0
/
leftypol_lainchan
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Compare commits

base: 0:d478f65ba012033751860932416ebb276bd748f6
Branches Tags
0:deploy_spamnoticer
0:debug_profile
0:icecat_fix
0:new_posts_ajax_stuff
..
compare: 0:77aac5117214614bd88cccefffb6a8c28de0aab8
Branches Tags
0:debug_profile
0:icecat_fix
0:deploy_spamnoticer
0:new_posts_ajax_stuff

2 Commits
d478f65ba0 ... 77aac51172

Author SHA1 Message Date
towards-a-new-leftypol 77aac51172 Autoformat (vim) anti-bot.php to use spaces instead of tabs and spaces 2024-06-11 18:51:10 -04:00
towards-a-new-leftypol ce93e6f442 Anti-bot: print out failure cases and construction 
- enable anti-bot spam protection setting but comment out it's rejection
- will monitor the output log to check for false-positives and just see
  what it's rejecting...
 2024-06-11 18:48:04 -04:00
3 changed files with 311 additions and 264 deletions
Show Stats Expand all files Collapse all files

571
inc/anti-bot.php
View File

@ -11,302 +11,347 @@ $hidden_inputs_twig = array();
$logfile = "/tmp/lainchan_err.out"; $logfile = "/tmp/lainchan_err.out";
function print_err($s) { function print_err($s) {
global $logfile; global $logfile;
file_put_contents($logfile, $s . "\n", FILE_APPEND); $datetime = new Datetime();
file_put_contents(
$logfile,
$datetime->format(DateTime::ATOM) . " " . $s . "\n",
FILE_APPEND
);
} }
function getStackTraceAsString() { function getStackTraceAsString() {
$stackTrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); $stackTrace = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
$traceString = ''; $traceString = '';
foreach ($stackTrace as $index => $entry) { foreach ($stackTrace as $index => $entry) {
if ($index > 0) { if ($index > 0) {
$traceString .= sprintf( $traceString .= sprintf(
"#%d %s(%d): %s%s", "#%d %s(%d): %s%s",
$index - 1, $index - 1,
isset($entry['file']) ? $entry['file'] : 'unknown', isset($entry['file']) ? $entry['file'] : 'unknown',
isset($entry['line']) ? $entry['line'] : 0, isset($entry['line']) ? $entry['line'] : 0,
isset($entry['class']) ? $entry['class'] . $entry['type'] . $entry['function'] : $entry['function'], isset($entry['class']) ? $entry['class'] . $entry['type'] . $entry['function'] : $entry['function'],
PHP_EOL PHP_EOL
); );
}
} }
}
return $traceString; return $traceString;
} }
// print_err("\n\nSTART\n\n"); // print_err("\n\nSTART\n\n");
class AntiBot { class AntiBot {
public $salt, $inputs = array(), $index = 0; public $salt, $inputs = array(), $index = 0;
public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
$chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
if ($uppercase)
$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
if ($special_chars)
$chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
if ($unicode_chars) {
$len = strlen($chars) / 10;
for ($n = 0; $n < $len; $n++)
$chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
}
$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
$ch = array();
// fill up $ch until we reach $length
while (count($ch) < $length) {
$n = $length - count($ch);
$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
if ($n == 1) {
$ch[] = $chars[$keys];
break;
}
shuffle($keys);
foreach ($keys as $key)
$ch[] = $chars[$key];
}
$chars = $ch;
return implode('', $chars);
}
public static function make_confusing($string) {
$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
foreach ($chars as &$c) {
if (mt_rand(0, 3) != 0)
$c = utf8tohtml($c);
else
$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
}
return implode('', $chars);
}
public function __construct(array $salt = array()) {
global $config;
if (!empty($salt)) {
// create a salted hash of the "extra salt"
$this->salt = implode(':', $salt);
} else {
$this->salt = '';
}
shuffle($config['spam']['hidden_input_names']);
$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
$hidden_input_names_x = 0;
for ($x = 0; $x < $input_count ; $x++) {
if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
// Use an obscure name
$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
} else {
// Use a pre-defined confusing name
$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
$hidden_input_names_x = false;
}
if (mt_rand(0, 2) == 0) {
// Value must be null
$this->inputs[$name] = '';
} elseif (mt_rand(0, 4) == 0) {
// Numeric value
$this->inputs[$name] = (string)mt_rand(0, 100000);
} else {
// Obscure value
$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
}
}
}
