Hi:

Why, if I call the hacks.php file do I get this error:
Fatal error: Call to a member function on a non-object in /home/******/public_html/conf/hacks.php on line 8

That sort of depends on what's on line 8 of your conf/hacks.php file :D

Have you installed any other hacks? Are you running the latest version of b2evolution? Did you have the conf/hacks file before doing this hack? I'm just trying to learn what your line 8 is and why this hack is choking there.

One problem that I noticed in the hack I re-posted is that it assumes you either don't have a conf/hacks file or know how to tweak it nicely. Where this thread starts the conf/hacks file with a "<?php" is what I mean. If your hacks file already had it then you don't need it again. If on the other hand you never had a conf/hacks.php file then the code I copied from Isaac is exactly what you should use. It *should* work...

Other hacks and possibly older versions *might* be the reason you are getting an error.

If you're not running 0.9.0.12 (or at least 0.9.0.10 or 0.9.0.11 with both security patches installed) you should (a) upgrade and (b) not assume new hacks will work for you. If you have the latest version and installed the hack correctly (which is pretty simple eh?) then we have a problem and I would be happy to help you fix it.

Okay: what version are you running, what is in your hacks.php file from like line 1 to maybe line 12, and what other hacks do you have installed?

I'm using the latest version with security patches installed.
I've copied the code you posted and saved it as hacks.php into the conf/ folder. There wasn't any hacks.php file there before.
Line 8, I think, is this one:
$is_a_spammer = $DB->get_row("select aspm_ID, aspm_string from $tableantispam

Your instructions are very simple and I think I've followed them right but I get this error.

Okay that helps. The issue might be due to the editor you used to create the conf/hacks.php file. The line you show as line 8 should be much longer than what you copied here. It should be all this stuff on ONE line:

  $is_a_spammer = $DB->get_row("select aspm_ID, aspm_string from  $tableantispam where '" . $_SERVER['HTTP_REFERER'] . "' like concat('%',aspm_string,'%')");

Problem is phpbb will wrap the text to fit nicely on the screen, and, depending on which editor you use (and what settings it has) you might see that line broken up as line 8 and 9. That'd be b-a-d!

Just to show that line as one line in this forum, I'm going to try something:

  $foo = $DB->foo("select foo, bar from  $foo where '" . $_FOO['BAR'] . "' like foo('%',foobar,'%')");

Technically speaking that should be "fubar" but hey - foobar works! Well, I hope it is short enough to fit on your screen at your resolution... If nothing else it will show you where the spaces belong in the real line 8.

Good old notepad or fancy-schmancy wordpad work well for hacking php files. Of those two I sort of like wordpad better because it won't automatically do a word-wrap, but I don't use either. Something like MSWord is cool for documents you might print someday, but crap for code because it *assumes* you want everything to fit on a single sheet of paper. Some people use Dreamweaver to edit PHP files, others use FrontPage. My choice is [url=http://www.chami.com/html-kit/]HTML-Kit[/url]. It has a free version is why I like it. If you download HTML-Kit it will NOT do wordwrapping and, if it has to, it will show you that it is word-wrapping. It shows you each line number, which really helps troubleshooting issues like yours. If I ever get a job again I think I'll buy the full version because it's a wicked-cool editor.

Anyway, consider your editor and consider what line 8 should be. Open your conf/hacks.php file in some different editors (ideally something *very* simple, or, get HTML-Kit) and see if you can make line 8 be all the stuff I copied here.

Ok, I used TextPad 4.7.3 which until now behaved quite well but I will follow your recomendation.
Now, I corrected the line and now when I run the hacks.php I get a blank page, is that the correct behaviour?

Thanks for your help

Remove the hacks.php file and see if it restores your blog. Assuming your blog loads then there must be something wrong in your hacks.php file. We can then work on exactly what's wrong. If your blog still fails to load something else is wrong, but I'm 99% sure it's the hacks file.

I've seen that before: no error, but no page. It has always been because I did something wrong with my hacks file. The only way to fix it is to figure out exactly what the issue is.

