Preventing Spam on YOURLS
My YOURLS powered URL shortening site, SMUP.US was having some issues with spam bots coming in and making illegitimate short URLs. After taking the following steps, I now have the problem under control:
Step One: Add a Captcha
Adding a captcha was the most obvious step to take. I decided to use Google’s reCAPTCHA system since it has a pretty good reputation. However, I did not want to make it so that a captcha would have to be done every time a short URL was made. That’s just annoying. So, I created the following system so that the user would only have to do a captcha once per week:
Files Involved (* = New File):
/captcha/index.php*
/captcha/kill.php*
/captcha/recaptchalib.php*
/captcha/verify.php*
/index.php
/continue.php*
In the index file of my URL shortener, I included the following code, which redirects the person to the captcha page if they do not have the cookie that comes from solving the captcha set:
<?php
if($_COOKIE['COOKIENAME']);
else {
header('Location: CAPTCHA PAGE');
}
?>
All that the captcha page has on it is the standard reCAPTCHA PHP Plugin form; that’s also what the recaptchalib.php file is for.
The form submits to the verify.php page. On that page, I start a session, and if the person gets the captcha correct, redirect them to the continue.php page:
<?php
session_start();
$_SESSION['SESSION_NAME']=LONG_NUMBER_STRING;
?>
<html>
<head>
<script type="text/javascript">window.top.location.href = "/continue.php";</script>
</head>
</html>
The continue.php page checks to make sure that it’s the session started in the verify.php page (by insuring that the string of long numbers is te same), to avoid users bypassing the captcha and just going straight to this page. It then sets the cookie, and sets it to expire in a week. Then, it redirects it to the kill.php page.
<?php
session_start();
if ($_SESSION['SESSION_NAME']=="LONG_NUMBER_STRING") setcookie("smupbeenhere","1",time()+604800);
?>
<html>
<head>
<script type="text/javascript">window.top.location.href = "/captcha/kill.php";</script>
</head>
</html>
All that the kill.php does is kills the session, then redirects back to the home page:
<?php
session_start();
session_destroy();
unset($_SESSION['SESSION_NAME']);
?>
<html>
<head>
<script type="text/javascript">window.top.location.href = "/";</script>
</head>
</html>
The whole process, after the captcha, only takes a second.
I also put in a page that will delete the user’s cookies from my website, including the one created here, as a bonus feature.
Step Two: Block IP’s
Another, more easier to implement step, was setting up a feature that would block individual IP addresses.
File Involved:
/user/config.php
All you have to do is put the following under the “Personal Settings” part of the config file, and then ad IPs to the array whenever necessary.
$deny = array("000.000.00.00", "000.000.00.00");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header("location: BLOCK PAGE");
exit();
}
Step Three: Block Websites
A lot of spam links that I was receiving were for the same websites. To block those websites, I simply installed the YOURLS Abusedesk plugin.
And just like that, 95% percent of the spam was gone!
What Makes My Website Run
The following is a list that has everything that helps my website run on it.
Apache
cPanel
CSS
Elgg
Facebook Social Plugin
Google AdSense
Google Apps
Google Custom Search
HTML (including HTML5)
HTML Comment Box
JavaScript
osTicket
PHP
phpBB
phpBrowser
phplist
phpUploader
Polldaddy.com
Quantcast
revolvermaps
WordPress
x10Hosting
YOURLS
Browser and Super Search
Two new things that I made:
Browser – It’s a browser within a browser. Check it out.
Super Search – Search for 4 different things on the internet at once…on the same page.
Jared Stark Web Development
I am starting my own web development company thing! Yeah! You can see it at http://jaredstark.us/jswd. So, if you need somebody to make you a website, you now know who to call!
Leap Day!
Happy leap day, everybody!
That’ll Do…For Now
As I said yesterday, my Elgg installation, what I use for the members section of my website, “broke.” So, I just installed the new version, and so far it’s working fine. I’ll get around to fixing some of the appearance later, but for now, feel free go register for an account (one again, all old accounts were deleted).
More Problems
Well, my website is experiencing some more problems. I was able to successfully recreate the looks of my website, but now Elgg, the software I use to run the members section of my website is acting up. So, I’m going to have to reinstall it, which will delete all of the users. Ugh.
Problems…
My site’s host is having some problems where when I try to edit a file, it doesn’t save, but deletes the entire file instead. So, I figured this out when I tried to edit my main style sheet. It got deleted. Luckily, I was a able to recreate it, but I need to wait until the problem’s fixed to implement it. Hopefully, that won’t be very long, but until then, my website’s going to look really messed up.
3,000 Views!
My website now has over 3,000 views on the front page alone!
I also have pretty much finished all of the changes to the design of my website. I just need to go around to all of the current pages and upload them.
Doing Some Changes to the Website’s Design
Over the next little while, I will be redesigning the website to make it look a little better. In addition, I will be getting rid of the current iframe setup that my website has been in since it has launched. If you would like to, you can view my progress at the JaredStark.us beta center, xy7, by clicking here. It’s a major work in progress, so chances are that what it looks like today won’t be what it looks like tomorrow.