Page 1 of 2

How to track spam or failed log in attemps?

Posted: Sat Dec 28, 2013 4:10 pm
by tex
How to track spam or failed log in attempts?

I have a php forum, and I would like to track how many times bots fail or try to create an account. I am thinking simple in that I think they automate filling in fields and automate button clicks, am I right? If so every time they trigger the submit button I would like to gather all the selections they made to the register form and gab all of their data such as IP and what ever. Can anyone help me create this script, I stink at PHP but I would be willing to help you with VB.net in return.

:D

Thanks!

Re: How to track spam or failed log in attemps?

Posted: Sat Dec 28, 2013 9:27 pm
by califdon
tex wrote:How to track spam or failed log in attempts?

I have a php forum, and I would like to track how many times bots fail or try to create an account. I am thinking simple in that I think they automate filling in fields and automate button clicks, am I right? If so every time they trigger the submit button I would like to gather all the selections they made to the register form and gab all of their data such as IP and what ever. Can anyone help me create this script, I stink at PHP but I would be willing to help you with VB.net in return.
Thanks!
Hi Tex,

Is this forum software that was already written, or did you write it yourself? If it's an existing package, what specific package is it? Someone may be familiar with the software and be able to give you some immediate answers.

In general, you will have to find the PHP script that creates the page that users would use to create an account, then identify the place in that script where, for a legitimate user, it validates the input data (checking for blank fields, etc.) and submits the form data to another PHP script for processing. By the way, does it use a Captcha or any other means of bot detection? That would be important to know, as that would be the logical place to add any logging routines. Basically, you are on the right track: when the data is submitted, you want to either send that same data (plus IP address--see below) to you in an email or log it into a database file and maybe notify you by email. But you need to detect whether a submission is likely to be by a bot, otherwise you would be receiving/logging a whole lot of legitimate account creations! If you already use a Captcha, for example, you would probably use that to determine whether a human was submitting it or not. But the human could also be a spammer or hacker, of course.

In PHP, you can get the IP address of the requesting browser by using the function getenv("REMOTE_ADDR"); . There are other methods, but this one seems to be the most reliable, according to: http://techtalk.virendrachandak.com/get ... z2opZY1VN9.

Re: How to track spam or failed log in attemps?

Posted: Sat Dec 28, 2013 10:46 pm
by tex
Hi,

I am using PHPBB, I would like to collect this data in a CSV file so I can then import that into excel file. I know its going to be a ton of junk this is why I just would like to log it even the failed attempts so I can see the patterns they are using. I been getting a lot of spam the last month. I have it under control now but I am looking to monitor it better.

Re: How to track spam or failed log in attemps?

Posted: Sun Dec 29, 2013 1:20 am
by tex
I think I narrowed a few things down, this is the file on my host server, and I have full ftp control so I can make code changes with no issues, and I have the ability to create files and directories. But I get a bit confused with Unix directories and such like the "../.." paths (I am a windows guy only) so I need help with how to set my text.csv/log file path. I have a typical LAMP hosted site and my Forum structure/directory is like /public_html/Forum
but how do I set my path to write to a text file in this root Forum directory? Also I would like to write all variables from this registration form NOT the users password though I am strictly after trying to log all the spammers responses to my Q&A fields, email, username, and their IP all on one line per button click, then just keep appending to this log/csv file.

Here is the registration page:

Code: Select all

<?php
/**
*
* @package ucp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
if (!defined('IN_PHPBB'))
{
	exit;
}

/**
* ucp_register
* Board registration
* @package ucp
*/
class ucp_register
{
	var $u_action;

	function main($id, $mode)
	{
		global $config, $db, $user, $auth, $template, $phpbb_root_path, $phpEx;

		//
		if ($config['require_activation'] == USER_ACTIVATION_DISABLE)
		{
			trigger_error('UCP_REGISTER_DISABLE');
		}

		include($phpbb_root_path . 'includes/functions_profile_fields.' . $phpEx);

		$coppa			= (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false;
		$agreed			= (!empty($_POST['agreed'])) ? 1 : 0;
		$submit			= (isset($_POST['submit'])) ? true : false;
		$change_lang	= request_var('change_lang', '');
		$user_lang		= request_var('lang', $user->lang_name);

		if ($agreed)
		{
			add_form_key('ucp_register');
		}
		else
		{
			add_form_key('ucp_register_terms');
		}

		if ($change_lang || $user_lang != $config['default_lang'])
		{
			$use_lang = ($change_lang) ? basename($change_lang) : basename($user_lang);

			if (!validate_language_iso_name($use_lang))
			{
				if ($change_lang)
				{
					$submit = false;

