Rename the Register.php File

One trick that spammers use to mass post to Pligg sites is by creating a lot of accounts. What is annoying is that there isn’t much that we can do to block these account creations if we can’t discover a pattern to them. Your best option to prevent these bot accounts is to rename the register.php file to something random. You can even go one step further, and frequently keep renaming the registration file which really would throw a curve ball and make life more difficult for spammers.

This afternoon I wrote a simple script that will do just that. In roughly 150 lines of code, here is a PHP script that will randomly rename your registration file. What you want to do is save this as a .php file and upload it to the root of your Pligg web directory.

<?php
/**
  * Script: Pligg Random Registration File Name
  * Author: Eric Heikkinen
  * Description: The goal of this script is to block automatic user registration via spam bots. Place this file in the root of your Pligg site and run it from time to time.
  * Notes: 
  * 	- This file is meant to be run via a Cron job, or to be included in a registration template file.
  * 	- This type of feature will break direct links (and bookmarks) to the previous registration page
  * 	- It will also break the EVB submission features.
  *		- If more than 1 user registers during the Cron time period, it is possible that they will get a 404 error if the name change happens while they are filling it out.
  * 	- To prevent users from changing the register file name on their own, name this file something original
*/

///////////////////////////////////////// SETUP //////////////////////////////////////////

// Report all PHP errors 
ini_set('display_errors',1);
error_reporting(E_ALL);

// Set errors to none, used for error reporting
$errors = "";
$str = "";

// Establish a connection to the database
include_once './libs/dbconnect.php';
mysql_connect(EZSQL_DB_HOST,EZSQL_DB_USER,EZSQL_DB_PASSWORD);
mysql_select_db(EZSQL_DB_NAME) or die ('MySQL Error: ' . mysql_error());

/////////////////////////////////////// FUNCTIONS ////////////////////////////////////////

// Function for generating a random string
function rand_string( $length ) {
	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";	
	$str = "";
	$size = strlen( $chars );
	for( $i = 0; $i < $length; $i++ ) {
		$str .= $chars[ rand( 0, $size - 1 ) ];
	}
	return $str;
}

/////////////////////////////////////////////////////////////////////////////////////////

// We're now going to count how many users are in the database, and compare that number to one stored during the last rename.
// If the number is higher, then we will run the script again.

// Count the users table to see if there are any new members
$sql = "SELECT COUNT(*) FROM pligg_users ";
$result = mysql_query($sql) or die( mysql_error() );
$user_count = mysql_result($result, 0);

// Get the existing registration renamer user count
$sql = "SELECT * FROM pligg_misc_data WHERE name='register_user_count' ";
$result = mysql_query($sql) or die( mysql_error() );
$row = mysql_fetch_assoc($result);

// Check if this is your first time running the script
if(isset($row['data'])) {
	// Assign existing database value for the registration rename user counter
	$user_count_old = $row['data'];
	$first_run = 'no';
	// echo 'Reading existing register_user_count: '.$row['data'].'<br />';
} else {
	$user_count_old = $user_count;
	$first_run = 'yes';
	// No user count value found, so let's insert it for the first time
	$sql = " INSERT INTO pligg_misc_data (name, data) VALUES ('register_user_count', $user_count)";
	mysql_query($sql) or die( mysql_error() );
	echo 'Added new register_user_count database field<br />';
}

echo "old count: $user_count_old <br />new count: $user_count<br />";

//  If the old user count is less than the one last recorded
if ($user_count_old < $user_count || $first_run == 'yes'){

	// Get the new register file name
	$register_new = rand_string( 6 );

	// Get the existing register file value
	$sql = "SELECT * FROM pligg_misc_data WHERE name='register_name' ";
	$result = mysql_query($sql) or die( mysql_error() );
	$row = mysql_fetch_assoc($result);

	// Check if this is your first time running the script
	if(isset($row['data'])) {
		// Assign existing database value as the old registration name
		$register_old = $row['data'];
		// echo 'reading existing name: '.$row['data'].'<br />';
	} else {
		$register_old = 'register';
		// No value found, so lets insert it for the first time
		$sql = " INSERT INTO pligg_misc_data (name, data) VALUES ('register_name', 'register')";
		mysql_query($sql) or die( mysql_error() );
		echo 'Added new database field<br />';
	}

	// current directory (useful for Windows servers)
	$cwd = dirname(__FILE__);

	// Check if the file exists
	if (file_exists($cwd."/".$register_old.".php")) {
		// echo "The file $cwd/$register_old.php exists <br />";
		
		//chmod($register_old.".php",0777);
		
