From 0ff0e707d65c336d1581873961bf249d568b0176 Mon Sep 17 00:00:00 2001 From: Lorenzo Yario Date: Fri, 20 Dec 2024 01:56:57 -0600 Subject: [PATCH] remove vichan's current antibot system --- inc/config.php | 77 -------------------------------------------------- 1 file changed, 77 deletions(-) diff --git a/inc/config.php b/inc/config.php index c111b762..812ac89d 100644 --- a/inc/config.php +++ b/inc/config.php @@ -275,83 +275,6 @@ // To prevent bump attacks; returns the thread to last position after the last post is deleted. $config['anti_bump_flood'] = false; - /* - * Introduction to vichan's spam filter: - * - * In simple terms, whenever a posting form on a page is generated (which happens whenever a - * post is made), vichan will add a random amount of hidden, obscure fields to it to - * confuse bots and upset hackers. These fields and their respective obscure values are - * validated upon posting with a 160-bit "hash". That hash can only be used as many times - * as you specify; otherwise, flooding bots could just keep reusing the same hash. - * Once a new set of inputs (and the hash) are generated, old hashes for the same thread - * and board are set to expire. Because you have to reload the page to get the new set - * of inputs and hash, if they expire too quickly and more than one person is viewing the - * page at a given time, vichan would return false positives (depending on how long the - * user sits on the page before posting). If your imageboard is quite fast/popular, set - * $config['spam']['hidden_inputs_max_pass'] and $config['spam']['hidden_inputs_expire'] to - * something higher to avoid false positives. - * - * See also: https://github.com/vichan-devel/vichan/wiki/your_request_looks_automated - * - */ - - // Number of hidden fields to generate. - $config['spam']['hidden_inputs_min'] = 4; - $config['spam']['hidden_inputs_max'] = 12; - - // How many times can a "hash" be used to post? - $config['spam']['hidden_inputs_max_pass'] = 12; - - // How soon after regeneration do hashes expire (in seconds)? - $config['spam']['hidden_inputs_expire'] = 60 * 60 * 3; // three hours - - // Whether to use Unicode characters in hidden input names and values. - $config['spam']['unicode'] = true; - - // These are fields used to confuse the bots. Make sure they aren't actually used by vichan, or it won't work. - $config['spam']['hidden_input_names'] = array( - 'user', - 'username', - 'login', - 'search', - 'q', - 'url', - 'firstname', - 'lastname', - 'text', - 'message' - ); - - // Always update this when adding new valid fields to the post form, or EVERYTHING WILL BE DETECTED AS SPAM! - $config['spam']['valid_inputs'] = array( - 'hash', - 'board', - 'thread', - 'mod', - 'name', - 'email', - 'subject', - 'post', - 'body', - 'password', - 'sticky', - 'lock', - 'raw', - 'embed', - 'g-recaptcha-response', - 'h-captcha-response', - 'captcha_cookie', - 'captcha_text', - 'spoiler', - 'page', - 'file_url', - 'json_response', - 'user_flag', - 'no_country', - 'tag', - 'simple_spam' - ); - // Enable simple anti-spam measure. Requires the end-user to answer a question before making a post. // Works very well against uncustomized spam. Answers are case-insensitive. // $config['simple_spam'] = array (