今天連上自己的網誌,熊熊發現右邊回覆欄多了好幾(百)串回覆...想也知道是被那該死的自動機器人攻擊。跑到軒仔的網誌看看他有沒有被炸,幸好沒有…
然後就趕緊到TT相關的網站找尋解決方法。
在
彤影 的網誌中找到防範的方法:
適用對象:Tatter Tools Blog 0.9X
‧利用Session ID及隨機圖檔對應生成Comment驗證碼,截取Session ID產生驗證碼,故在Session過期前驗證碼不會變(此非錯誤不需回報)。
‧免GD模組,但需自行製作亂數名稱圖檔上傳。
第一步:製作圖檔
‧製作數字0-9及英文字母a-z共36張文字圖片
‧將所有圖檔任意命名,不可有任何規律性
‧另行記下檔名與圖片文字的對應
‧在images/下新開一個資料夾,命名為code,將所有圖片上傳於其中
第二步:修改『 inc_function.php 』
‧找到以下內容:
if (!$c_guest_homepage) $c_guest_homepage = "http://";
if (return_authority()) { $buf = substr($p_user_pass, 8); $is_admin = 1; }
else $is_admin = 0;
$bf1 .= $skin->s_rp;
$bf1 = str_replace("[##_guest_name_##]", $c_guest_name, $bf1);
‧在其加入以下紅字內容,變成如下:
展開閱讀..
if (!$c_guest_homepage) $c_guest_homepage = "http://";
if (return_authority()) { $buf = substr($p_user_pass, 8); $is_admin = 1; }
else $is_admin = 0;
$scode[0] = substr(session_id(), 0, 1);
$scode[1] = substr(session_id(), 1, 1);
$scode[2] = substr(session_id(), 2, 1);
$scode[3] = substr(session_id(), 3, 1);
/* 請將(filename)置換為先前記錄之對應檔名,不需加後綴(如.gif、.jpg) */
for ($i=0; $i<4; $i++) {
if ($scode[$i]== "1") $scode[$i] = "(filename)";
elseif ($scode[$i] == "2") $scode[$i] = "(filename)";
elseif ($scode[$i] == "3") $scode[$i] = "(filename)";
elseif ($scode[$i] == "4") $scode[$i] = "(filename)";
elseif ($scode[$i] == "5") $scode[$i] = "(filename)";
elseif ($scode[$i] == "6") $scode[$i] = "(filename)";
elseif ($scode[$i] == "7") $scode[$i] = "(filename)";
elseif ($scode[$i] == "8") $scode[$i] = "(filename)";
elseif ($scode[$i] == "9") $scode[$i] = "(filename)";
elseif ($scode[$i] == "0") $scode[$i] = "(filename)";
elseif ($scode[$i] == "a") $scode[$i] = "(filename)";
elseif ($scode[$i] == "b") $scode[$i] = "(filename)";
elseif ($scode[$i] == "c") $scode[$i] = "(filename)";
elseif ($scode[$i] == "d") $scode[$i] = "(filename)";
elseif ($scode[$i] == "e") $scode[$i] = "(filename)";
elseif ($scode[$i] == "f") $scode[$i] = "(filename)";
elseif ($scode[$i] == "g") $scode[$i] = "(filename)";
elseif ($scode[$i] == "h") $scode[$i] = "(filename)";
elseif ($scode[$i] == "i") $scode[$i] = "(filename)";
elseif ($scode[$i] == "j") $scode[$i] = "(filename)";
elseif ($scode[$i] == "k") $scode[$i] = "(filename)";
elseif ($scode[$i] == "l") $scode[$i] = "(filename)";
elseif ($scode[$i] == "m") $scode[$i] = "(filename)";
elseif ($scode[$i] == "n") $scode[$i] = "(filename)";
elseif ($scode[$i] == "o") $scode[$i] = "(filename)";
elseif ($scode[$i] == "p") $scode[$i] = "(filename)";
elseif ($scode[$i] == "q") $scode[$i] = "(filename)";
elseif ($scode[$i] == "r") $scode[$i] = "(filename)";
elseif ($scode[$i] == "s") $scode[$i] = "(filename)";
elseif ($scode[$i] == "t") $scode[$i] = "(filename)";
elseif ($scode[$i] == "u") $scode[$i] = "(filename)";
elseif ($scode[$i] == "v") $scode[$i] = "(filename)";
elseif ($scode[$i] == "w") $scode[$i] = "(filename)";
elseif ($scode[$i] == "x") $scode[$i] = "(filename)";
elseif ($scode[$i] == "y") $scode[$i] = "(filename)";
elseif ($scode[$i] == "z") $scode[$i] = "(filename)";
}
/* 如果圖檔為.jpg而非.gif請自行替換類型 */
$scode[4] = "<img src=$s_root_path"."images/code/$scode[0].gif><img src=$s_root_path"."images/code/$scode[1].gif><img
src=$s_root_path"."images/code/$scode[2].gif><img src=$s_root_path"."images/code/$scode[3].gif>";
$bf1 .= $skin->s_rp;
$bf1 = str_replace("[##_rp_input_code_##]", $scode[4], $bf1);
$bf1 = str_replace("[##_guest_name_##]", $c_guest_name, $bf1);
第三步:修改『 add_exe.php 』
‧找到以下內容:
setcookie ("c_guest_homepage", $c_homepage, time()+60*60*24*30);
put_query ("
insert into t3_".$dbid."_reply (
pno, name, homepage, body, password, is_secret, regdate, ip
) values (
$num, '".str_tag_off($c_name)."', '".str_tag_off($c_homepage)."', '".str_tag_off($c_body)."',
password('$c_password'), '$c_is_secret', '".time()."', '".$REMOTE_ADDR."'
)
");
set_rp_cnt($num);
‧在其加入以下紅自內容,變成如下:
展開閱讀..
setcookie ("c_guest_homepage", $c_homepage, time()+60*60*24*30);
if(substr(session_id(), 0, 4) == $verify){
put_query ("
insert into t3_".$dbid."_reply (
pno, name, homepage, body, password, is_secret, regdate, ip
) values (
$num, '".str_tag_off($c_name)."', '".str_tag_off($c_homepage)."', '".str_tag_off($c_body)."',
password('$c_password'), '$c_is_secret', '".time()."', '".$REMOTE_ADDR."'
)
");
} elseif ($verify == null) {
?><head><meta http-equiv="Content-type" content="text/html; charset=utf-8">
<script type="text/javascript"> alert("請輸入驗證碼\t"); </script></head><?
exit;
} else {
?><head><meta http-equiv="Content-type" content="text/html; charset=utf-8">
<script type="text/javascript"> alert("驗證碼錯誤\t"); </script></head><?
exit;
}
set_rp_cnt($num);
第四步:修改skin/(skin)/skin.html
‧請打開您套用的skin中的『 skin.html 』,在適當位置加入:
(顯示驗證碼)
[##_rp_input_code_##]
(驗證碼輸入欄位)
<input type="text" name="verify" size="8">
注意事項:
1﹑請將全形「#」改為半形「 # 」(上文藍字部分)
2﹑使用此法,重新整理網頁並不會改變驗證碼,並非Bug
3﹑如有任何問題,請至作者
彤影 網站詢問
加入驗證碼後的迴響範例:
Trackback address :: http://blog2.wenhsiang.com/trackback/333
.gif)
.gif)
.gif)
我還是比較喜歡使用〝關鍵字〞,這是一項很方便的功能!(WP好像沒有?)
.gif)
.gif)
.gif)
.gif)
.gif)
).gif)
).gif)
』,變成顯示HTML)
Give me your comment