public static function space() {
if (mt_rand(0, 3) != 0)
return ' ';
return str_repeat(' ', mt_rand(1, 3));
}
public function html($count = false) {
global $config;
$elements = array(
'<input type="hidden" name="%name%" value="%value%">',
'<input type="hidden" value="%value%" name="%name%">',
'<input name="%name%" value="%value%" type="hidden">',
'<input value="%value%" name="%name%" type="hidden">',
'<input style="display:none" type="text" name="%name%" value="%value%">',
'<input style="display:none" type="text" value="%value%" name="%name%">',
'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
'<textarea style="display:none" name="%name%">%value%</textarea>',
'<textarea name="%name%" style="display:none">%value%</textarea>'
);
$html = '';
if ($count === false) {
$count = mt_rand(1, round(abs(count($this->inputs) / 15)) + 1);
}
if ($count === true) {
// all elements
$inputs = array_slice($this->inputs, $this->index);
} else {
$inputs = array_slice($this->inputs, $this->index, $count);
}
$this->index += count($inputs);
foreach ($inputs as $name => $value) {
$element = false;
while (!$element) {
$element = $elements[array_rand($elements)];
$element = str_replace(' ', self::space(), $element);
if (mt_rand(0, 5) == 0)
$element = str_replace('>', self::space() . '>', $element);
if (strpos($element, 'textarea') !== false && $value == '') {
// There have been some issues with mobile web browsers and empty <textarea>'s.
$element = false;
}
}
$element = str_replace('%name%', utf8tohtml($name), $element);
if (mt_rand(0, 2) == 0)
$value = $this->make_confusing($value);
else
$value = utf8tohtml($value);
if (strpos($element, 'textarea') === false)
$value = str_replace('"', '&quot;', $value);
$element = str_replace('%value%', $value, $element);
$html .= $element;
}
return $html;
}
public function reset() {
$this->index = 0;
}
public function hash() {
global $config;
// This is the tricky part: create a hash to validate it after public static function randomString($length, $uppercase = false, $special_chars = false, $unicode_chars = false) {
// First, sort the keys in alphabetical order (A-Z) $chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
$inputs = $this->inputs; if ($uppercase)
ksort($inputs); $chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
if ($special_chars)
$hash = ''; $chars .= ' ~!@#$%^&*()_+,./;\'[]\\{}|:<>?=-` ';
// Iterate through each input if ($unicode_chars) {
foreach ($inputs as $name => $value) { $len = strlen($chars) / 10;
$hash .= $name . '=' . $value; for ($n = 0; $n < $len; $n++)
} $chars .= mb_convert_encoding('&#' . mt_rand(0x2600, 0x26FF) . ';', 'UTF-8', 'HTML-ENTITIES');
// Add a salt to the hash }
$hash .= $config['cookies']['salt'];
$chars = preg_split('//u', $chars, -1, PREG_SPLIT_NO_EMPTY);
// Use SHA1 for the hash
return sha1($hash . $this->salt); $ch = array();
}
// fill up $ch until we reach $length
while (count($ch) < $length) {
$n = $length - count($ch);
$keys = array_rand($chars, $n > count($chars) ? count($chars) : $n);
if ($n == 1) {
$ch[] = $chars[$keys];
break;
}
shuffle($keys);
foreach ($keys as $key)
$ch[] = $chars[$key];
}
$chars = $ch;
return implode('', $chars);
}
public static function make_confusing($string) {
$chars = preg_split('//u', $string, -1, PREG_SPLIT_NO_EMPTY);
foreach ($chars as &$c) {
if (mt_rand(0, 3) != 0)
$c = utf8tohtml($c);
else
$c = mb_encode_numericentity($c, array(0, 0xffff, 0, 0xffff), 'UTF-8');
}
return implode('', $chars);
}
public function __construct(array $salt = array()) {
global $config;
if (!empty($salt)) {
// create a salted hash of the "extra salt"
$this->salt = implode(':', $salt);
} else {
$this->salt = '';
}
shuffle($config['spam']['hidden_input_names']);
$input_count = mt_rand($config['spam']['hidden_inputs_min'], $config['spam']['hidden_inputs_max']);
$hidden_input_names_x = 0;
for ($x = 0; $x < $input_count ; $x++) {
if ($hidden_input_names_x === false || mt_rand(0, 2) == 0) {
// Use an obscure name
$name = $this->randomString(mt_rand(10, 40), false, false, $config['spam']['unicode']);
} else {
// Use a pre-defined confusing name
$name = $config['spam']['hidden_input_names'][$hidden_input_names_x++];
if ($hidden_input_names_x >= count($config['spam']['hidden_input_names']))
$hidden_input_names_x = false;
}
if (mt_rand(0, 2) == 0) {
// Value must be null
$this->inputs[$name] = '';
} elseif (mt_rand(0, 4) == 0) {
// Numeric value
$this->inputs[$name] = (string)mt_rand(0, 100000);
} else {
// Obscure value
$this->inputs[$name] = $this->randomString(mt_rand(5, 100), true, true, $config['spam']['unicode']);
}
}
}
public static function space() {
if (mt_rand(0, 3) != 0)
return ' ';
return str_repeat(' ', mt_rand(1, 3));
}
public function html($count = false) {
global $config;
$elements = array(
'<input type="hidden" name="%name%" value="%value%">',
'<input type="hidden" value="%value%" name="%name%">',
'<input name="%name%" value="%value%" type="hidden">',
'<input value="%value%" name="%name%" type="hidden">',
'<input style="display:none" type="text" name="%name%" value="%value%">',
'<input style="display:none" type="text" value="%value%" name="%name%">',
'<span style="display:none"><input type="text" name="%name%" value="%value%"></span>',
'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
'<div style="display:none"><input type="text" name="%name%" value="%value%"></div>',
'<textarea style="display:none" name="%name%">%value%</textarea>',
'<textarea name="%name%" style="display:none">%value%</textarea>'
);
$html = '';
if ($count === false) {
$count = mt_rand(1, round(abs(count($this->inputs) / 15)) + 1);
}
if ($count === true) {
// all elements
$inputs = array_slice($this->inputs, $this->index);
} else {
$inputs = array_slice($this->inputs, $this->index, $count);
}
$this->index += count($inputs);
foreach ($inputs as $name => $value) {
$element = false;
while (!$element) {
$element = $elements[array_rand($elements)];
$element = str_replace(' ', self::space(), $element);
if (mt_rand(0, 5) == 0)
$element = str_replace('>', self::space() . '>', $element);
if (strpos($element, 'textarea') !== false && $value == '') {
// There have been some issues with mobile web browsers and empty <textarea>'s.
$element = false;
}
}
$element = str_replace('%name%', utf8tohtml($name), $element);
if (mt_rand(0, 2) == 0)
$value = $this->make_confusing($value);
else
$value = utf8tohtml($value);
if (strpos($element, 'textarea') === false)
$value = str_replace('"', '&quot;', $value);
$element = str_replace('%value%', $value, $element);
$html .= $element;
}
return $html;
}
public function reset() {
$this->index = 0;
}
public function hash() {
global $config;
// This is the tricky part: create a hash to validate it after
// First, sort the keys in alphabetical order (A-Z)
$inputs = $this->inputs;
ksort($inputs);
$hash = '';
// Iterate through each input
foreach ($inputs as $name => $value) {
$hash .= $name . '=' . $value;
}
// Add a salt to the hash
$hash .= $config['cookies']['salt'];
// Use SHA1 for the hash
return sha1($hash . $this->salt);
}
public function printErrVars() { //DELETE ME
$inputs = $this->inputs;
ksort($inputs);
print_err("Antibot " . $this->hash() . " inputs: " . json_encode($inputs));
}
} }
function _create_antibot($board, $thread) { function _create_antibot($board, $thread) {
global $config, $purged_old_antispam; global $config, $purged_old_antispam;
$antibot = new AntiBot(array($board, $thread)); $antibot = new AntiBot(array($board, $thread));
if (!isset($purged_old_antispam)) { if (!isset($purged_old_antispam)) {
$purged_old_antispam = true; $purged_old_antispam = true;
query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error()); query('DELETE FROM ``antispam`` WHERE `expires` < UNIX_TIMESTAMP()') or error(db_error());
} }
if ($thread) if ($thread)
$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL'); $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` = :thread AND `expires` IS NULL');
else else
$query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL'); $query = prepare('UPDATE ``antispam`` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE `board` = :board AND `thread` IS NULL AND `expires` IS NULL');
$query->bindValue(':board', $board); $query->bindValue(':board', $board);
if ($thread) if ($thread)
$query->bindValue(':thread', $thread); $query->bindValue(':thread', $thread);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)'); $query = prepare('INSERT INTO ``antispam`` VALUES (:board, :thread, :hash, UNIX_TIMESTAMP(), NULL, 0)');
$query->bindValue(':board', $board); $query->bindValue(':board', $board);
$query->bindValue(':thread', $thread); $query->bindValue(':thread', $thread);
$query->bindValue(':hash', $antibot->hash()); $query->bindValue(':hash', $antibot->hash());
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
return $antibot; $antibot->printErrVars();
return $antibot;
}
function dumpVars($extra_salt) {
global $config;
