DLSS Posted February 13, 2007 Share Posted February 13, 2007 help ! the spambots are getting smarter :,( my clansite has a shoutbox, well untill recently i could just ban/redirect the spambots by their ip and that used to work .... but now i see 2 more adds in the shoutbox , i go into the admin menu to delete em and check and ban the ip , but WTF its spoofed (pretty obvious) and says its from 127.0.0.1 (home duhh) now wot shud i do to get rid of em seeing i have no way of identifieng it ... Quote Link to comment Share on other sites More sharing options...
Sparda Posted February 13, 2007 Share Posted February 13, 2007 errmm... I don't know? How about banning posts from non internet IP ranges? Also, see if you can configure it to only accept posts over TCP connections as they are unspoofable. Quote Link to comment Share on other sites More sharing options...
VaKo Posted February 13, 2007 Share Posted February 13, 2007 They posted from 127.0.0.1? You sure the sites not got a hole in it... Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 13, 2007 Share Posted February 13, 2007 I'd LOVE to know how they did that! Quote Link to comment Share on other sites More sharing options...
Deveant Posted February 13, 2007 Share Posted February 13, 2007 hmm is it ok to post a link? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 13, 2007 Share Posted February 13, 2007 hmm is it ok to post a link? Not gay pr0n? not spam? then yes, always. Quote Link to comment Share on other sites More sharing options...
majk Posted February 13, 2007 Share Posted February 13, 2007 Well as Sparda said, it's basically impossible to spoof a TCP connection. But in some situations the remote IP is read from HTTP_FORWARDED_FOR or similar headers if they're set, and they can be spoofed. Quote Link to comment Share on other sites More sharing options...
VaKo Posted February 14, 2007 Share Posted February 14, 2007 They done hax0rd your scripts! Quote Link to comment Share on other sites More sharing options...
cooper Posted February 14, 2007 Share Posted February 14, 2007 Somebody set you up the bomb! Quote Link to comment Share on other sites More sharing options...
Deveant Posted February 14, 2007 Share Posted February 14, 2007 hmm is it ok to post a link? Not gay pr0n? not spam? then yes, always. lol does that mean its okay if it isnt gay pr0n? lol Quote Link to comment Share on other sites More sharing options...
DLSS Posted February 14, 2007 Author Share Posted February 14, 2007 They posted from 127.0.0.1? You sure the sites not got a hole in it... i'd admit its a vulnerable engine , but am pritty sure it isnt a engine exploit. tryed to update the engine a few times but it always f*cks itself or my db over ... the page is @ http://dlss.channelwood.org/index.php Quote Link to comment Share on other sites More sharing options...
cooper Posted February 14, 2007 Share Posted February 14, 2007 Okay, so I looked at the source, and I see this in the form for your shoutbox: <INPUT type="hidden" name="ip" value="XXX.XXX.XXX.XXX"> Where my own IP has obviously been serverside included. Gee. I wonder how I can post to the shoutbox and hide my IP... Whoever designed that part of the site should be made to drive through Alabama with the text "Man-love rules ok" painted on the side of his pick-up truck. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted February 14, 2007 Share Posted February 14, 2007 Okay, so I looked at the source, and I see this in the form for your shoutbox: <INPUT type="hidden" name="ip" value="XXX.XXX.XXX.XXX"> Where my own IP has obviously been serverside included. Gee. I wonder how I can post to the shoutbox and hide my IP... Whoever designed that part of the site should be made to drive through Alabama with the text "Man-love rules ok" painted on the side of his pick-up truck. LOL nice Quote Link to comment Share on other sites More sharing options...
DLSS Posted February 14, 2007 Author Share Posted February 14, 2007 Crap .... ye its the engine ... i didnt put that in ... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.