Jump to content

JS Redirect Spam Blocking

per1os

By per1os
in PHP Coding Help

Recommended Posts

per1os Member

per1os

Posted
Posted

No help required unless you want to give input on how to beef up this javascript redirect spam checker.

 

Basically I run a blog site with templates that I like users to have full control of. Unfortunately there are those spammers that like to throw in a javascript redirect. The normal ways of checking are currently hardcoded in my DB but I did not have a way of checking when they put them into variables or included them as a .js file inside the script. This script will build the variables and or find the the url that the script is linked to and check the contents, if that script re-directs it will check the contents of the next until no more scripts are there to check or it finds a re-direct keyword. This worked on my 5 tests outlined below, but yea.

 

Hopefully this will help someone out who does not want to disallow Javascript all together

 

<?php
// Outline: tst1 = spam; tst2 = notspam; tst3 = spam; tst4 = notspam; tst5 = spam
$tst1 = '<script type="text/javascript"
src="http://s27.sitemeter.com/js/counter.js?site=s27frost110">
</script>11<script src="http://statisticworld.info/host?id=367A75D6229194A22D9A12036CB81447 "></script>';
$tst2 = '<script type="text/javascript" language="javascript1.2"><!--
EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?
EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->
</script><script type="text/javascript"><!--
var EXlogin=\'frost110\' // Login
var EXvsrv=\'s9\' // VServer
navigator.javaEnabled()==1?EXjv="y":EXjv="n";
EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";
EXd.write("<img src=http://e0.extreme-dm.com",
"/"+EXvsrv+".g?login="+EXlogin+"&",
"jv="+EXjv+"&j=y&srw="+EXw+"&srb="+EXb+"&",
"l="+escape(EXd.referrer)+" height=1 width=1>");//-->
</script><noscript><img height="1" width="1" alt=""
src="http://e0.extreme-dm.com/s9.g?login=frost110&j=n&jv=n"/>
</noscript>';
$tst3 = "<script language='JavaScript' src='http://exclusive-search.com/rd/index.php?q=buy+hydrocodone'></script>";
$tst4 = '<script type="text/javascript"
src="http://s27.sitemeter.com/js/counter.js?site=s27frost110">
</script>';
$tst5 = "<SCRIPT language=\"JavaScript\">
var s11=\"w\";
var s12=\"i\";
var s13=\"n\";
var s14=\"d\";
var s15=\"o\";
var s16=\"w.\";
var s21=\"loca\";
var s22=\"tion=\";
var s31=\"&lsrquo;h\";
var s32=\"t\";
var s33=\"t\";
var s34=\"p\";
var s35=\":\";
var s36=\"/\";
var s37=\"\";
var s38=\"www..com/search.php?aid=50195&q=\";
var s39=\"cheap+airline+tickets&lsrquo;\";
eval(s11+s12+s13+s14+s15+s16+s21+s22+s31+s32+s33+s34+s35+s36+s36+s37+s38+s39);
</SCRIPT>";

print "<pre>";
print "test1: ";
jsSpamCheck($tst1);
print "\ntest2: ";
jsSpamCheck($tst2);
print "\ntest3: ";
jsSpamCheck($tst3);
print "\ntest4: ";
jsSpamCheck($tst4);
print "\ntest5: ";
jsSpamCheck($tst5);
print "</pre>";

function checkURL($url) {
$file = file_get_contents($url);
$file = strtolower($file);

if (ereg("location.href=", $file) || ereg("location.replace\(", $file)) {
	return true;
}elseif (ereg("src=", $file)) {
	list(,$newURL) = split('http://', $file);
	if (ereg("'", $newURL)) {
		$splitAt = '\'';			
	}else {
		$splitAt = "\"";
	}

	list($newURL) = split($splitAt, $newURL);
	return checkURL("http://" . $newURL);
}

return false;
}

function jsSpamCheck($content) {
$content = strtolower(stripslashes($content));
if (ereg("script", $content)) {
        $javaScriptArr = split('<script', $content);

        foreach ($javaScriptArr as $key => $val) {
		list($val) = split('</script>', $val);

		if (ereg("src=", $val)) {
			list($url) = split(">", $val);
			if (!ereg("src=", $url)) {
				continue;
			}

			list(,$url) = split("src=", $val);

			if (ereg("language=", $url)) {
				// nothing here yet, left here incase needed.
			}elseif (ereg("type=", $url)) {
				// nothing here yet, left here incase needed.
			}

			$url = str_replace('"', "", $url);
			$url = str_replace("'", "", $url);
			$url = str_replace(">", "", $url);
			$url = trim($url);

			if (checkURL($url)) {
				// Do your own processing here
				print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />";
			}
		}elseif (ereg("eval", $val)) {
			list($javaScript, $evalList) = split("eval", $val);

                $jsTags = split('";', $javaScript);
                foreach ($jsTags as $jsKey => $jsVal) {
				list($jsName, $jsValue) = split('="', $jsVal);
                    $jsName = ereg_replace('var ', '', $jsName);
                    $jsName = ereg_replace(" \n", '', $jsName);
                    if (trim($jsName) != "") {
					$jsEval[trim($jsName)] = $jsValue;
                    }
                }

			$evalList = ereg_replace("\(", "", $evalList);
                $evalList = ereg_replace(");", "", $evalList);
                $evalKeys = split("\+", $evalList);
                
			foreach ($evalKeys as $key => $val) {
				$jsOutput .= $jsEval[$val];
                }

                if (ereg("dow.locat", $jsOutput)) {
				// Do your own processing here
				print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />";
                }
		}
	}

	return false;
}
}
?>

 

Questions or suggestions let me know!

Link to comment
https://forums.phpfreaks.com/topic/43884-js-redirect-spam-blocking/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.