Rename ucp.php

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.2.x. If you need support for phpBB 3.2.x please visit the 3.2.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
User avatar
callumacrae
Former Team Member
Posts: 1046
Joined: Tue Apr 27, 2010 9:37 am
Location: England
Contact:

Rename ucp.php

Post by callumacrae »

I just had an idea...

To prevent spam in phpBB, would it work if the user just had an option in the ACP to renamed ucp.php to something else?

I know most bots just inject stuff directly, and renaming ucp.php would confuse them :) Or at least slow the developers down for a couple weeks

Or even rename it and have ucp.php as a blacklist - if someone injects details into ucp.php then they would be automatically blacklisted.

I don't know much about this area of phpBB, but I think it would work.

~Callum
Made by developers, for developers!
My blog

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1840
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: Rename ucp.php

Post by DavidIQ »

Not really...all the bot would have to do is click on the register link.
Image

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: Rename ucp.php

Post by A_Jelly_Doughnut »

Per David:

This falls into a class of "security by obscurity" fixes which would do nothing if they were actually included in the phpBB core product. If bot authors can be bothered to break a CAPTCHA (or two or three), they can certainly follow a link :)
A_Jelly_Doughnut

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: Rename ucp.php

Post by MichaelC »

A_Jelly_Doughnut wrote:If bot authors can be bothered to break a CAPTCHA (or two or three), they can certainly follow a link :)
Well put and right on the nail. +1
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

thelastsay
Registered User
Posts: 2
Joined: Mon Dec 27, 2010 6:41 am

Re: Rename ucp.php

Post by thelastsay »

I have a query re the UCP, over the past week or two I have had and enormous amount of hits on the ucp when I view my stats to date I have had over 189,000 hits, why would one IP address be hitting on the UCP and If I need to how do I stop this from re-occurring.

Thank you in advance.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: Rename ucp.php

Post by Oleg »

callumacrae wrote:I just had an idea...

To prevent spam in phpBB, would it work if the user just had an option in the ACP to renamed ucp.php to something else?
I have a mild version of this on my board (for other reasons) - my ucp.php is called ucp - and it does nothing for the spammers. They crawl the forum starting from the index page.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1840
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: Rename ucp.php

Post by DavidIQ »

thelastsay wrote:I have a query re the UCP, over the past week or two I have had and enormous amount of hits on the ucp when I view my stats to date I have had over 189,000 hits, why would one IP address be hitting on the UCP and If I need to how do I stop this from re-occurring.

Thank you in advance.
Do it server side. Deny access for that IP to your entire site. You can do this via .htaccess files. For help with that I suggest you try the Apache FAQ and support.
Image

thelastsay
Registered User
Posts: 2
Joined: Mon Dec 27, 2010 6:41 am

Re: Rename ucp.php

Post by thelastsay »

Thanks David denied the IP Address and it has solved the issue, however my question still is; why would they continuously hit on the Forum, hopefully someone can give me an answer.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1840
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: Rename ucp.php

Post by DavidIQ »

Can't really tell you for sure. The way these scripts work you basically set a few parameters, hit "Play", and go have some coffee. It's quite possible that one single bot can be set to "attack" your forum to try and register or login as a user several hundred times...
Image

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: Rename ucp.php

Post by Oleg »

I have seen spam "assignments" requiring people to post on boards using language relevant to the board. We have similar posts periodically appearing here on area51 as well. For example, here on area51 users would post something like:

"Hey, great idea for adding user search to admincp. I am looking forward to more proposals from you."

I suspect it is impossible to programmatically label this as spam. A human can see that the post is essentially meaningless, but it takes a good few moments to actually read the entire post and think about it before the conclusion that it is meaningless can be reached.

Post Reply