Discuz! 防灌水機器人/廣告文 - 監控篇

大家都知道,Discuz!論壇程式已經很火紅,所以造就一堆廣告商看中了商機,陸續推出了許多灌水/廣告機器人的橫行,以前我是用最簡單的「驗證碼」及 Referer 的方式來判斷 bot 加以阻擋,後來發現 bot 都已經破解驗證碼及偽造 Referer ,重點是他們採用 POST 的方式登入,Discuz 的後台是無法看到該帳號最後登入的時間及IP,所以在預先防護之前,我先被動的記錄下 bot 的行為,用來將來分析用。
我加的原始碼如下

打開 post.php ,將

$host = ($HTTP_X_FORWARDED_FOR?$_SERVER[HTTP_X_FORWARDED_FOR]:$_SERVER[REMOTE_ADDR]);
$hostname = gethostbyaddr($host);
$lookip = date(“Y.m.d D H:i”).” – “.$host.”(“.$hostname.”) – “.$action.” – “.$_SERVER[‘HTTP_REFERER’].” – “. $discuz_userss .”\n”;
$f = fopen(“/路徑/bot.html”,”a”);
fwrite($f,$lookip);
fclose($f);

放在 require_once DISCUZ_ROOT.’./include/post.func.php’; 之後
格式說明 : 日期 時間 – IP (反解名稱) – 動作 – Referer – 帳號(如空白則尚未登入)
觀察 bot.html 這個檔案,會發現類似這樣子的記錄

2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=232 – 呂拒
2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=232 – 呂拒
2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=160 – 呂拒
2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=160 – 呂拒
2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=135 – 呂拒
2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=135 – 呂拒
2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=148 – 呂拒
2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=148 – 呂拒
2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=219 – 呂拒
2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=219 – 呂拒

2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=232 – 呂拒2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=232 – 呂拒2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=160 – 呂拒2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=160 – 呂拒2010.10.08 Fri 15:30 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=135 – 呂拒2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=135 – 呂拒2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=148 – 呂拒2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=148 – 呂拒2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=219 – 呂拒2010.10.08 Fri 15:31 – 59.61.0.19(19.0.61.59.board.xm.fj.dynamic.163data.com.cn) – newthread – http://family.saycoo.com/forumdisplay.php?fid=219 – 呂拒
看到這些資料庫,就可以快速的分析哪些發文是機器人,也可以利用這個記錄比對出灌水機器人真實的 IP,再呼叫 iptables 或是直接到資料庫把該帳號停權
目前只提到”監控”,下一篇我們再來談如何自動化。當然,如果能把資料寫入 DB ,那比對上就更是簡單多了。
【本文歡迎轉貼,但需註明出處】

About the Author

2 thoughts on “Discuz! 防灌水機器人/廣告文 - 監控篇

發表迴響

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料

%d 位部落客按了讚: