Support ⇒ Coppermine ⇒ Bots Trawling DisplayImage.php ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum Index Modules & Blocks Coppermine

Bots Trawling DisplayImage.php Reply to topic


Starting this one here as its always {expletive removed} me off bots trawling things they shouldn't.

On /index.php?name=coppermine&file=displayimage&meta=lastup&album=90&pos=3
While executing query "SELECT visibility FROM cms_cpg_albums WHERE aid=lastup LIMIT 1"

the following error occured: Unknown column 'lastup' in 'where clause'

In: /home/bik47463/public_html/junglewraiths.net/modules/coppermine/displayimage.php on line: 804


The code is under retrieve current picture.

if ($pic_count == 0) { [color=red]list($visibility) = $db->sql_ufetchrow("SELECT visibility FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid=".$album." LIMIT 1");[/color] if ($visibility ==2){ cpg_die(INFO, MEMBERS_ONLY, __FILE__, __LINE__); //works //} elseif ($visibility >= FIRST_USER_CAT){ // cpg_die(INFO, 'Users Private Gallery', __FILE__, __LINE__); } else{ cpg_die(INFO, _MODULESADMINS, __FILE__, __LINE__); }

the actual line in there is

list($visibility) = $db->sql_ufetchrow("SELECT visibility FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid=".$album." LIMIT 1");

The "missing" clause varies too, it can be any of the meta albums, lastup, topn etc.

I'm thinking that if we can't work out whats up with the code, perhaps we can just stop the bilighters trawling a php file that they shoulnt be perhaps?

Attaching my robots.txt
Attachment: robots.txt
Description
Filename robots.txt
Filesize 434 B
Downloaded 2 Time(s)
You are not allowed to view/download this attachment

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


A quick look at the original code and it looks fine, however I've noticed that your displayimage is 300+ lines longer.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Sure it is, I added the Lytebox mod. The problematic area is however standard 9.3.3.0 code.

I've update robots.txt and reactivated flooding and unknown user agent, lets see how the pesky buggers like that. Laughing

User-agent: Baidu
Disallow: /

User-agent: *alexa*
Disallow: /

User-agent: Googlebot-Image
Disallow: /

User-agent: Fasterfox
Disallow: /

User-agent: MSNBot
Disallow: /

User-agent: Slurp
Disallow: /

User-agent: *
Disallow:

User-agent: *
Crawl-delay: 30
Disallow: /admin.php
Disallow: /error.php
Disallow: /admin/
Disallow: /blocks/
Disallow: /blocks/block-Last5_Center.php
Disallow: /cache/
Disallow: /images/
Disallow: /includes/
Disallow: /language/
Disallow: /modules/
Disallow: /themes/
Disallow: /modules/coppermine/displayimage.php

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


Hope it works, but this is a workaround, not a fix.

As of 9.3.3 Unknown User Agent is way more stable as well as Flooding (just make sure you select the lowest delay).

If robots.txt doesn't stop the crawler, try with Admin -> Security -> Bots

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Sigh, now google is trawling it.

On /index.php?name=coppermine&file=displayimage&meta=topn&album=90&pos=5
While executing query "SELECT visibility FROM cms_cpg_albums WHERE aid=topn LIMIT 1"

the following error occured: Unknown column 'topn' in 'where clause'

In: /home/bik47463/public_html/junglewraiths.net/modules/coppermine/displayimage.php on line: 804

Guest information:
User id: 1
Username: Anonymous
Admin: No
IP: 66.249.73.13
Host: crawl-66-249-73-13.googlebot.com


I am unsure how bots not respecting robots.txt is related to coppermine?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


Bots are not the issue, code is.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Thats a shame, I know nothing about why they don't like standard DF code. Embarassed

I'm still annoyed they are trawling random php files that they shouldn't be though. Sad

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0


I dont think is DF standard code as your displayimage.php is over 300 lines longer then the original.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Bugger, your right, I thought the retrieve pic code was identical, but its not. Have updated the whole block to the latest now, as I see theres specific mention of caching bots in it! Embarassed

// Retrieve data for the current picture if ($meta == 'random' || ($meta == '' && !is_numeric($album)) || $pid > 0 || $pos < 0) { if ($pid < 1) $pid = $pos; if ($pos < 0) $pid = -$pos; $result = $db->sql_query("SELECT p.aid, a.visibility FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON (p.aid = a.aid && ".VIS_GROUPS.") WHERE approved = '1' AND p.pid=".$pid." LIMIT 1"); if ($db->sql_numrows($result) == 0) { list($visibility) = $db->sql_ufetchrow("SELECT a.visibility FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON (p.aid = a.aid) AND p.pid=".$pid." LIMIT 1"); if ($visibility ==2){ cpg_die(INFO, MEMBERS_ONLY, __FILE__, __LINE__); // works needs translation //} elseif ($visibility >= FIRST_USER_CAT){ // cpg_die(INFO, 'Users Private Gallery', __FILE__, __LINE__); } else{ cpg_die(INFO, $row._MODULESADMINS, __FILE__, __LINE__); } } $row = $db->sql_fetchrow($result); $album = $row['aid']; $pic_data = get_pic_data('', $album, $pic_count, $album_name, -1, 1, false); for($pos = 0; $pic_data[$pos]['pid'] != $pid && $pos < $pic_count; $pos++); $pic_data = get_pic_data('', $album, $pic_count, $album_name, $pos, 1, false); $CURRENT_PIC_DATA = $pic_data[0]; } else if (isset($_GET['pos'])){ $pic_data = get_pic_data($meta, $album, $pic_count, $album_name, $pos, 1, false); if (count($pic_data) == 0 && $pos >= $pic_count) { $pos = $pic_count - 1; $human_pos = $pos + 1; $pic_data = get_pic_data($meta, $album, $pic_count, $album_name, $pos, 1, false); } # last comment removed from an album and search engine cached the url if (empty($pic_data)) { cpg_die(INFO,sprintf(_ERROR_NONE_TO_DISPLAY, _COMMENTS), __FILE__, __LINE__); } if ($pic_count == 0) { list($visibility) = $db->sql_ufetchrow("SELECT visibility FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid=".$album." LIMIT 1"); if ($visibility ==2){ cpg_die(INFO, MEMBERS_ONLY, __FILE__, __LINE__); //works //} elseif ($visibility >= FIRST_USER_CAT){ // cpg_die(INFO, 'Users Private Gallery', __FILE__, __LINE__); } else{ cpg_die(INFO, _MODULESADMINS, __FILE__, __LINE__); } } $CURRENT_PIC_DATA = $pic_data[0]; }

# last comment removed from an album and search engine cached the url

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
2.6.18-164.11.1.el5xen/2.2.13/5.0.89-community-log/5.2.11/9.3.3.0

All times are UTC


Jump to: