Recent Topics

Periodic "referer spam 403"

Started by on Jan 30, 2006 – Contents updated: Jan 30, 2006

Jan 30, 2006 04:49    

For some reason when I'm moving around in the administrative interface I seem to randomly get the 403 Forbidden - referer spam page. In an ironic twist I always seem to get this error when I try to block one specific referer "tittivate.dirtymovies.net" which has spammed me. I'm running a current CVS copy of Phoenix.

Feb 12, 2006 06:48

More information: This is a repeatable error! If I attempt to delete any referer hits with a keyword already handled by the blacklist I always get this 403 error. Can anyone else confirm so I know this is not a server problem.

Feb 12, 2006 14:20

It's a known and stupid bug, because the keyword is in the url..

IMHO we should just not check for antispam in the backoffice, at least not the referer.

I'll ask François, if it's ok.

Feb 13, 2006 06:05

Thanks, I just wanted to check and see if someone knew where it was before I spent any serious time tracking it down.

Apr 15, 2006 21:41

I learned a little bit about this bug this week. I'll attempt to document what I've found in hopes that it helps the developers. Maybe all of this is known already but just in case...

OK. So I've installed b2evolution in a bunch of places on the web.

One of my clients (http://www.shannondenton.com) gets a complaint from a friendly site that they're trying to link to him but whenever they click through the link they get the 403 Referrer Spam error page.

It turns out, the linking site is doing it's linking from a page with an encoded character in the name. I replicated the page on my own site at http://www.robworley.com/About%20Me.html

It seems that %20 is triggering the 403.

I turned $debug on in the advanced config file and found out the validate_url function is tripping up during third test (the big preg_match deal).

Now, I stink at regular expressions...so that preg call is all greek to me.

As a workaround, I tried adding a urldecode call to the $url before doing the preg test, but it didn't like the $url with a space ("About me.html") any better than with the encode character.

As my current workaround, I simply added this line to the validate_url function in _misc.funcs.php, after the "if (empty($url))" test...

Code

$url = str_replace("%20", "_", $url);

This prevents the 403 error, but obviously is not a robust solution. It just gets past this one particular problem.

Anyhow...there you go. You may have already had that info, but if not, I hope it helps.

Love me some b2evo!

May 31, 2006 07:56

Robbo wrote:

It seems that %20 is triggering the 403.

[...]

As my current workaround, I simply added this line to the validate_url function in _misc.funcs.php, after the "if (empty($url))" test...

Code

$url = str_replace("%20", "_", $url);

This prevents the 403 error, but obviously is not a robust solution. It just gets past this one particular problem.

We have the same problem, the link from http://no.wikipedia.org/wiki/Selskapsl%C3%B8vene to our home page fails with the 403 "Please stop referer spam." message.

I've copied the code you so kindly gave out to the _misc.funs.php file, but it still does not work. And advice would be highly appriciated.

Is there any way to disable the check permanently?

#######

SOLUTION:

I saw of course that I needed to replace the special characters %C3 and %B8 aswell.

I've added this code and it now works perfectly:

Code

$url = str_replace("%20", "_", $url);
        $url = str_replace("%C3", "_", $url);
        $url = str_replace("%B8", "_", $url);

Jun 01, 2006 05:12

my google seacrh is gettinf blocked so
I would like to try this fix but can't find the line of code you are referring to?
this is the url that gets blocked so what do I write to unblock it please?
http://images.google.com.au/imgres?imgurl=http://www.blushbutter.com/media/creative_blue_preview2(edited).JPG&imgrefurl=http://www.blushbutter.com/&h=455&w=456&sz=56&tbnid=VaxRV6ptzRVggM:&tbnh=123&tbnw=124&hl=en&start=21&prev=/images%3Fq%3Ddigital%2Bscrapbooking%26start%3D20%26svnum%3D10%26hl%3Den%26lr%3D%26sa%3DN

than's for all your help in advance :D

Jun 01, 2006 11:59

Robbo wrote:

As my current workaround, I simply added this line to the validate_url function in _misc.funcs.php, after the "if (empty($url))" test...

(deleted your duplicate post)

¥

Jun 01, 2006 12:33

I back spaced and accidently must have triggered another post, I looked for the code but theres over 2000 lines of code so I was hoping there was a specific round about line number to find it, coz I found a few lines that could be it but look a little different, sorry I'm only a self taught Mum and not a programmer, so please be patient with me, thank-you. I here it's good to be listed with google for business, but I was told that my listing has this message come up so they didn't click to bypass it, worried about the forbidden bit so didn't go any further.

403 Forbidden
Please stop referer spam.
We have identified that you have been refered here by a known or supposed spammer.
If you feel this is an error, please bypass this message and leave us a comment about the error. We are sorry for the inconvenience.
If you are actually doing referer spam, please note that this website/b2evolution no longer records and publishes referers. Not even legitimate ones! While we understand it was fun for you guys while it lasted, please understand our servers cannot take the load of all this cumulated spam any longer... Thank you.

The majority of my clients are older generation and get worried about things like this being a virus so don't click through.
thank you for quick reply :D

Jun 01, 2006 12:38

No problem ;)

evocore/_misc.funcs.php line 1211 (approx)

PHP

function validate_url$url, & $allowed_uri_scheme )
{
    global $debug$Debuglog;
 
    if( empty($url) )
    { // Empty URL, no problem
        return false;
    }
 
/* put the code here */

¥


Form is loading...

blogtool – This forum is powered by b2evolution CMS, a complete engine for your website.