/** * Check the trackback for spam (currently using Hardened Trackback if enabled). * * @return void */ function killtrackbackspam() { global $Pivot_Vars, $Paths, $Cfg; // Do nothing if hardened trackback isn't enabled. if ($Cfg["hardened_trackback"] != 1) { return true; } $keydir = $Paths["pivot_path"] . "db/tbkeys/"; if (strlen($Pivot_Vars["key"]) < 32) { logspammer('tampered key: invalid length', "htrackback", urldecode($Pivot_Vars['url'])); exit; } else { if (!preg_match('/^[a-f0-9]{32}$/', $Pivot_Vars["key"])) { logspammer('tampered key: invalid characters found', "htrackback", urldecode($Pivot_Vars['url'])); exit; } if (file_exists($keydir . $Pivot_Vars["key"])) { $offset = timediffwebfile(); if (time() - filectime($keydir . $Pivot_Vars["key"]) > 900 + $offset) { @unlink($keydir . $Pivot_Vars["key"]); // pbl_suspectIP($aConfig["blockstrikes"]); logspammer(stripslashes(urldecode($Pivot_Vars['excerpt'])), "htrackback", urldecode($Pivot_Vars['url'])); exit; } } else { logspammer('key not found', "htrackback"); exit; } unlink($keydir . $Pivot_Vars["key"]); } }
$tburl = $Paths["host"] . $Paths["pivot_url"] . "tb.php?tb_id=" . $_GET["id"] . "&key="; if (!strstr($_SERVER["HTTP_REFERER"], $_SERVER["SERVER_NAME"])) { // Creating a bogus key $tbkey = md5(microtime()); debug("hardened trackbacks: illegal request - creating bogus key"); } else { makedir($keydir); $tbkey = md5($Cfg['server_spam_key'] . $_SERVER["REMOTE_ADDR"] . $_GET["id"] . time()); if (!touch($keydir . $tbkey)) { debug("hardened trackbacks: directory {$keydir} isn't writable - can't create key"); } else { chmod_file($keydir . $tbkey); } } // Getting the time offset between the web and file server (if there is any) $offset = timediffwebfile($tbkey_debug); // delete keys older than 15 minutes $nNow = time(); $handle = opendir($keydir); while (false !== ($file = readdir($handle))) { $filepath = $keydir . $file; if (!is_dir($filepath) && $file != "index.html") { $Diff = $nNow - filectime($filepath); if ($Diff > 60 * 15 + $offset && $tbkey_debug != true) { unlink($filepath); } } } closedir($handle); echo "\nvar tbkey='{$tbkey}';\n"; echo <<<EOM
/** * Check the trackback for spam (currently using Hardened Trackback if enabled). * * @return void */ function killtrackbackspam() { global $PIVOTX; // Do nothing if hardened trackback isn't enabled. if ($PIVOTX['config']->get('hardened_trackback') != 1) { return true; } $keydir = $PIVOTX['paths']["db_path"] . "tbkeys/"; $key = $_GET["key"]; if (strlen($key) < 32) { logspammer('tampered key: invalid length', "htrackback", $_POST['url']); exit; } else { if (!preg_match('/^[a-f0-9]{32}$/', $_GET["key"])) { logspammer('tampered key: invalid characters found', "htrackback", $_POST['url']); exit; } if (file_exists($keydir . $key)) { $offset = timediffwebfile(); if (time() - filectime($keydir . $key) > 900 + $offset) { @unlink($keydir . $key); // pbl_suspectIP($aConfig["blockstrikes"]); logspammer(stripslashes($_POST['excerpt']), "htrackback", $_POST['url']); exit; } } else { logspammer('key not found', "htrackback"); exit; } unlink($keydir . $key); } }