					// Setting back agreed to let the user view the agreement in his/her language
					$agreed = (empty($_GET['change_lang'])) ? 0 : $agreed;
				}

				$user->lang_name = $user_lang = $use_lang;
				$user->lang = array();
				$user->data['user_lang'] = $user->lang_name;
				$user->add_lang(array('common', 'ucp'));
			}
			else
			{
				$change_lang = '';
				$user_lang = $user->lang_name;
			}
		}


		$cp = new custom_profile();

		$error = $cp_data = $cp_error = array();

		if (!$agreed || ($coppa === false && $config['coppa_enable']) || ($coppa && !$config['coppa_enable']))
		{
			$add_lang = ($change_lang) ? '&change_lang=' . urlencode($change_lang) : '';
			$add_coppa = ($coppa !== false) ? '&coppa=' . $coppa : '';

			$s_hidden_fields = array(
				'change_lang'	=> $change_lang,
			);

			// If we change the language, we want to pass on some more possible parameter.
			if ($change_lang)
			{
				// We do not include the password
				$s_hidden_fields = array_merge($s_hidden_fields, array(
					'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
					'email'				=> strtolower(request_var('email', '')),
					'email_confirm'		=> strtolower(request_var('email_confirm', '')),
					'lang'				=> $user->lang_name,
					'tz'				=> request_var('tz', (float) $config['board_timezone']),
				));

			}

			// Checking amount of available languages
			$sql = 'SELECT lang_id
				FROM ' . LANG_TABLE;
			$result = $db->sql_query($sql);

			$lang_row = array();
			while ($row = $db->sql_fetchrow($result))
			{
				$lang_row[] = $row;
			}
			$db->sql_freeresult($result);

			if ($coppa === false && $config['coppa_enable'])
			{
				$now = getdate();
				$coppa_birthday = $user->format_date(mktime($now['hours'] + $user->data['user_dst'], $now['minutes'], $now['seconds'], $now['mon'], $now['mday'] - 1, $now['year'] - 13), $user->lang['DATE_FORMAT']);
				unset($now);

				$template->assign_vars(array(
					'S_LANG_OPTIONS'	=> (sizeof($lang_row) > 1) ? language_select($user_lang) : '',
					'L_COPPA_NO'		=> sprintf($user->lang['UCP_COPPA_BEFORE'], $coppa_birthday),
					'L_COPPA_YES'		=> sprintf($user->lang['UCP_COPPA_ON_AFTER'], $coppa_birthday),

					'U_COPPA_NO'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=0' . $add_lang),
					'U_COPPA_YES'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register&coppa=1' . $add_lang),

					'S_SHOW_COPPA'		=> true,
					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang),
				));
			}
			else
			{
				$template->assign_vars(array(
					'S_LANG_OPTIONS'	=> (sizeof($lang_row) > 1) ? language_select($user_lang) : '',
					'L_TERMS_OF_USE'	=> sprintf($user->lang['TERMS_OF_USE_CONTENT'], $config['sitename'], generate_board_url()),

					'S_SHOW_COPPA'		=> false,
					'S_REGISTRATION'	=> true,
					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),
					)
				);
			}
			unset($lang_row);

			$this->tpl_name = 'ucp_agreement';
			return;
		}


		// The CAPTCHA kicks in here. We can't help that the information gets lost on language change. 
		if ($config['enable_confirm'])
		{
			include($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx);
			$captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']);
			$captcha->init(CONFIRM_REG);
		}

		$is_dst = $config['board_dst'];
		$timezone = $config['board_timezone'];

		$data = array(
			'username'			=> utf8_normalize_nfc(request_var('username', '', true)),
			'new_password'		=> request_var('new_password', '', true),
			'password_confirm'	=> request_var('password_confirm', '', true),
			'email'				=> strtolower(request_var('email', '')),
			'email_confirm'		=> strtolower(request_var('email_confirm', '')),
			'lang'				=> basename(request_var('lang', $user->lang_name)),
			'tz'				=> request_var('tz', (float) $timezone),
		);

