HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Can I use a word filter to replace http

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#111258 (In Topic #22352)
TQ
Avatar

Honoured member

Hi,

Once again my site has been de-listed by Google because someone inserted a URL pointing to a site with malware. This is not the first time this has happened.

This is a pain because my new users/day has gone down from 50-70 to just 12 in the past 24 hours, and Google gave me the all-clear 3 days ago.

Apparently Google's BOT can detect even hidden URL's and will flag the site as untrustworthy so I need to find a method of stopping members from posting URL's that the BOT can detect.

I'm wondering if I create a couple of word filters that look for http & https and replace this with say 'off-site URL' if this would help. I assume I'd have to check 'Substring-match' as well.

If it would work in principal, would this stop the site functioning correctly?

Does anyone have any better ideas on how to overcome this problem.

In a perfect world I would like the site to test every URL against Google's blacklist but I suspect that's too ridiculous!

I have just stopped members from adding attachments to posts and with Chris's help, stopped clickable URL's but I obviously need to go further.

Any feedback would be greatly appreciated.

TQ
Back to the top
 
Posted
Rating:
#111259
Avatar

That would probably work, yes.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#111260
TQ
Avatar

Honoured member

Thank you Chris, I'll give it a go.

TQ
Back to the top
 
Posted
Rating:
#111268
TQ
Avatar

Honoured member

Not such a smart idea after all, Does NOT work!

Causes: PHP NOTICE [8] unserialize() [function.unserialize.php]: Error at offset 197 of 292 bytes in sources\feedback.php on line 272 (version: 9.0.25, PHP version: 5.4.45, URL: /data/post_comment.php?filtered=1)

TQ
Back to the top
 
Posted
Rating:
#111269
Avatar

Hi,

Could you zip and attach your sources\feedback.php just so I'm sure what I'm checking against. Sounds like a bug.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#111270
TQ
Avatar

Honoured member

Very brief outline: When I tested it in my Admin profile it worked just fine, but when I tested it a lower ranking profile it caused the error.

Thanks Chris

TQ

Attachment
» Download: feedback.rar (10 Kb, 26 downloads so far)
Back to the top
 
Posted
Rating:
#111271
Avatar

Ah, that's a bug. I'm surprised nobody found it until now! Nothing to do with this specific situation, it's a general issue.

It should be workaroundable by making the replace string exactly equal in length to the filtered string.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#111272
Avatar

The fix is in sources/feedback.php change:

Code

$options=post_param('options');

to:

Code

$options=$_POST['options'];


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#111273
TQ
Avatar

Honoured member

Hi Chris,

Thank you for your late night fix!

The problem is now resolved and for those that are interested I've used the following 2 'Word Filters' to try and stop people posting off-site links to malware (or anything else) which has devastated my positioning with Google.

*http://* -> Off-site URL:
*https://* -> Off-site URL:

Thanks again Chris, really appreciate your help.

TQ
Back to the top
 
1 guests and 0 members have just viewed this: None
Control functions:

Quick reply   Contract

Your name:
Your message: