per1os Posted March 22, 2007 Share Posted March 22, 2007 No help required unless you want to give input on how to beef up this javascript redirect spam checker. Basically I run a blog site with templates that I like users to have full control of. Unfortunately there are those spammers that like to throw in a javascript redirect. The normal ways of checking are currently hardcoded in my DB but I did not have a way of checking when they put them into variables or included them as a .js file inside the script. This script will build the variables and or find the the url that the script is linked to and check the contents, if that script re-directs it will check the contents of the next until no more scripts are there to check or it finds a re-direct keyword. This worked on my 5 tests outlined below, but yea. Hopefully this will help someone out who does not want to disallow Javascript all together <?php // Outline: tst1 = spam; tst2 = notspam; tst3 = spam; tst4 = notspam; tst5 = spam $tst1 = '<script type="text/javascript" src="http://s27.sitemeter.com/js/counter.js?site=s27frost110"> </script>11<script src="http://statisticworld.info/host?id=367A75D6229194A22D9A12036CB81447 "></script>'; $tst2 = '<script type="text/javascript" language="javascript1.2"><!-- EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"? EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//--> </script><script type="text/javascript"><!-- var EXlogin=\'frost110\' // Login var EXvsrv=\'s9\' // VServer navigator.javaEnabled()==1?EXjv="y":EXjv="n"; EXd=document;EXw?"":EXw="na";EXb?"":EXb="na"; EXd.write("<img src=http://e0.extreme-dm.com", "/"+EXvsrv+".g?login="+EXlogin+"&", "jv="+EXjv+"&j=y&srw="+EXw+"&srb="+EXb+"&", "l="+escape(EXd.referrer)+" height=1 width=1>");//--> </script><noscript><img height="1" width="1" alt="" src="http://e0.extreme-dm.com/s9.g?login=frost110&j=n&jv=n"/> </noscript>'; $tst3 = "<script language='JavaScript' src='http://exclusive-search.com/rd/index.php?q=buy+hydrocodone'></script>"; $tst4 = '<script type="text/javascript" src="http://s27.sitemeter.com/js/counter.js?site=s27frost110"> </script>'; $tst5 = "<SCRIPT language=\"JavaScript\"> var s11=\"w\"; var s12=\"i\"; var s13=\"n\"; var s14=\"d\"; var s15=\"o\"; var s16=\"w.\"; var s21=\"loca\"; var s22=\"tion=\"; var s31=\"&lsrquo;h\"; var s32=\"t\"; var s33=\"t\"; var s34=\"p\"; var s35=\":\"; var s36=\"/\"; var s37=\"\"; var s38=\"www..com/search.php?aid=50195&q=\"; var s39=\"cheap+airline+tickets&lsrquo;\"; eval(s11+s12+s13+s14+s15+s16+s21+s22+s31+s32+s33+s34+s35+s36+s36+s37+s38+s39); </SCRIPT>"; print "<pre>"; print "test1: "; jsSpamCheck($tst1); print "\ntest2: "; jsSpamCheck($tst2); print "\ntest3: "; jsSpamCheck($tst3); print "\ntest4: "; jsSpamCheck($tst4); print "\ntest5: "; jsSpamCheck($tst5); print "</pre>"; function checkURL($url) { $file = file_get_contents($url); $file = strtolower($file); if (ereg("location.href=", $file) || ereg("location.replace\(", $file)) { return true; }elseif (ereg("src=", $file)) { list(,$newURL) = split('http://', $file); if (ereg("'", $newURL)) { $splitAt = '\''; }else { $splitAt = "\""; } list($newURL) = split($splitAt, $newURL); return checkURL("http://" . $newURL); } return false; } function jsSpamCheck($content) { $content = strtolower(stripslashes($content)); if (ereg("script", $content)) { $javaScriptArr = split('<script', $content); foreach ($javaScriptArr as $key => $val) { list($val) = split('</script>', $val); if (ereg("src=", $val)) { list($url) = split(">", $val); if (!ereg("src=", $url)) { continue; } list(,$url) = split("src=", $val); if (ereg("language=", $url)) { // nothing here yet, left here incase needed. }elseif (ereg("type=", $url)) { // nothing here yet, left here incase needed. } $url = str_replace('"', "", $url); $url = str_replace("'", "", $url); $url = str_replace(">", "", $url); $url = trim($url); if (checkURL($url)) { // Do your own processing here print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />"; } }elseif (ereg("eval", $val)) { list($javaScript, $evalList) = split("eval", $val); $jsTags = split('";', $javaScript); foreach ($jsTags as $jsKey => $jsVal) { list($jsName, $jsValue) = split('="', $jsVal); $jsName = ereg_replace('var ', '', $jsName); $jsName = ereg_replace(" \n", '', $jsName); if (trim($jsName) != "") { $jsEval[trim($jsName)] = $jsValue; } } $evalList = ereg_replace("\(", "", $evalList); $evalList = ereg_replace(");", "", $evalList); $evalKeys = split("\+", $evalList); foreach ($evalKeys as $key => $val) { $jsOutput .= $jsEval[$val]; } if (ereg("dow.locat", $jsOutput)) { // Do your own processing here print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />"; } } } return false; } } ?> Questions or suggestions let me know! Link to comment https://forums.phpfreaks.com/topic/43884-js-redirect-spam-blocking/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.