		// Check and initialize some variables if needed
		if ($submit)
		{
			$error = validate_data($data, array(
				'username'			=> array(
					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
					array('username', '')),
				'new_password'		=> array(
					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
					array('password')),
				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
				'email'				=> array(
					array('string', false, 6, 60),
					array('email')),
				'email_confirm'		=> array('string', false, 6, 60),
				'tz'				=> array('num', false, -14, 14),
				'lang'				=> array('language_iso_name'),
			));

			if (!check_form_key('ucp_register'))
			{
				$error[] = $user->lang['FORM_INVALID'];
			}

			// Replace "error" strings with their real, localised form
			$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

			if ($config['enable_confirm'])
			{
				$vc_response = $captcha->validate($data);
				if ($vc_response !== false)
				{
					$error[] = $vc_response;
				}

				if ($config['max_reg_attempts'] && $captcha->get_attempt_count() > $config['max_reg_attempts'])
				{
					$error[] = $user->lang['TOO_MANY_REGISTERS'];
				}
			}

			// DNSBL check
			if ($config['check_dnsbl'])
			{
				if (($dnsbl = $user->check_dnsbl('register')) !== false)
				{
					$error[] = sprintf($user->lang['IP_BLACKLISTED'], $user->ip, $dnsbl[1]);
				}
			}

			// validate custom profile fields
			$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);

			if (!sizeof($error))
			{
				if ($data['new_password'] != $data['password_confirm'])
				{
					$error[] = $user->lang['NEW_PASSWORD_ERROR'];
				}

				if ($data['email'] != $data['email_confirm'])
				{
					$error[] = $user->lang['NEW_EMAIL_ERROR'];
				}
			}

			if (!sizeof($error))
			{
				$server_url = generate_board_url();

				// Which group by default?
				$group_name = ($coppa) ? 'REGISTERED_COPPA' : 'REGISTERED';

				$sql = 'SELECT group_id
					FROM ' . GROUPS_TABLE . "
					WHERE group_name = '" . $db->sql_escape($group_name) . "'
						AND group_type = " . GROUP_SPECIAL;
				$result = $db->sql_query($sql);
				$row = $db->sql_fetchrow($result);
				$db->sql_freeresult($result);

				if (!$row)
				{
					trigger_error('NO_GROUP');
				}

				$group_id = $row['group_id'];

				if (($coppa ||
					$config['require_activation'] == USER_ACTIVATION_SELF ||
					$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
				{
					$user_actkey = gen_rand_string(mt_rand(6, 10));
					$user_type = USER_INACTIVE;
					$user_inactive_reason = INACTIVE_REGISTER;
					$user_inactive_time = time();
				}
				else
				{
					$user_type = USER_NORMAL;
					$user_actkey = '';
					$user_inactive_reason = 0;
					$user_inactive_time = 0;
				}

				$user_row = array(
					'username'				=> $data['username'],
					'user_password'			=> phpbb_hash($data['new_password']),
					'user_email'			=> $data['email'],
					'group_id'				=> (int) $group_id,
					'user_timezone'			=> (float) $data['tz'],
					'user_dst'				=> $is_dst,
					'user_lang'				=> $data['lang'],
					'user_type'				=> $user_type,
					'user_actkey'			=> $user_actkey,
					'user_ip'				=> $user->ip,
					'user_regdate'			=> time(),
					'user_inactive_reason'	=> $user_inactive_reason,
					'user_inactive_time'	=> $user_inactive_time,
				);

				if ($config['new_member_post_limit'])
				{
					$user_row['user_new'] = 1;
				}

				// Register user...
				$user_id = user_add($user_row, $cp_data);

				// This should not happen, because the required variables are listed above...
				if ($user_id === false)
				{
					trigger_error('NO_USER', E_USER_ERROR);
				}

				// Okay, captcha, your job is done.
				if ($config['enable_confirm'] && isset($captcha))
				{
					$captcha->reset();
				}

				if ($coppa && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_COPPA'];
					$email_template = 'coppa_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_SELF && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE'];
					$email_template = 'user_welcome_inactive';
				}
				else if ($config['require_activation'] == USER_ACTIVATION_ADMIN && $config['email_enable'])
				{
					$message = $user->lang['ACCOUNT_INACTIVE_ADMIN'];
					$email_template = 'admin_welcome_inactive';
				}
				else
				{
					$message = $user->lang['ACCOUNT_ADDED'];
					$email_template = 'user_welcome';
				}

				if ($config['email_enable'])
				{
					include_once($phpbb_root_path . 'includes/functions_messenger.' . $phpEx);

					$messenger = new messenger(false);

					$messenger->template($email_template, $data['lang']);

					$messenger->to($data['email'], $data['username']);

					$messenger->anti_abuse_headers($config, $user);

					$messenger->assign_vars(array(
						'WELCOME_MSG'	=> htmlspecialchars_decode(sprintf($user->lang['WELCOME_SUBJECT'], $config['sitename'])),
						'USERNAME'		=> htmlspecialchars_decode($data['username']),
						'PASSWORD'		=> htmlspecialchars_decode($data['new_password']),
						'U_ACTIVATE'	=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
					);

					if ($coppa)
					{
						$messenger->assign_vars(array(
							'FAX_INFO'		=> $config['coppa_fax'],
							'MAIL_INFO'		=> $config['coppa_mail'],
							'EMAIL_ADDRESS'	=> $data['email'])
						);
					}

					$messenger->send(NOTIFY_EMAIL);

					if ($config['require_activation'] == USER_ACTIVATION_ADMIN)
					{
						// Grab an array of user_id's with a_user permissions ... these users can activate a user
						$admin_ary = $auth->acl_get_list(false, 'a_user', false);
						$admin_ary = (!empty($admin_ary[0]['a_user'])) ? $admin_ary[0]['a_user'] : array();

						// Also include founders
						$where_sql = ' WHERE user_type = ' . USER_FOUNDER;

						if (sizeof($admin_ary))
						{
							$where_sql .= ' OR ' . $db->sql_in_set('user_id', $admin_ary);
						}

						$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
							FROM ' . USERS_TABLE . ' ' .
							$where_sql;
						$result = $db->sql_query($sql);

						while ($row = $db->sql_fetchrow($result))
						{
							$messenger->template('admin_activate', $row['user_lang']);
							$messenger->to($row['user_email'], $row['username']);
							$messenger->im($row['user_jabber'], $row['username']);

							$messenger->assign_vars(array(
								'USERNAME'			=> htmlspecialchars_decode($data['username']),
								'U_USER_DETAILS'	=> "$server_url/memberlist.$phpEx?mode=viewprofile&u=$user_id",
								'U_ACTIVATE'		=> "$server_url/ucp.$phpEx?mode=activate&u=$user_id&k=$user_actkey")
							);

							$messenger->send($row['user_notify_type']);
						}
						$db->sql_freeresult($result);
					}
				}

				$message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
				trigger_error($message);
			}
		}

		$s_hidden_fields = array(
			'agreed'		=> 'true',
			'change_lang'	=> 0,
		);

		if ($config['coppa_enable'])
		{
			$s_hidden_fields['coppa'] = $coppa;
		}

		if ($config['enable_confirm'])
		{
			$s_hidden_fields = array_merge($s_hidden_fields, $captcha->get_hidden_fields());
		}
		$s_hidden_fields = build_hidden_fields($s_hidden_fields);
		$confirm_image = '';

		// Visual Confirmation - Show images
		if ($config['enable_confirm'])
		{
			$template->assign_vars(array(
				'CAPTCHA_TEMPLATE'		=> $captcha->get_template(),
			));
		}

		//
		$l_reg_cond = '';
		switch ($config['require_activation'])
		{
			case USER_ACTIVATION_SELF:
				$l_reg_cond = $user->lang['UCP_EMAIL_ACTIVATE'];
			break;

			case USER_ACTIVATION_ADMIN:
				$l_reg_cond = $user->lang['UCP_ADMIN_ACTIVATE'];
			break;
		}

		$template->assign_vars(array(
			'ERROR'				=> (sizeof($error)) ? implode('<br />', $error) : '',
			'USERNAME'			=> $data['username'],
			'PASSWORD'			=> $data['new_password'],
			'PASSWORD_CONFIRM'	=> $data['password_confirm'],
			'EMAIL'				=> $data['email'],
			'EMAIL_CONFIRM'		=> $data['email_confirm'],

			'L_REG_COND'				=> $l_reg_cond,
			'L_USERNAME_EXPLAIN'		=> sprintf($user->lang[$config['allow_name_chars'] . '_EXPLAIN'], $config['min_name_chars'], $config['max_name_chars']),
			'L_PASSWORD_EXPLAIN'		=> sprintf($user->lang[$config['pass_complex'] . '_EXPLAIN'], $config['min_pass_chars'], $config['max_pass_chars']),

			'S_LANG_OPTIONS'	=> language_select($data['lang']),
			'S_TZ_OPTIONS'		=> tz_select($data['tz']),
			'S_CONFIRM_REFRESH'	=> ($config['enable_confirm'] && $config['confirm_refresh']) ? true : false,
			'S_REGISTRATION'	=> true,
			'S_COPPA'			=> $coppa,
			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
			'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
		));

		//
		$user->profile_fields = array();

		// Generate profile fields -> Template Block Variable profile_fields
		$cp->generate_profile_fields('register', $user->get_iso_lang_id());

		//
		$this->tpl_name = 'ucp_register';
		$this->page_title = 'UCP_REGISTRATION';
	}
}

?>

Re: How to track spam or failed log in attemps?

Posted: Sun Dec 29, 2013 12:20 pm
by califdon
Maybe one of the administrators here who is familiar with PHPBB could jump in here and tell us if there is already a logfile that would save Tex from creating his own, also whether it is practical to modify PHPBB source code for something like this?

Tex, welcome to Linux and PHP! :-) Once you begin to be comfortable with differences in syntax and approach to operations, I'm sure you will find that Linux is more straightforward than MS Windows. File system paths, for example, are not that different, but Linux doesn't use drive letters like C:\, it considers the entire computer file system as beginning at what is called "root" and is written as just a forward slash (/).But Apache web server, exactly like MS IIS web server, is limited, for security reasons, to "seeing" only a segment of the entire computer file system, called "document root", and when you are dealing with a web server, it is the document root that is labeled /.

Re: How to track spam or failed log in attemps?

Posted: Sun Dec 29, 2013 2:23 pm
by tex
Thanks Cali! I do have some log files but I want some extra detail for my own ideas and perhaps there are others on the server side I may be unaware of so good point there.

I was going to use this example as a template and start working it into the above file and start testing really soon.

Code: Select all

<?php
$file = 'people.txt';
// Open the file to get existing content
$current = file_get_contents($file);
// Append a new person to the file
$current .= "John Smith\n";
// Write the contents back to the file
file_put_contents($file, $current);
?>

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 12:01 am
by tex
Well I managed to do it, created my own log file and even sent an email to myself. Now I can try and stay ahead of spam by seeing what the bots enter into my q&a text box. So far on one bot attempt this text box was left empty, and that one did not make it in.

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 11:05 am
by califdon
Congratulations! Sorry we didn't come up with any real suggestions to help you. I think some of the guys are taking a break during the holidays.

I did something like that earlier this year. I have a U.S. Navy ship's memorial site with a "ship's log book" where former crew members or their families can leave short messages, open to the public. I didn't want to complicate it by requiring registration, so it's vulnerable to hackers, but it's been running for over a decade and I've only had occasional abuses. Also, it's a low traffic site, so I can handle reviewing all posts to the database, so every post triggers an email to me, showing me the content, with a link to a script that deletes that specific post, so all I do is scan an entry and if it looks OK, I just do nothing; if it's spam or whatever, I just click the link in the email and POOF! it's gone. For a couple of weeks 3 years ago, then again this past summer, I was getting maybe 20 or 30 malicious posts a day, which I analyzed, but couldn't tell much; they all conformed to a pattern, but were from different IP addresses, so I think I was dealing with a botnet. But in both cases, they stopped after a week or two. I did make a few changes in my system, but I'm not convinced that my changes were what stopped them, since they started again, 3 years later. It's a constant battle.

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 12:35 pm
by tex
Well I thank you for posting and it made me do my own coding and learning so if someone has a better idea please post it, thankfully I new just enough to get by. I only got three fields but at least now I can like you said see the pattern that they use.

Interesting about what you did on your site and all very cool stuff I enjoyed reading it!I really like computers and wish I could learn more faster but IT security to me is very interesting. I am thinking about doing more like reporting them to the closest server/company that they used. This takes time but I looked into this a bit and came across this Pearl Code posted; not sure how to implement it though. Came from this site and it looks legitimate to me.
http://email.about.com/gi/o.htm?zi=1/XJ ... abuse.net/

Code: Select all

# look up contacts from abuse.net
use Net::DNS;
sub ablookup {
    my ($domain) = @_;
    my ($res, $query, @r);

    $res = new Net::DNS::Resolver;
    while(1) {
	$query = $res->search("$domain.contacts.abuse.net", "TXT");
	if ($query) {
	    my $rr;

	    foreach $rr ($query->answer) {
		push @r, $rr->txtdata if $rr->type eq "TXT";
	    }
	    return @r;
	} else { # Net::DNS rejects special characters, strip off
		 # subdomains and see if a parent domain works
	    if($domain =~ m{^[^.]+\.([^.]+\..+)}) {
		$domain = $1;
	    } else {
		die "Cannot lookup contacts for $domain";
	    }
	}
    }
}

