Ajax Shoutbox for phpnuke (tagshout) story

[doctornuke]

1.Prevent bot post (can apply to anyother guestbook)

1.1 for thost who can write apache directive
add these lines after </Directory>

<Directory /path_to_home/modules/tagshout>
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Allow from xxx.xxx.xxx.xxx
Deny from all
</LimitExcept>
</Directory>



where xxx.xxx.xx.xxx is your IP

[doctornuke]

1.2 for people who can not only write .htaccess
add these lines in .htaccess file in /modules/tagshout


<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Allow from xxx.xxx.xxx.xxx
Deny from all
</LimitExcept>

[doctornuke]

Remember that this just reduce some spamming but some scripts (...) can escape this htaccess protection.

[mentor]

Look ,you still have spam ..
I think you should have something like image protection (I don't know what they call ) .

[doctornuke]

Yeah. and I've just discover some .htaccess protections.

It will block domain (you have to find that domain trying to spam from webstat like awstat ,google analytics etc.)

RewriteEngine On
RewriteCond %{HTTP_REFERER} \.domain\.tld [NC]
#where domain like spammer.com ,tld =.com
RewriteRule .* - [F]
#if you can discover their IP ,said 12.163.72.13
RewriteCond %{REMOTE_ADDR} ^12\.163\.72\.13$
RewriteRule .* - [F,L]
# A new tactic - using SetEnvIfNoCase instead of RewriteCond - seems to be quite effective (esp for referrers).
# Original version found at http://blog.koehntopp.de/archives/67...k-Spammer.html
# Many spams and trackbacks come from User Agent Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
# I added a line (SetEnvIfNoCase User-Agent 9x 4.90 spammer=yes) to deny this User Agent - be aware that if you
# include this line you risk banning some genuine browsers, although I could find no genuine browsers using that UA in my logs
SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase Referer yelucie.com spammer=yes
SetEnvIfNoCase Referer crescentarian.net spammer=yes
SetEnvIfNoCase Referer andrewsaluk.com spammer=yes
SetEnvIfNoCase Referer tigerspice spammer=yes
SetEnvIfNoCase Referer doobu.com spammer=yes
SetEnvIfNoCase Referer camfun24 spammer=yes
SetEnvIfNoCase Referer latinonakedgirl spammer=yes
SetEnvIfNoCase Referer ronnieazza.com spammer=yes
SetEnvIfNoCase Referer highprofitclub spammer=yes
SetEnvIfNoCase Referer dvdsqueeze.com spammer=yes
SetEnvIfNoCase Referer sexsearchcom.com spammer=yes
SetEnvIfNoCase Referer 6q.org spammer=yes
SetEnvIfNoCase Referer d4f.de spammer=yes
SetEnvIfNoCase Referer adultactioncam spammer=yes
SetEnvIfNoCase Referer seventwentyfour.com spammer=yes
SetEnvIfNoCase Referer genaholincorporated.com spammer=yes
SetEnvIfNoCase Referer firsthorizonmtg.com spammer=yes
SetEnvIfNoCase Referer personalsites.info spammer=yes
SetEnvIfNoCase Referer bukakke-bukake-bukkake-bukkakke.com spammer=yes
SetEnvIfNoCase Referer camgirlslive.com spammer=yes
SetEnvIfNoCase Referer dvd-copy.com spammer=yes
SetEnvIfNoCase Referer shaffelrecords.com spammer=yes
SetEnvIfNoCase Referer mcr8.com spammer=yes
SetEnvIfNoCase Referer dating.blogs.com spammer=yes
SetEnvIfNoCase Referer online-casino-pops spammer=yes
SetEnvIfNoCase Referer 8thstreetlatinas spammer=yes
SetEnvIfNoCase Referer boysfirsttime.com spammer=yes
SetEnvIfNoCase Referer gofordgo.com spammer=yes
SetEnvIfNoCase Referer buy-hgh-human-growth-hormone.net spammer=yes

deny from env=spammer
deny from 66.28.54.254
deny from 12.163.72.13
deny from 71.57.133.162
deny from 84.92.124.116
deny from 196.7.0.160
deny from 210.43.0.225
deny from 219.93.174.107
deny from 205.134.241.50

# From Spamhuntress - code to deny the below user agents POST access to trackback
<Files trackback>
<limit POST>

SetEnvIf User-Agent "Mozilla" trackers
SetEnvIf User-Agent "Opera" trackers
SetEnvIf User-Agent ^$ trackers

Order Allow,Deny
Allow from all
Deny from env=trackers

</limit>
</Files>



credit
http://www.tomrafteryit.net/htaccess.txt

[mentor]

Thanks .. I will try to find some for my guestbook.

[doctornuke]

Hi ., summary is that , all these code above are BS ,can not protect any spam!.
So now I use image verification , the beta version of tagshout will be on download page soon.