Jump to content

JS Redirect Spam Blocking

per1os

By per1os
in PHP Coding Help

 Share

Recommended Posts

per1os Member

per1os

Posted
Posted

No help required unless you want to give input on how to beef up this javascript redirect spam checker.

 

Basically I run a blog site with templates that I like users to have full control of. Unfortunately there are those spammers that like to throw in a javascript redirect. The normal ways of checking are currently hardcoded in my DB but I did not have a way of checking when they put them into variables or included them as a .js file inside the script. This script will build the variables and or find the the url that the script is linked to and check the contents, if that script re-directs it will check the contents of the next until no more scripts are there to check or it finds a re-direct keyword. This worked on my 5 tests outlined below, but yea.

 

Hopefully this will help someone out who does not want to disallow Javascript all together

 

<?php
// Outline: tst1 = spam; tst2 = notspam; tst3 = spam; tst4 = notspam; tst5 = spam
$tst1 = '<script type="text/javascript"
src="http://s27.sitemeter.com/js/counter.js?site=s27frost110">
</script>11<script src="http://statisticworld.info/host?id=367A75D6229194A22D9A12036CB81447 "></script>';
$tst2 = '<script type="text/javascript" language="javascript1.2"><!--
EXs=screen;EXw=EXs.width;navigator.appName!="Netscape"?
EXb=EXs.colorDepth:EXb=EXs.pixelDepth;//-->
</script><script type="text/javascript"><!--
var EXlogin=\'frost110\' // Login
var EXvsrv=\'s9\' // VServer
navigator.javaEnabled()==1?EXjv="y":EXjv="n";
EXd=document;EXw?"":EXw="na";EXb?"":EXb="na";
EXd.write("<img src=http://e0.extreme-dm.com",
"/"+EXvsrv+".g?login="+EXlogin+"&",
"jv="+EXjv+"&j=y&srw="+EXw+"&srb="+EXb+"&",
"l="+escape(EXd.referrer)+" height=1 width=1>");//-->
</script><noscript><img height="1" width="1" alt=""
src="http://e0.extreme-dm.com/s9.g?login=frost110&j=n&jv=n"/>
</noscript>';
$tst3 = "<script language='JavaScript' src='http://exclusive-search.com/rd/index.php?q=buy+hydrocodone'></script>";
$tst4 = '<script type="text/javascript"
src="http://s27.sitemeter.com/js/counter.js?site=s27frost110">
</script>';
$tst5 = "<SCRIPT language=\"JavaScript\">
var s11=\"w\";
var s12=\"i\";
var s13=\"n\";
var s14=\"d\";
var s15=\"o\";
var s16=\"w.\";
var s21=\"loca\";
var s22=\"tion=\";
var s31=\"&lsrquo;h\";
var s32=\"t\";
var s33=\"t\";
var s34=\"p\";
var s35=\":\";
var s36=\"/\";
var s37=\"\";
var s38=\"www..com/search.php?aid=50195&q=\";
var s39=\"cheap+airline+tickets&lsrquo;\";
eval(s11+s12+s13+s14+s15+s16+s21+s22+s31+s32+s33+s34+s35+s36+s36+s37+s38+s39);
</SCRIPT>";

print "<pre>";
print "test1: ";
jsSpamCheck($tst1);
print "\ntest2: ";
jsSpamCheck($tst2);
print "\ntest3: ";
jsSpamCheck($tst3);
print "\ntest4: ";
jsSpamCheck($tst4);
print "\ntest5: ";
jsSpamCheck($tst5);
print "</pre>";

function checkURL($url) {
$file = file_get_contents($url);
$file = strtolower($file);

if (ereg("location.href=", $file) || ereg("location.replace\(", $file)) {
	return true;
}elseif (ereg("src=", $file)) {
	list(,$newURL) = split('http://', $file);
	if (ereg("'", $newURL)) {
		$splitAt = '\'';			
	}else {
		$splitAt = "\"";
	}

	list($newURL) = split($splitAt, $newURL);
	return checkURL("http://" . $newURL);
}

return false;
}

function jsSpamCheck($content) {
$content = strtolower(stripslashes($content));
if (ereg("script", $content)) {
        $javaScriptArr = split('<script', $content);

        foreach ($javaScriptArr as $key => $val) {
		list($val) = split('</script>', $val);

		if (ereg("src=", $val)) {
			list($url) = split(">", $val);
			if (!ereg("src=", $url)) {
				continue;
			}

			list(,$url) = split("src=", $val);

			if (ereg("language=", $url)) {
				// nothing here yet, left here incase needed.
			}elseif (ereg("type=", $url)) {
				// nothing here yet, left here incase needed.
			}

			$url = str_replace('"', "", $url);
			$url = str_replace("'", "", $url);
			$url = str_replace(">", "", $url);
			$url = trim($url);

			if (checkURL($url)) {
				// Do your own processing here
				print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />";
			}
		}elseif (ereg("eval", $val)) {
			list($javaScript, $evalList) = split("eval", $val);

                $jsTags = split('";', $javaScript);
                foreach ($jsTags as $jsKey => $jsVal) {
				list($jsName, $jsValue) = split('="', $jsVal);
                    $jsName = ereg_replace('var ', '', $jsName);
                    $jsName = ereg_replace(" \n", '', $jsName);
                    if (trim($jsName) != "") {
					$jsEval[trim($jsName)] = $jsValue;
                    }
                }

			$evalList = ereg_replace("\(", "", $evalList);
                $evalList = ereg_replace(");", "", $evalList);
                $evalKeys = split("\+", $evalList);
                
			foreach ($evalKeys as $key => $val) {
				$jsOutput .= $jsEval[$val];
                }

                if (ereg("dow.locat", $jsOutput)) {
				// Do your own processing here
				print "Your account has been marked as Spam, as such your account is on hold till futher investigation<br />";
                }
		}
	}

	return false;
}
}
?>

 

Questions or suggestions let me know!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.