Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Hidden Image Checker by BOP5 for VB 3.x and VB 4.x (Stop Cookie Stuffing!) Details »»
Hidden Image Checker by BOP5 for VB 3.x and VB 4.x (Stop Cookie Stuffing!)
Mod Version: 1.02, by BirdOPrey5 (Moderator) BirdOPrey5 is online now
Developer Last Online: Dec 2014 I like it Show Printable Version Email this Page

vB Version: 3.8.x Rating: (5 votes - 5.00 average) Installs: 22
Released: 01 Apr 2012 Last Update: 12 Apr 2012 Downloads: 49
Supported Uses Plugins Auto-Template Translations  



Version 1.02 - Compatibility fix for dbtech Advanced Thanks/Like mod
Version 1.01 - Bugfix for post counts over 1000
Version 1.0 - Initial Release

Also available on Qapla.com.

For some time now a new type of "Spammer" has been hitting forums. These "spammers" are not as obvious as those trying to make links or sell cheap Viagra. These new spammers use a technique called "Cookie Stuffing" which can make them a lot of money if you don't notice what they've done.

Cookie stuffing is when a malicious user posts a hidden (clear) image in a post. Although you may never see the image it actually links to a location that will set a cookie on the browser of everyone viewing the post. In the cases of cookie stuffing this is almost always a cookie that contains their affiliate code for a site like Amazon or eBay. If anyone on your forum should go on to buy something from Amazon.com later in the day the spammer will get a credit from Amazon because your user has the spammer's cookie on their computer.

At best this allows the spammer to make money off your unsuspecting users. At worst it is taking money away from you if you had your own affiliate cookie (legitimate) it may get over-ridden by the spammer's cookie.

There is no built in means for detecting small transparent images in vBulletin. This mod will show a banner notice under every post by a "new" user reporting the number of images in the post (if any). It only takes a second to scan the post and make sure the number of images reported, matches the number of images you see.

So next time a spammer tries to hide a small clear image in a post you or your mods will see a big yellow notice below the post that it contains an image- allowing you or your staff to take appropriate action. (Usually deleting the post and banning the user.) [Mod functions not part of this modification.]

However since it would get annoying to see these big yellow banners under every post that contains images the mod lets you limit seeing banners to only "new" users- You can choose a minimum post count or # of days registered before the user who posted is not considered new anymore.

In addition you can choose trusted usergroups that will never have their images counted regardless of their number of posts or days registered.

This mod contains both the VB 3.x and VB 4.x version in the same .xml file. It has been tested on VB 3.8.7 and VB 4.1.10 and VB 4.1.11 but it should work on all VB versions from at least 3.7 through 4.1.x and beyond. Feel free to try on earlier versions and let me know if you run into an error.

This mod DOES NOT count attachments or smilies as images since they are safe from cookie stuffing. Only remotely linked images using the [img] BBCode will be counted.

See screenshots for examples.

Please Mark as Installed if you use this.
Donations always appreciated.

Download Now

Only licensed members can download files, Click Here for more information.

Screenshots

Click image for larger version

Name:	hiddden_img_check_settings_short.jpg
Views:	137
Size:	114.9 KB
ID:	137484Click image for larger version

Name:	hiddden_img_check_vb3_post.jpg
Views:	264
Size:	54.7 KB
ID:	137485Click image for larger version

Name:	hiddden_img_check_vb3_prepost.jpg
Views:	157
Size:	69.2 KB
ID:	137486

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
Similar Mod
Mod Developer Type Replies Last Post
Image Status Checker / Dead Image Finder bairy vBulletin 3.5 Add-ons 52 20 Sep 2013 04:33
Hidden Image Checker by BOP5 for VB 3.x and VB 4.x (Stop Cookie Stuffing!) BirdOPrey5 vBulletin 4.x Add-ons 15 15 Apr 2012 00:22
Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care] sockwater vBulletin 3.7 Add-ons 37 11 Jul 2011 05:13

Comments
  #2  
Old 01 Apr 2012, 03:49
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
Reserved.
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #3  
Old 01 Apr 2012, 09:22
Hornstar's Avatar
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Real name: Matt
That was really clever of them damn spammers lol.
Reply With Quote
  #4  
Old 01 Apr 2012, 09:25
Pandemikk Pandemikk is offline
 
Join Date: Jul 2009
Real name: Jon
Does this mod come with the feature to track spammers to their homes and terrorize them?
Reply With Quote
  #5  
Old 01 Apr 2012, 10:10
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
Updated to version 1.01 - There was a bug when a user's post count was over 1000. Failed to account for the comma or decimal point (depending on locale).
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #6  
Old 12 Apr 2012, 13:54
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
Version 1.02 - Compatibility fix for dbtech Advanced Thanks/Like mod
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #7  
Old 12 Apr 2012, 15:27
HeartLessNet HeartLessNet is offline
 
Join Date: May 2009
Thanks/Like mod
__________________
www.hepsy.net
Reply With Quote
  #8  
Old 13 Apr 2012, 06:36
home9000 home9000 is offline
 
Join Date: Aug 2005
Dear BirdOPrey5

very nice subject

It's good idea if you do auto action like hide the post or send email to admin
I prefer to open a post as report in moderators section
Reply With Quote
  #9  
Old 13 Apr 2012, 11:01
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
The problem with auto-hiding the post is there is no way for this mod to know if there is a hidden image or not- it simply counts the images used. You need a human to figure out if the count matches what is displayed.