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 1:44 pm
by califdon
I never learned Perl, so I can't even read that code very well, but as I read the abuse.net webpage, I believe it is just returning the administrative/technical contact info from a requested domain's DNS record. I'm not sure how helpful that would be, since most of these hackers seem to be from countries where there isn't much regulation of Internet hacking. In my recent experience, most seem to have been coming from Russia and China, and in the past I've seen a lot from Romania. These guys really don't care if you complain to them.

Have you scanned our PHP - Security forum? If you haven't, take a look: viewforum.php?f=34. Among many other interesting security threads, my experiences are in a thread near the top, where I received some really helpful advice from some of the guys who really know a lot more about security than I do! You might find some of it useful to you.

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 2:03 pm
by tex
True about the spammers they probably use hijacked computers also. But I am very tired of the spam so I may try and fight back a little. I actually did some really cool VB.net code to stop all my annoying telemarketer type phone calls at my home these people actually hide their number and that is supposed to be illegal as far as I know so one thing I do is if the number comes up as a "0" they get hung up on in a fraction of a ring :)

Great I will do some reading tonight on those security pages that you mentioned.

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 7:57 pm
by tex
I need some advice on the bellow code, I am trying to get the IP address but I am doing something wrong not sure what I can do and suggestions? Also what is $_POST actually doing? I know I need to have it in some case's just not sure why?

// code from ucp_register.php from PHPBB

Code: Select all

				$user_row = array(
					'username'				=> $data['username'],
					'user_password'			=> phpbb_hash($data['new_password']),
					'user_email'			=> $data['email'],
					'group_id'				=> (int) $group_id,
					'user_timezone'			=> (float) $data['tz'],
					'user_dst'				=> $is_dst,
					'user_lang'				=> $data['lang'],
					'user_type'				=> $user_type,
					'user_actkey'			=> $user_actkey,
					'user_ip'				=> $user->ip,
					'user_regdate'			=> time(),
					'user_inactive_reason'	=> $user_inactive_reason,
					'user_inactive_time'	=> $user_inactive_time,
				);

	// my new code 
	$rms_ip = $_POST['user_ip'];         // <-- not sure if I should use $_POST here??               
	$rms_username = $_POST['username'];  
	$rms_email = $_POST['email']; 	   	 
	$rms_answer = $_POST['qa_answer']; 	         	 

	$rms_result = $rms_ip . ", " . $rms_username . ", " . $rms_email . ", " . $rms_answer;

	$rms_file = '../../register_logs.txt'; 

	// Open the file to get existing content
	$rms_current = file_get_contents($rms_file);

	// Append a new person to the file
	$rms_current .= $rms_result . "\r\n";

	// Write the contents back to the file
	file_put_contents($rms_file, $rms_current);
	// end my new code 


Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 8:13 pm
by Celauran
In the case of a form submitted via POST request, the $_POST array will contain said form data. If the form contains a field with name="email" then $_POST['email'] will contain that field's value, and so on. In theory, $_POST['user_ip'] could exist were you to, say, write that information to a hidden field when the form is generated. I would not recommend doing this, however, as user-submitted data ought not be trusted. $_SERVER['REMOTE_ADDR'] will contain a user's IP address though, in the snippet of code you posted, it's also clearly available via $user->ip

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 8:35 pm
by tex
Celauran wrote:In the case of a form submitted via POST request, the $_POST array will contain said form data. If the form contains a field with name="email" then $_POST['email'] will contain that field's value, and so on. In theory, $_POST['user_ip'] could exist were you to, say, write that information to a hidden field when the form is generated. I would not recommend doing this, however, as user-submitted data ought not be trusted. $_SERVER['REMOTE_ADDR'] will contain a user's IP address though, in the snippet of code you posted, it's also clearly available via $user->ip
Thanks, and I am trying to log this "$user->ip" to my text file but I was not sure what this means "->" or how to get this into my variable. Also user_ip is defiantly not coming from user input or the form so my $_POST was incorrectly used.

Re: How to track spam or failed log in attemps?

Posted: Mon Dec 30, 2013 8:50 pm
by Celauran
$user->ip denotes the ip property of the user object. Where some languages use dot notation, PHP uses -> (or :: for static properties/methods)