		// Try to rename files or return an error if it doesn't work		
		if(@rename ($cwd."/".$register_old.".php", $cwd."/".$register_new.".php")===true) {
			echo 'Renamed register file<br />';
		} else {
			$errors .= "Failed to rename register file<br />";
		}
		
		//chmod($register_new.".php",0644);

	} else {
		$errors .= "The file $cwd/$register_old.php does not exist<br />";
	}

	if ($errors != ''){
		print $errors;
	} else {
		// Write the database config value
		// Set the new register value
		$sql = " UPDATE pligg_misc_data SET data='$register_new' WHERE name='register_name' ";
		mysql_query($sql) or die( mysql_error() );
		//echo "Modified database field<br />old: $register_old<br/>new: $register_new<br />";
		
		// Modify the /libs/html1.php file
		$html1_file = $cwd."/libs/html1.php";
		if (is_writable($html1_file)) {
			$read_file = file_get_contents($html1_file);
			file_put_contents($html1_file, str_replace(array($register_old.'.php', "/$register_old/"), array($register_new.'.php', "/$register_new/"),$read_file));
		} else {
			$errors .= 'The /libs/html1.php file is not writable. Please CHMOD it to 0777, along with the /libs/ directory.<br />';
		}
		// Modify htaccess files
		$htaccess_file = '.htaccess';
		$htaccess_default_file = 'htaccess.default';
		if (is_writable($html1_file)) {
			if (file_exists($cwd."/".$htaccess_file)) {
				// Modify the .htaccess file
				$read_file = file_get_contents($htaccess_file);
				file_put_contents($htaccess_file, str_replace(array($register_old.'.php', "^$register_old/?"), array($register_new.'.php', "^$register_new/?"),$read_file));
			}
		} else {
			$errors .= 'The .htaccess file is not writable. Please CHMOD it to 0777, along with the root directory of your site.<br />';
		}
		if (is_writable($html1_file)) {
			if (file_exists($cwd."/".$htaccess_default_file)) {
				// In case they are using the default the .htaccess file
				$read_file = file_get_contents($htaccess_default_file);
				file_put_contents($htaccess_default_file, str_replace(array($register_old.'.php', "^$register_old/?"), array($register_new.'.php', "^$register_new/?"),$read_file));
			}
		} else {
			$errors .= 'The htaccess.default file is not writable. Please CHMOD it to 0777, along with the root directory of your site.<br />';
		}
		
		if ($errors != ''){
			print $errors;
			echo 'We were unable to write changes to your files. Please manually update the file(s) or correct the CHMOD errors.<br />';
		} else {
			// Set the new user count value
			$sql = " UPDATE pligg_misc_data SET data='$user_count' WHERE name='register_user_count' ";
			mysql_query($sql) or die( mysql_error() );
			
			echo 'Finished editing files.<br />';
		}
	}
} else {
	// The user count is the same as last time, so let's leave things be
}

?>

Important! You have to CHMOD 0777 the following files and directories so that the server can write changes to them:

  • / (the root directory where Pligg is kept)
  • .htaccess
  • htaccess.default
  • /libs/
  • /libs/html1.php

Once that is done, you will want to load the file URL in your browser to run the script for the first time. After that completes, you should notice that your register.php file has been renamed to a random 6 character string. In addition to that your .htaccess and /libs/dbconnect.php files should be updated to point to the new file location.

Setting Up a Cron Job


From CPanel, select Cron jobs

The final step is to set up a Cron job. Crons are used to load files at specified intervals. In this example we are going to ping the file once every 5 minutes.

In the above example, the PHP file that I am using to rename the file is named “renamer.php” and sits in the home directory for my domain. You would change this value to match where you placed the file, and what you named it.

Each time that the Cron job runs the file, it will run a check to see if there have been any new users added to the database. If there have been, it will rename the registration PHP file and perform some other actions to update links to that page. If there aren’t any new users, it will wait until the next time that the Cron is run to perform another check. The reason we put this user count check in place is to try to prevent users from having the registration file renamed on them while they are creating a new account.

5 thoughts on “Rename the Register.php File

  1. Nice and thanks for this.

    Naturally, table name prefixes here are assumed to be “pligg_” and should be changed according to individual preferences.

  2. Thanks for pointing that out, I forgot to mention that.

    I wrote this originally on a Windows server, and didn’t test it on a Linux machine until after posting this story. It looks like I will need to update the script to get it working with more common Unix machines. I will leave a comment when I finish doing that.

  3. Thanks for this.
    To avoid spammers I just deleted the register.php file :-D
    But I use Pligg my lists of interesting webistes (which I publish).

    Pligg is really awesome, can’t wait for the 2.0 final!

Comments are closed.