Announcement

Collapse
No announcement yet.

query to mass edit spam posts?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Answered] query to mass edit spam posts?

    I just discovered a user that had every one of his posts edited by a bot to contain spam links. It seems it was an exploit from 3.8.5 and below last year so it should no longer be an issue, but I would like to clean his posts without simply deleting them all. I have already reset that user's password, as well as any other users' vulnerable passwords.

    The bot was kind enough to include ________ in every post so they are easy to find, but how would I strip the links or the [url] tags from every affected post? Or, can I set every post containing ________ to moderated to be cleaned manually? I can do that via search but the search maxes out at 500 results and I'd rather do it by query.

    cheers for any help

    - - - Updated - - -

    found this thread: https://www.vbulletin.com/forum/archive/index.php/t-289717.html

    but since underscore is a wildcard would something like this work?

    UPDATE
    post
    SET
    pagetext = replace(pagetext,'[URL]', ' ')
    WHERE
    pagetext LIKE '%________%'

  • #2
    Try the cleaner (cleaner.php) included with impex, instructions here: https://www.vbulletin.com/docs/html/impex_cleaner


    Former vBulletin Support Staff
    Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
    Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
    Need a Host? - I recommend URLJet

    Comment


    • #3
      Thanks for that, I never would have thought about impex. I'll download it tomorrow and check it out.

      Comment


      • #4
        Originally posted by af1racing View Post
        Thanks for that, I never would have thought about impex. I'll download it tomorrow and check it out.
        Well to be perfectly honest I never have either, I was about to reply to the query you posted but took a few minutes to search first just in case and low and behold I located a good suggestion in a past post therefor credit for that idea goes to Wayne Luke .


        Former vBulletin Support Staff
        Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
        Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
        Need a Host? - I recommend URLJet

        Comment


        • #5
          It seems that cleaner.php will affect all the posts in the entire db and there is no way to limit it to just a single user, or the affected posts.

          I need to find all posts containing this many underscores: ________
          Of those posts, I need to either remove the [url] tags, or the entire link below the ________
          There is very little common pattern to the spam URLs, but every post does contain ________

          I can continue to do this manually, but now I'll have to rebuild the search index as I've already manually cleaned 500 posts and the search still brings up the same results. I tried setting the search results to greater than 500 but got an error, so I'd rather just leave that setting alone.

          Comment


          • #6
            WHy not just prune that users posts off instead of editing his posts?

            Comment


            • #7
              The posts themselves contain information worth keeping. They've all just been edited to contain a spam link at the bottom. I could easily just ban him and delete all his posts, but he did no wrong other than to have a stupid password.

              Comment


              • #8
                Originally posted by af1racing View Post
                The posts themselves contain information worth keeping. They've all just been edited to contain a spam link at the bottom. I could easily just ban him and delete all his posts, but he did no wrong other than to have a stupid password.
                Try adding a new plugin:

                Hook Location: postbit_display_complete
                Code:
                if($thread['postuserid'] == '1') {
                $find = array(
                '________'
                );
                
                $replace = array(
                ''
                );
                
                $this->post['message'] = str_replace($find, $replace, $this->post['message']);
                }
                OR if you want to replace the ________ and the [URL] brackets etc then use:

                Code:
                if($thread['postuserid'] == '1') {
                $find = array(
                '________',
                '[URL]',
                );
                
                $replace = array(
                '',
                '',
                );
                
                $this->post['message'] = str_replace($find, $replace, $this->post['message']);
                }
                Of course you need to replace $thread['postuserid'] == '1' with the users own id #.
                Last edited by TheLastSuperman; Wed 6th Jun '12, 3:30pm.


                Former vBulletin Support Staff
                Hacked recently? See my blog post "Recovering a Hacked vBulletin Site".
                Thinking outside the box? Need modification support? Visit www.vBulletin.org and have at it!
                Need a Host? - I recommend URLJet

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X