One thing to look at, especially since your editor was an issue with line breaks, is "do you have any white space at the end of your hacks file?". White space refers to *anything* after the last "?>" including a return making a next line. The final character needs to be the ">". Anyway if getting rid of hacks will probably restore your blog. Then checking white space will maybe fix your hacks file.

Oh plus also make sure everything else 'looks right' in the hacks file. If your editor messed up one line it may have messed up others as well.

I explained my self wrong, my blog is loading perfectly:
http://www.guillermocasanova.net/ You can see by yourself.
What appears blank is the hacks.php file
That is, if I run http://www.guillermocasanova.net/conf/hacks.php , I get a blank page. Is that normal?

Probably.

There is no reason to actually run that file. b2evolution will run it every time your blog is requested by a visitor. If the visitor happens to be a spam referer then they won't get your blog. Instead they'll get a "403" error message. Everyone else will get your blog.

How can I be sure the script is doing what it is suppossed to do?
If you can answer this I will appreciate it and then no longer bother you since you have helped me well and enough

Best Regards

Hmmm...

With regard to the bit that went in the hacks file: You can't. Not right away anyway. What that hack does is subtle. First understand that a spammer who is pushing a domain name that is banned in your antispam table gets the whole page delivered in order to trigger the log_hit() function. At that point the hit is deemed a spammer and is not added to your hitlog table. This hack does it differently. As soon as a page is called by every visitor (including spammers) the hacks file is read. If the spammer is pushing a domain name that is banned in your antispam table they immediately get rejected AND get a 403 error. Most of them don't care about the 403 - they don't bother to clean up their lists, but you gain anyway. You gain by the spammer not taking all the server resources required to deliver the entire page before they are rejected.

Can you see your domain traffic data through your web host? My host gives me cpanel, which gives me (among other things) aw-stats. I like it. Anyway one of the things it shows me is an overall view of how much bandwidth by month my domain is using. In June 2005 my web ate up 3.46 gigs of traffic. In early July I installed Isaac's "instant-403 hack", and my bandwidth consumption dropped dramatically. 1.66 gigs for June 2005. It's back up now because I do way to much FTPing of stuff, but I can see that *I* am the cause of the traffic. Another proof positive that this hack is working is by looking at the amount of bandwidth for error 403 in each month. In June it was ZERO and in July it was 12.33 MEGS. That tells me that all other considerations aside, I traded 1.8 GIGS of spammers getting to my log_hit() function for 12.33 MEGS of giving them 403s instead.

The auto-pruner hack is different. As it says, you run it from time to time. Type the url into your address bar, and you will certainly see that it does something. It reduces the overall number of entries in your antispam table, which just makes the process of reviewing it a wee bit quicker for both spammer 403s and all visitors when they get to the log_hit() function.

I'll be watching for the bandwidth changes from now, its not that my site gets too much visits a month, it gets from 1.5 GB to 2 in Bandwidth. I hope with this new script to see if my visits are human or the: bandwidth-eating referrer spam robot, then we hope that your owner dies a painful death and rots in hell, and that his or her seed is scrubbed from the face of the earth.

Best Regards, your helps has been very professionnal

Bye

Might be a silly question, but I'm asking anyway... the antispam pruner can be set up to run from cron-job, say, once daily, yes...?

If above=yes
then can it be tagged onto the end of the antispam recheck so it all gets handled at once? I run my antispam recheck (excellent hack, by the way) once every 3 hours, which might be excessive, but it's been working ok for me so far. Would running the pruner be too cpu intensive to be running that frequently, and aside from cpu usage, is it maybe pointless to run it that often anyway?

This is my current b2antispam_poll.php file, run from cron every 3 hours:

<?php
require_once( dirname(__FILE__) . '/../conf/_config.php' );
$login_required = false;
require_once( dirname(__FILE__) . "/$admin_dirout/$core_subdir/_main.php" );
require_once (dirname(__FILE__).'/'.$admin_dirout.'/'.$core_subdir.'/_functions_antispam.php');
b2evonet_poll_abuse();
?>

jj.

