Questions on website being injected with swear words, advice sought

Discussion in 'PHP' started by biddersspot, Jun 9, 2008.

  1. #1
    Hello,

    For the last 7 months I have been running a question and answer script,which includes a so called black list for swear words.

    However, all I,m seeing are question mixed with vulgar content,
    my question does any one understand the following code, would you mind explaining to me, in layman terms.
    As I belive the code below is responsible for the vulgar content.


    <?
    function sentence($keyword){
    $a = array("looking", "searching", "checking", "looking hard", "searching hard", "checking hard");
    $b = array("online", "on the internet", "on the interweb", "in a shop", "in an online shop", "on a search engine");
    $c = array("important", "crucial", "essential", "imperative", "paramount", "significant");
    $d = array("you look out for", "you are aware of", "you take note of", "you take notice of", "he takes notice of");
    $e = array("effects", "influences", "changes", "differences", "ammendments", "modifications");
    $f = array("cheap", "expensive", "cheaper", "lower priced", "higher priced");
    
    $sentences = array(
    "When you are *a* for *keyword* *b* it is *c* that *d* any *e* which can change it, especially if it is an *f* *keyword*.",
    "When *a* for a *keyword* *b* you must be aware that it is *c* that *d* all *e* that can cause differences, especially so if its a *f* *keyword*.",
    "If you are *a* for *keyword* *b* you should note that its *c* that *d* any *e* that may change it, even if it is a *f* *keyword*.",
    "He was *a* for *keyword* *b* and knew it was *c* that *d* all *e* that could effect it, even more so if its *f* *keyword*.",
    "She was *a* for *keyword* *b* and realised it was *c* that *d* many *e* which could cause any differences, obviously of importance if it is *f* *keyword*.",
    "They were *a* for *keyword* *b* but were told it is *c* that *d* any *e* which may cause changes, very noticable importance if it is *f* *keyword*.",
    "They started *a* for *keyword* *b* while remembering how *c* that *d* all *e* which could possible cause a change, more important so if *f* *keyword*.",
    "They decided to *a* for *keyword* *b* but knew it was *c* that *d* any *e* which may result in a modification, more noticable because if it is a *f* *keyword*.",
    );
    
    
    //Grab template sentence
    $sentence = $sentences[array_rand($sentences)];
    
    $sentence = str_replace("*keyword*", $keyword, $sentence);
    $sentence = str_replace("*a*", $a[array_rand($a)], $sentence);
    $sentence = str_replace("*b*", $b[array_rand($b)], $sentence);
    $sentence = str_replace("*c*", $c[array_rand($c)], $sentence);
    $sentence = str_replace("*d*", $d[array_rand($d)], $sentence);
    $sentence = str_replace("*e*", $e[array_rand($e)], $sentence);
    $sentence = str_replace("*f*", $f[array_rand($f)], $sentence);
    
    return($sentence);
    }
    
    function createfeed($words, $number, $urls){
    shuffle($words);
    
    //Grab our names list
    $names = explode("\r\n", file_get_contents("firstnames.txt"));
    
    if(count($words) <= $number){
    $number = count($words);
    }
    
    
    //Create items
    for($i=0;$i<$number;$i++){
    $link = $urls[array_rand($urls)];
    $title = htmlspecialchars($words[$i]);
    $description = htmlspecialchars(sentence($words[$i]));
    $items .= "<item><title>$title</title><link>$link</link>
    <guid isPermaLink=\"false\">$link</guid><dc:creator>".$names[array_rand($names)]."</dc:creator><category><![CDATA[Uncategorized]]></category><description><![CDATA[$description]]></description></item>\r\n\r\n";
    }
    
    //Generate todays date
    $dateuse = date("D, j F Y G:i:s O");
    $xml = trim("<?xml version=\"1.0\" encoding=\"UTF-8\"?><!-- generator=\"wordpress/2.1.3\" --><rss version=\"2.0\"xmlns:content=\"http://purl.org/rss/1.0/modules/content/\"xmlns:wfw=\"http://wellformedweb.org/CommentAPI/\"xmlns:dc=\"http://purl.org/dc/elements/1.1/\">
    
    <channel><title>".$names[array_rand($names)]."</title><link>".$urls[array_rand($urls)]."</link><description>Just another WordPress weblog</description><pubDate>".$dateuse."</pubDate><generator>http://wordpress.org/?v=2.1.3</generator><language>en</language>
    
    $items
    	
    </channel></rss>");
    
    return($xml);
    }
    
    ?>
    PHP:

     
    biddersspot, Jun 9, 2008 IP
  2. Lordo

    Lordo Well-Known Member

    Messages:
    2,082
    Likes Received:
    58
    Best Answers:
    0
    Trophy Points:
    190
    #2
    Check the contents of firstnames.txt.
     
    Lordo, Jun 9, 2008 IP
  3. biddersspot

    biddersspot Peon

    Messages:
    380
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thank you for your response, the text file firstname.txt on the server is blank, however, the server states the file size as being 6kb in size.

    How am I able to display the hidden contant?

    Thank you again
     
    biddersspot, Jun 10, 2008 IP
  4. Lordo

    Lordo Well-Known Member

    Messages:
    2,082
    Likes Received:
    58
    Best Answers:
    0
    Trophy Points:
    190
    #4
    Can you PM or show me a URL where I can see that?
     
    Lordo, Jun 10, 2008 IP