This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

Trap Value
#1

Commentics has a anti-spam feature, Trap Value
From time to time, as an admin, I get email notification about Banned users due to Trap Value
But, the email does not inform me about the exact value of this Trap Value !! what is the value of this variable? knowing this, I will ensure that script is not misbehaving by banning good comment writers.
I mean, what this banned user had written?
Reply
#2

Ok, this is for Commentics v1.3.5

In comments/includes/app/processor.php, replace this:
PHP Code:
<?php 
/* Check Trap */
if ($settings->check_trap) {
if (!isset(
$_POST['fax']) || !isset($_POST['phone'])) { //no trap data submitted
cmtx_ban(CMTX_BAN_REASON_NO_TRAP); //ban user for no trap data
} else { //if trap data submitted
if (!empty($_POST['fax']) || !empty($_POST['phone'])) { //trap data contains value
cmtx_ban(CMTX_BAN_REASON_TRAP_VALUE); //ban user for trap value
}
}
}

With:
PHP Code:
<?php 
/* Check Trap */
if ($settings->check_trap) {
global
$fax, $phone;
if (!isset(
$_POST['fax']) || !isset($_POST['phone'])) { //no trap data submitted
cmtx_ban(CMTX_BAN_REASON_NO_TRAP); //ban user for no trap data
} else { //if trap data submitted
if (!empty($_POST['fax']) || !empty($_POST['phone'])) { //trap data contains value
if (!empty($_POST['fax'])) { $fax = $_POST['fax']; }
if (!empty(
$_POST['phone'])) { $phone = $_POST['phone']; }
cmtx_ban(CMTX_BAN_REASON_TRAP_VALUE); //ban user for trap value
}
}
}

Then, in comments/includes/functions/processor.php, replace this:
PHP Code:
<?php 
function cmtx_ban ($reason) { //ban user

global $mysql_table_prefix, $settings, $ip_address, $is_admin; //globalise variables

With:
PHP Code:
<?php 
function cmtx_ban ($reason) { //ban user

global $mysql_table_prefix, $settings, $ip_address, $is_admin, $fax, $phone; //globalise variables

if ($reason == CMTX_BAN_REASON_TRAP_VALUE && strlen($fax) < 100 && strlen($phone) < 100) {
$fax = cmtx_sanitize($fax, true, true, true);
$phone = cmtx_sanitize($phone, true, true, true);
$reason .= " Fax: \"" . $fax . "\" Phone: \"" . $phone . "\"";
}

Have you completed the interview?
Reply
#3

Hm... good idea. But, what is this notice really worth if I don't have an email?

I mean it is certainly good to know whether or not the banned poster was really a badder or gooder (hee, hope these expressions make it into the dictionary). But not every good one will tell you. Some may just leave. Whereas if you got their email, you could (if you really wanted) at least email back after you lifted the ban and invite him/her back ... ?

Cheereoh
Reply
#4

Need to add on more.

Based on "my" experience in this short time I use Commentics review software now, is that - yes, basically 100% of these Trap-Value bans belong to some people you better don't know.

We've got a quite good Brut-Force protection setup and comparing the IP from the banned Trap Values with the Brut Force attackers on our server ... ALL of them go together.

Is Steven's Trap-Value setup effective and good to have?

YOU BET IT IS! 101%

Thanks Steven. You saved us from a lot of unwanted headache! For that alone you deserve a medal.
Reply
#5

(25-Jan-2011, 05:19 PM)Steven Wrote:  Ok, this is for Commentics v1.3.5


Hi Steven,

Will this fix work for v1.5?
Reply
#6

Yes it will work fine.

Have you completed the interview?
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)