I'd say running the pruner more than once a MONTH is probably excessive, unless you tend to ban lots of things yourself and suspect that new keywords handled them in a more efficient manner.

The biggest gain of the pruner is accomplished the very first time you run it, and for new blogs (or people who completely empty their antispam table) you won't get much of a bang out of it anymore. I removed over 400 keywords from the table based on the pruner, and since have seen cause to remove only 2 more.

Okay, yeah, I was wondering about that aspect as well. When I ran it on a test blog, it didn't prune anything at all.. I guess I can set it to run monthy via cron.

jj.

This is my story:
I installed b2evolution in my culture related well known portal. I had five blogs working. About a week after installing, it started getting web spam.
First of all, I used the tools provided in the control panel, then I installed plugins. Nothing seemed to work. One month later, my hosting provider told me to go, because I was using about 10 Gb bandwidth a day. I deleted b2evolution and its directory and bought a dedicated server. Spam keeps coming.

I have denied access to that directory from the htconf, but they keep trying to get the inexistent pages:

<Directory /directory/here>
Order Deny,Allow
Deny from All
</Directory>

When I read the error log, I find that every second there is about 20 attemps for that directory. Even that now my bandwidth is controlled, does anyone know is this can collapse my server if it keeps growing?. I am worried about the size of the error log. Does anyone know if it is possible to block an ip referer from the DNS server?.

Jorgr

your upstream provider can put an ip block in place, yes, however its typically done only in the most extreme of circumstances.

Its easier to handle those things with iptables/ipchains in LINUX, and/or whatever the Win2K server equiv is, though, if you cant manage it at the application level.

I installed the hack and it worked great - nice to see those bandwidth graphs looking much more normal!

The only problem I found was that the hack was causing MySQL to work very hard - only running version 3 so no query caching available. To solve the problem I modified the hack to do a simple caching of banned URLs.

Posting it here just in case it helps someone with a similar problem...

The cache works by creating a zero length file for each URL it bans and checking against this list before querying the database.

Create a directory called banned alongside your conf directory that is writable by the webserver and use this code:

<?php
/**
 * Bounce all referrers who are blacklisted
 * Isaac Z. Schlueter
 **/
if( !empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'],$baseurl) !== 0 )
{
  $filecheck = dirname(__FILE__) . "/../banned/".str_replace("/","_", $_SERVER['HTTP_REFERER']);
  if (file_exists($filecheck))	{
  	$is_a_spammer = 1;
  }
  else {	
  $is_a_spammer = $DB->get_row("select aspm_ID, aspm_string from  $tableantispam
      where '" . $_SERVER['HTTP_REFERER'] . "' like concat('%',aspm_string,'%')");
  }
  
  if( $is_a_spammer ) {
    header('HTTP/1.0 403 Forbidden');

    // un-comment the next line of code to redirect back to the referring
    // page. I didn't do this, in the event that perhaps there is a false
    // positive, but you needn't be so kind.
    // In any event, the bandwidth is teensy either way.
    // header('Location: ' . $_SERVER['HTTP_REFERER']);
    ?>
    <html><head><title>Stop Referrer Spam!</title>
    </head><body>
    <p>You are being denied access to this page because you have been referred here by a
      known spammer: [<?php echo $_SERVER['HTTP_REFERER'] ?>].</p>
    <p>If you have reached this page in error, feel free to
      <a href="<?php echo $baseurl . $ReqURL ?>">bypass this message</a> with our
      apologies. <p>Thank you, and sorry for the inconvenience.</p>

    <p style="text-align:center">--The Management</p>
    </body></html>
    <?php
    
    touch($filecheck);
    
    die();
  }
}
?>

As a side effect you can see which spammers are active by listing the contents of the banned directory in date order...

Jon

Hallo EdB!

Does the hack.php and b2antispam_prune.php work with 1.9.3?

nureac

Nope.