版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2005/01/10/000550.html
标 题: [MT] spam
发信站: HAPPY (Mon Jan 10 14:21:28 2005), 转信
http://sixapart.com/pronet/comment_spam.html
http://www.movabletype.org/news/2005/01/guide_for_fighting_commen.shtml
http://james.seng.cc/archives/000145.html
http://james.seng.cc/files/scode-0.1c.tar.gz
http://www.boutell.com/gd/index.html
http://stein.cshl.org/WWW/software/GD/
cgi-bin% find ./ -type f -cmin -1440
./lib/MT/App/Comments.pm
./lib/MT/Template/Context.pm
./lib/MT/SCode.pm
./plugins/scode.pl
./mt-scode.cgi
--- Comments.pm.bak 2004-10-02 02:26:04.000000000 +0800
+++ Comments.pm 2005-01-10 17:34:13.000000000 +0800
@@ -244,6 +244,20 @@
if (!$q->param('text')) {
return $app->handle_error($app->translate("Comment text is required."));
}
+ # SecurityCode hack start
+ #
+ require MT::SCode;
+ my $code = $q->param('code');
+ my $scode = $q->param('scode');
+ my $sscode = MT::SCode::scode_get($code);
+ if ($scode ne $sscode) {
+ return $app->handle_error($app->translate(
+ "Wrong or missing Security Code."));
+ }
+ MT::SCode::scode_delete($code);
+ MT::SCode::scode_create($code);
+ #
+ # Security hack ends
my ($comment, $commenter) = _make_comment($app, $entry);
if (!$blog->allow_unreg_comments) {
if (!$commenter) {
--- Context.pm.bak 2004-10-21 09:02:40.000000000 +0800
+++ Context.pm 2005-01-10 17:47:04.000000000 +0800
@@ -1124,7 +1124,14 @@
sub _hdlr_comment_fields {
my ($ctx, $args, $cond) = @_;
-
+ # Security code validation
+ require MT::SCode; # <-- new addition
+ srand int (time/10)+$$;
+ my $securitycode = int rand(MT::SCode::scode_tmp());
+ $securitycode++;
+ MT::SCode::scode_create($securitycode);
+ # End Security code hack
+
my $blog = $ctx->stash('blog_id');
$blog = MT::Blog->load($blog) if defined $blog && !(ref $blog);
@@ -1214,6 +1221,12 @@
<MT_TRANS phrase="Remember me?">
<input type="radio" id="remember" name="bakecookie" /><label for="bakecookie"><label for="remember"><MT_TRANS phrase="Yes"></label><input type="radio" id="forget" name="bakecookie" onclick="forgetMe(this.form)" value="Forget Info" style="margin-left: 15px;" /><label for="forget"><MT_TRANS phrase="No"></label><br style="clear: both;" /></p>
+ <!-- Security Code Check -->
+ <input type="hidden" id="code" name="code" value="$securitycode" />
+ <label for="scode">Security Code:</label><br />
+ <img border="0" alt="Please enter the security code you see here" src="$path/mt-scode.cgi?code=$securitycode" /><br />
+ <input tabindex="3" id="scode" name="scode" /><br /><br />
+ <!-- end of Security Code Check -->
<p><label for="text"><MT_TRANS phrase="Comments:"></label><br />
<textarea tabindex="2" id="text" name="text" rows="10" cols="50" id="text">$comment_text</textarea></p>
@@ -1299,6 +1312,12 @@
<MT_TRANS phrase="Remember me?">
<input type="radio" id="remember" name="bakecookie" /><label for="remember"><MT_TRANS phrase="Yes"></label><input type="radio" id="forget" name="bakecookie" onclick="forgetMe(this.form)" value="Forget Info" style="margin-left: 15px;" /><label for="forget"><MT_TRANS phrase="No"></label><br style="clear: both;" /></p>
+ <!-- Security Code Check -->
+ <input type="hidden" id="code" name="code" value="$securitycode" />
+ <label for="scode">Security Code:</label><br />
+ <img border="0" alt="Please enter the security code you see here" src="$path/mt-scode.cgi?code=$securitycode" /><br />
+ <input tabindex="3" id="scode" name="scode" /><br /><br />
+ <!-- end of Security Code Check -->
<p><label for="text"><MT_TRANS phrase="Comments:"></label> $allow_comment_html_note<br />
<textarea tabindex="4" name="text" rows="10" cols="50" id="text">$comment_text</textarea></p>
-----> Individual Entry Archive
<!-- Security Code Check -->
<input type="hidden" id="code" name="code" value="$securitycode" />
<label for="scode">Security Code:</label><br />
<img border="0" alt="Please enter the security code you see here" src="$path/mt-scode.cgi?code=$securitycode" /><br />
<input tabindex="3" id="scode" name="scode" /><br /><br />
<!-- end of Security Code Check -->
|
