vBulletin Mods

The Official vBulletin Modifications Site

Hidden Image Checker by BOP5 for VB 3.x and VB 4.x (Stop Cookie Stuffing!)
by BirdOPrey5
01 Apr 2012 02:44

4 Attachment(s)

Version 1.02 - Compatibility fix for dbtech Advanced Thanks/Like mod
Version 1.01 - Bug fix for user post counts over 1000
Version 1.0 - Initial Release

Also available on Qapla.com.

For some time now a new type of "Spammer" has been hitting forums. These "spammers" are not as obvious as those trying to make links or sell cheap Viagra. These new spammers use a technique called "Cookie Stuffing" which can make them a lot of money if you don't notice what they've done.

Cookie stuffing is when a malicious user posts a hidden (clear) image in a post. Although you may never see the image it actually links to a location that will set a cookie on the browser of everyone viewing the post. In the cases of cookie stuffing this is almost always a cookie that contains their affiliate code for a site like Amazon or eBay. If anyone on your forum should go on to buy something from Amazon.com later in the day the spammer will get a credit from Amazon because your user has the spammer's cookie on their computer.

At best this allows the spammer to make money off your unsuspecting users. At worst it is taking money away from you if you had your own affiliate cookie (legitimate) it may get over-ridden by the spammer's cookie.

There is no built in means for detecting small transparent images in vBulletin. This mod will show a banner notice under every post by a "new" user reporting the number of images in the post (if any). It only takes a second to scan the post and make sure the number of images reported, matches the number of images you see.

So next time a spammer tries to hide a small clear image in a post you or your mods will see a big yellow notice below the post that it contains an image- allowing you or your staff to take appropriate action. (Usually deleting the post and banning the user.) [Mod functions not part of this modification.]

However since it would get annoying to see these big yellow banners under every post that contains images the mod lets you limit seeing banners to only "new" users- You can choose a minimum post count or # of days registered before the user who posted is not considered new anymore.

In addition you can choose trusted usergroups that will never have their images counted regardless of their number of posts or days registered.

This mod contains both the VB 3.x and VB 4.x version in the same .xml file. It has been tested on VB 3.8.7 and VB 4.1.10 and VB 4.1.11 but it should work on all VB versions from at least 3.7 through 4.1.x and beyond. Feel free to try on earlier versions and let me know if you run into an error.

This mod DOES NOT count attachments or smilies as images since they are safe from cookie stuffing. Only remotely linked images using the [img] BBCode will be counted.

See screenshots for examples.

Please Mark as Installed if you use this. :)
Donations always appreciated. :up:

BirdOPrey5 01 Apr 2012 02:45


Alan_SP 01 Apr 2012 04:15

For some reason I don't see notice about number of images. :(

I checked both options, for days and for posts of user, used big numbers (so it certainly should trigger mod) and nothing. Of course, I checked post that has pictures.

Nirjonadda 01 Apr 2012 07:31

Excellent works on 4.1.10 !

BirdOPrey5 01 Apr 2012 09:19


Originally Posted by Alan_SP (Post 2315592)
For some reason I don't see notice about number of images. :(

I checked both options, for days and for posts of user, used big numbers (so it certainly should trigger mod) and nothing. Of course, I checked post that has pictures.

I just released a bug-fix, please check if the new version helps.

If not- Are you sure the images are remote hosted? That is if you look at the source of the post in the editor in source mode the code looks like:

That is a remote-hosted image.

By default VB4 actually makes remote images into attachments, which makes them safe from cookie-stuffing.

If the source code has [attach] bbcode instead of [img] bbcode then it is not going to show because there is no risk.

The mod only counts the number of closing [/img] tags in a pre-rendered post so it doesn't count smilieys, attachments, or any other built-in images.

In Omnibus 01 Apr 2012 13:46

Smart. As a rule, I kill any "hot" outbound links on my sites, however, certain members get a little testy about not being able to link signature images. Is there any possibility of this mod working for signatures?

BirdOPrey5 01 Apr 2012 14:12

Signature sounds like a good option for the next version, though I just block new users from having sigs at all.

Alan_SP 01 Apr 2012 15:20

It still doesn't work for me. :(

I know what external image is, and I don't host images on my forum, only on external servers (so I don't need extra space on my server, as well as it makes backup much easier and smaller).

Also, I used option to Enable it always, as well as other two options. I used big numbers, but without ,. in them, just 1 and lots of zeros. Also, I removed all usergroups from trusted usergroups. I also checked with my two accounts, one that's admin in primary and one that's admin in secondary usergroup (in case it checks only primary, but from looking at code I think it doesn't matter).

I checked language settings, reduced phrase, anything and everything that crossed my mind. For some reason, it doesn't work.

I also tried to disable some of my mods (VaultWiki, vBSEO, Sevenskins image resizer), but nothing helped. :(

EDIT: This is potentially very important.

One of my moderators found image where I could see notice, as well as he (that's how he spotted this, he found it funny that there's notice that says that post has one image). What's different with this post:

User used two (2) image tags, i.e. [img][img]. Obviously by mistake, but it triggered your mod. For some reason, where there's only one image tag (as it should be), there's no triggering of your mod.

Link to this post: http://slobodni.net/t110465/#post790126

You obviously see one unparsed image tag. And I see notice.

I just created test thread, you could see it here: http://slobodni.net/t111040/ I enabled for guests to see image notice for time being, so you only need to follow link. Notice is in Croatian, but I wrote it in English in posts, so you could obviously see. And, image I use is from my site, but posted with image tag.

BirdOPrey5 01 Apr 2012 17:56

Very weird... if you can PM info for a Admin Login (please make sure language for account is English) - I can play with it and see if I can see what's wrong.

Sayid 01 Apr 2012 22:16

What about images uploaded on other sub-domain of the same site. For example: image.mysite.com. is it counted or not?

Many thanks for sharing.

BirdOPrey5 02 Apr 2012 12:25

Images that use the [img] bbcode are counted regardless of the domain they are on... So even if you are using [img] to link to local images (for some reason) they would count as an image.

BirdOPrey5 09 Apr 2012 15:16

There is a known conflict with DbTech's Advanced Post Thanks/Like mod. Thanks to Alan_SP for finding which mod conflicted.

I don't see any way of making them compatible so just skip this mod if you use the dbtech one.

The problem is dbtech parses bbcode of $post[pagetext] when it is supposed to be raw bbcode, not parsed. It means this mod can't find or count [img] bbcodes.

Alan_SP 10 Apr 2012 11:00

I have to say that at the moment I'm still using older version of DBTech's APTL (v1.1.9) so there's a slight chance that with newer versions it might work.

BirdOPrey5 12 Apr 2012 12:46

Version 1.02 - Compatibility fix for dbtech Advanced Thanks/Like mod

Alan_SP 12 Apr 2012 20:21

Thanks, this version fixes compatibility with DBTech's mod. :up:

Now everything works as it should on my site. :)

P.S At the moment I couldn't like your post, otherwise I would. :(

All times are GMT. The time now is 21:28.

Powered by vBulletin® Version 3.8.14
Copyright © 2020, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.