print_err("Check Spam POST data: " . json_encode($_POST));
/*
foreach ($_POST as $name => $value) {
$is_valid_input = in_array($name, $config['spam']['valid_inputs']) ? "valid" : "invalid";
print_err(" $name: $value ($is_valid_input)");
}
*/
if (!empty($extra_salt)) {
$extra_salt = implode(':', $extra_salt);
} else {
$extra_salt = '';
}
print_err("extra_salt: $extra_salt");
} }
function checkSpam(array $extra_salt = array()) { function checkSpam(array $extra_salt = array()) {
global $config, $pdo; global $config, $pdo;
if (!isset($_POST['hash'])) #print_err("checkSpam start");
return true; $extra_salt_orig = $extra_salt;
$hash = $_POST['hash']; if (!isset($_POST['hash'])) {
print_err("checkSpam: _POST array doesn't have key 'hash', check failed.");
dumpVars($extra_salt_orig);
return true;
}
if (!empty($extra_salt)) { $hash = $_POST['hash'];
// create a salted hash of the "extra salt"
$extra_salt = implode(':', $extra_salt);
} else {
$extra_salt = '';
}
// Reconsturct the $inputs array if (!empty($extra_salt)) {
$inputs = array(); // create a salted hash of the "extra salt"
$extra_salt = implode(':', $extra_salt);
} else {
$extra_salt = '';
}
foreach ($_POST as $name => $value) { // Reconsturct the $inputs array
if (in_array($name, $config['spam']['valid_inputs'])) $inputs = array();
continue;
$inputs[$name] = $value; foreach ($_POST as $name => $value) {
} if (in_array($name, $config['spam']['valid_inputs']))
continue;
// Sort the inputs in alphabetical order (A-Z) $inputs[$name] = $value;
ksort($inputs); }
$_hash = ''; // Sort the inputs in alphabetical order (A-Z)
ksort($inputs);
// Iterate through each input $_hash = '';
foreach ($inputs as $name => $value) {
$_hash .= $name . '=' . $value;
}
// Add a salt to the hash // Iterate through each input
$_hash .= $config['cookies']['salt']; foreach ($inputs as $name => $value) {
$_hash .= $name . '=' . $value;
}
// Use SHA1 for the hash // Add a salt to the hash
$_hash = sha1($_hash . $extra_salt); $_hash .= $config['cookies']['salt'];
if ($hash != $_hash) { // Use SHA1 for the hash
return true; $_hash = sha1($_hash . $extra_salt);
}
$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash'); if ($hash != $_hash) {
$query->bindValue(':hash', $hash); print_err("checkSpam: Hash values do not match! submitted hash value from POST data: $hash ; Computed hash value: $_hash");
$query->execute() or error(db_error($query)); dumpVars($extra_salt_orig);
if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) { return true;
// there was no database entry for this hash. most likely expired. }
return true;
}
return $hash; $query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
$query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query));
if ((($passed = $query->fetchColumn(0)) === false) || ($passed > $config['spam']['hidden_inputs_max_pass'])) {
// there was no database entry for this hash. most likely expired.
print_err("checkSpam: there was no database entry for this hash. most likely expired. $hash");
dumpVars($extra_salt_orig);
return true;
}
return $hash;
} }
function incrementSpamHash($hash) { function incrementSpamHash($hash) {
$query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash'); $query = prepare('UPDATE ``antispam`` SET `passed` = `passed` + 1 WHERE `hash` = :hash');
$query->bindValue(':hash', $hash); $query->bindValue(':hash', $hash);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
} }

2
inc/instance-config.php
View File

@ -132,7 +132,7 @@ $config['post_date'] = '%F (%a) %T';
$config['thread_subject_in_title'] = true; $config['thread_subject_in_title'] = true;
$config['spam']['enabled'] = false; $config['spam']['enabled'] = true;
$config['spam_noticer']['enabled'] = true; $config['spam_noticer']['enabled'] = true;
$config['spam_noticer']['base_url'] = 'http://localhost:8300'; $config['spam_noticer']['base_url'] = 'http://localhost:8300';
$config['spam_noticer']['ui_url'] = 'https://spamnoticer.leftychan.net/static/index.html'; $config['spam_noticer']['ui_url'] = 'https://spamnoticer.leftychan.net/static/index.html';

2
post.php
View File

@ -579,9 +579,11 @@ function handle_post(){
); );
//$post['antispam_hash'] = checkSpam(); //$post['antispam_hash'] = checkSpam();
/*
if ($post['antispam_hash'] === true) { if ($post['antispam_hash'] === true) {
error($config['error']['spam']); error($config['error']['spam']);
} }
*/
} }
if ($config['robot_enable'] && $config['robot_mute']) { if ($config['robot_enable'] && $config['robot_mute']) {