I believe there are already mods that can prevent new users from posting images at all or auto moderate all posts with any image.
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #10  
Old 26 Apr 2012, 10:50
vijayninel's Avatar
vijayninel vijayninel is offline
 
Join Date: Mar 2009
Real name: Vijay
Many thanks for this information and mod.
Reply With Quote
  #11  
Old 06 May 2012, 17:28
cstreater cstreater is offline
 
Join Date: May 2010
This has become a huge problem in the last few months. I've been using another technique to auto moderate these posts, because if this "image" displays before the mods see it, the stuffer has already accomplished what they set out to accomplish, to at least some victims. I have the mods clear their cookies and cache after they've reviewed the moderated post, because doing so stuffs their browser too. I might add your plugin as another layer of protection.

If I'm reading your description correctly, you cannot add an additional option to auto moderate these, is that correct? Despite what I said about having my own technique, I think your mod + that capability would work even better.

Some others notes:

If this hooks into new post_process, does it see the quoted portion of a post as well? They are quoting valid posts and inserting them there.

They don't always use broken image links. They are embedding a link that resolves to a standard looking vBulletin smiley, and displays as such, but there's actually a PHP script that's being run in the process. Tip: don't use standard vBulletin smilies and convert what you have to PNG's. <some domain>/happy.gif is the most common. I believe the use of the GIF extension is what is enabling them to run scripts via these images.

Use relevant replacements to replace known cookie stuffer domains with something else. Not only will this block future attempts from these domains, it will also clean up existing posts.

They will try to get this on one page of every thread. That increases the possibility that a Google click through will be successful in the event what the searcher is looking for is on a specific page of your thread (other than page 1)

There's another technique that's being used to inject this in these into these into the footer template.
If you want to stay on top of their techniques, read the places they hang out. Search Google for blackhatseo and cookie stuffing. Their are even YouTube instructional videos on how to cookie stuff.

Edit your reportpost_newthread phrase to wrap quoted posts with no parse tags. This will help you see the domain better, so the URL tag doesn't mask it. Do the same with infraction_thread_post. Otherwise, the mods can't see the offending link without editing the post.

If you're an admin, create new infraction types (e.g., cookie stuffing) That way you can quickly look through the reports and infractions forum and review these yourself. I have a pretty large board, so this makes it easier for me to manage.

This article best describes every technique under the sun:
[url]http://www.esrun.co.uk/blog/cookie-stuffing/[/url]

If you run a large board, and are just reading this for the first time, there's a good chance your forum already has a lot of these. Once you clean them up, and put some protection mechanisms in place, it's unlikely you will see these show up in someone who has more than a 15 posts.

Use BOP's plugin to block members with less than <x> posts from using signatures. They are sticking them there too. I would link everyone, but I'm typing all this from a phone.

At one point, I think they were using spam bots to cookie stuff. The posts would often consist of only text that said "great information" or something of not much substance. Now there are live human beings that are on topic and are fitting in with regular members.

I have some more insightful tips info, and what I do to control this, but I actually think they read these forums and I'm not giving my secrets to them

Keep in mind, this problem doesn't just exist in your forum. It's all over blogs, and even sites that might look legitimate. I clear my cookies constantly now.

Sorry for hijacking your thread, but this has been a huge nuisance.
Reply With Quote
  #12  
Old 06 May 2012, 17:48
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
cstreater,

Thanks for the detailed info. You are correct this mod will NOT auto-moderated a post.

It requires a human to make sure the count of images matches the number of images the user sees.

What is that if someone does use a fake smiley that smiley will count as an image and this mod will display it's warning banner. If they had used a real forum smiley this mod will ignore it and there would be no banner.

So, in summary, if you see the warning banner and only a default smiley in the post- that is very suspicious and should probably be deleted.
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #13  
Old 07 May 2012, 22:54
Webdude™ Webdude™ is offline
 
Join Date: Jan 2002
Back in the day, they used to hide warez within images and put them on a webhost. Most of the time they were broken images, but if they took enough time, would be a tiny image like a smiley, but which had a huge file size. We had a script on cron that would scan real late at night, find and report these images. It is possible to have php review the code of the actual image and look for domains in that code. No image should have any domain such as 'amazon' within it's code. Take any image and open it with wordpad. Now find a cookie stuffer image and do the same. You will know what your addon needs to do after seeing that. All it really has to do is look for certain words in the image code, or you can give that option to the forum owner to insert what keywords he would like the addon to check for in the image code.
Reply With Quote
  #14  
Old 08 May 2012, 00:11
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is online now
 
Join Date: Jun 2008
Real name: Joe D.
That's a good idea for a mod Webdude... it won't be part of this one as it would involve very different code and setup but I will do some investigation and see what can be done.
__________________
-Joe (@BirdOPrey5)
Qapla.com - Exclusive VB Mods! | Joe's Ultimate Off Topic | My Free VB "Mods"
Note - I do not read my PMs often, do not expect quick replies.
Reply With Quote
  #15  
Old 11 Jun 2012, 12:13
Spinball's Avatar
Spinball Spinball is offline
 
Join Date: Feb 2002
Is it possible to only show this alert to certain user groups? I don't want regular members seeing it.
__________________
AVForums.com the UK's largest audio visual home consumer electronics forums. Now using Xenforo because vB5 is not suitable for large forums and vB3 and vB4 are no longer being developed.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 15:05.

Layout Options | Width: Wide Color: