMOTE_ADDR'];
     $query = "http://www.stopforumspam.com/api?f=serial&ip={$ip}";
     require_once 'HTTP/Request.php';
     $req = new HTTP_Request($query, array('timeout' => $_SPX_CONF['timeout']));
     if ($this->_verbose) {
         SPAMX_log('Sending to SFS: ' . $query);
     }
     if ($req->sendRequest() === TRUE) {
         $result = $req->getResponseBody();
         if ($result === FALSE) {
             return PLG_SPAM_NOT_FOUND;
             // Response body is not set, assume ok
         }
         $result = unserialize($result);
         if (!$result) {
             if ($this->_verbose) {
                 SPAMX_log("SFS: no spam detected");
             }
             return PLG_SPAM_NOT_FOUND;
             // Invalid data, assume ok
         }
     } else {
         return PLG_SPAM_NOT_FOUND;
         // PEAR Error, assume ok
     }
     if (!$result) {
         return PLG_SPAM_NOT_FOUND;
     }
     // invalid data, assume ok
     if ($result['ip']['appears'] == 1 && $result['ip']['confidence'] > (double) $_SPX_CONF['sfs_confidence']) {
         $retval = PLG_SPAM_FOUND;
         SPAMX_log("SFS: spammer IP detected: " . $ip);
         // Add IP to SFS IP list... assuming sfs runs after ip check so no dups
         // Double Check for IP address just in case
         $db_ip = DB_escapeString($ip);
         $result = DB_query("SELECT value FROM {$_TABLES['spamx']}\n                    WHERE name='IP' AND value='{$db_ip}'", 1);
         if (DB_numRows($result) == 0) {
             // Not in db so add
             $timestamp = DB_escapeString(date('Y-m-d H:i:s'));
             $sql = "INSERT INTO {$_TABLES['spamx']} (name, value, regdate)\n                        VALUES ('IP', '{$db_ip}', '{$timestamp}')";
             DB_query($sql);
         }
     } else {
         if ($this->_verbose) {
             SPAMX_log("SFS: spammer IP not detected: " . $ip);
         }
     }
     return $retval;
 }
Ejemplo n.º 28
0
 /**
  * Private internal method,
  *
  * @param   string  $email  Email address of user
  * @param   string  $ip     IP address of user
  * @return  int             0: no spam, else: spam detected
  */
 private function _process($email, $ip)
 {
     global $_TABLES, $LANG_SX00, $_SPX_CONF;
     if (!isset($_SPX_CONF['sfs_enabled'])) {
         $_SPX_CONF['sfs_enabled'] = false;
     }
     if (!$_SPX_CONF['sfs_enabled']) {
         return PLG_SPAM_NOT_FOUND;
         // invalid data, assume ok
     }
     if (!$_SPX_CONF['sfs_confidence']) {
         $_SPX_CONF['sfs_enabled'] = 25;
     }
     if (!isset($_SPX_CONF['timeout'])) {
         $_SPX_CONF['timeout'] = 5;
         // seconds
     }
     $db_email = DB_escapeString($email);
     $db_ip = DB_escapeString($ip);
     //  Include Blacklist Data
     //  Check for IP address
     $result = DB_query("SELECT name, value FROM {$_TABLES['spamx']}\n                WHERE name='IP' AND value='{$db_ip}'\n                OR name='email' AND value='{$db_email}'", 1);
     if (DB_numRows($result) > 0) {
         list($name, $value) = DB_fetchArray($result);
         $timestamp = DB_escapeString(date('Y-m-d H:i:s'));
         DB_query("UPDATE {$_TABLES['spamx']} SET counter = counter + 1, regdate = '{$timestamp}' WHERE name='" . DB_escapeString($name) . "' AND value='" . DB_escapeString($value) . "'", 1);
         return PLG_SPAM_FOUND;
     }
     $em = urlencode($email);
     $query = "http://www.stopforumspam.com/api?f=serial&email={$em}";
     if (!empty($ip)) {
         $query .= "&ip={$ip}";
     }
     require_once 'HTTP/Request.php';
     $req = new HTTP_Request($query, array('timeout' => $_SPX_CONF['timeout']));
     if ($this->_verbose) {
         SPAMX_log('Sending to SFS: ' . $query);
     }
     if ($req->sendRequest() === TRUE) {
         $result = $req->getResponseBody();
         if ($result === FALSE) {
             return PLG_SPAM_NOT_FOUND;
             // Response body is not set, assume ok
         }
         $result = unserialize($result);
         if (!$result) {
             if ($this->_verbose) {
                 SPAMX_log("SFS: no spam detected");
             }
             return PLG_SPAM_NOT_FOUND;
             // Invalid data, assume ok
         }
     } else {
         return PLG_SPAM_NOT_FOUND;
         // PEAR Error, assume ok
     }
     if (!$result) {
         return PLG_SPAM_NOT_FOUND;
     }
     // invalid data, assume ok
     if (isset($result['email']) && $result['email']['appears'] == 1 && $result['email']['confidence'] > (double) $_SPX_CONF['sfs_confidence'] || $result['ip']['appears'] == 1 && $result['ip']['confidence'] > (double) $_SPX_CONF['sfs_confidence']) {
         $timestamp = DB_escapeString(date('Y-m-d H:i:s'));
         if (isset($result['email']) && $result['email']['appears'] == 1 && $result['email']['confidence'] > (double) $_SPX_CONF['sfs_confidence']) {
             $value_arr[] = "('email', '{$db_email}', '{$timestamp}')";
         }
         if ($result['ip']['appears'] == 1 && $result['ip']['confidence'] > (double) $_SPX_CONF['sfs_confidence']) {
             $value_arr[] = "('IP', '{$db_ip}', '{$timestamp}')";
         }
         $values = implode(',', $value_arr);
         $sql = "INSERT INTO {$_TABLES['spamx']} (name, value, regdate)\n                    VALUES {$values}";
         DB_query($sql);
         $log_msg = sprintf($LANG_SX00['email_ip_spam'], $email, $ip);
         SPAMX_log($log_msg);
         return PLG_SPAM_FOUND;
     } else {
         if ($this->_verbose) {
             SPAMX_log("SFS: spammer IP not detected: " . $ip . " Spammer email not detected: " . $email);
         }
     }
     // Passed the checks
     return PLG_SPAM_NOT_FOUND;
 }