ComusThumbz Documentation
HTML Markdown Print/PDF Plain Text
Admin Login

Documentation Menu


Admin Access

Auto Scan

Overview

The Enhanced Gallery Scanner (new.check.php) is a comprehensive URL scanning tool that validates gallery links for various quality, security, and compliance issues. It uses AJAX-based asynchronous processing to scan galleries without page reloads, providing real-time progress tracking and detailed violation reports. The scanner supports 29 different scan tests ranging from basic 404 checks to advanced SEO spam and browser hijacking detection.

Location: Navigate to Admin Panel → Galleries → Scanner or access via the "Gallery Scanner" button on the Gallery Admin page.

[Screenshot: new-check-main-view]

Getting to This Page

  1. Log in to the Admin Panel
  2. Navigate to Galleries → Gallery Admin
  3. Click the Gallery Scanner or Scanner button in the navigation
  4. Alternatively, navigate directly to new.check.php

 

Note:
This page scans external gallery URLs for various issues. It does NOT scan locally hosted content. Galleries marked with noscan=1 or in immune categories are automatically skipped.

 

System Requirements

 

Configuration Required:
This page requires the following system dependencies to function properly. Network connectivity is essential for URL scanning.

 

PHP Requirements

Requirement Minimum Recommended Notes
PHP Version 8.0 8.2+ Uses strict types, null coalescing
memorylimit 128M 256M For content parsing
maxexecutiontime 120 300 AJAX requests have individual timeouts
defaultsockettimeout 15 15 Set by scanner for URL requests

Required PHP Extensions

Extension Required Purpose
mysqli Yes Database connectivity
session Yes CSRF protection, authentication
json Yes AJAX request/response handling
mbstring Yes Multi-byte string handling
openssl Yes SSL certificate validation

Required PHP Functions

Function Required For Notes
mysqliconnect() Database connection Core
filegetcontents() URL content fetching Core
getheaders() HTTP header checking Core
streamcontextcreate() Custom HTTP context Core
streamsocketclient() SSL validation SSL checks
parseurl() URL parsing Core
pregmatch() Content pattern matching Core
pregmatchall() Multiple pattern matching Core
bin2hex() CSRF token generation Security
randombytes() CSRF token generation Security

Folder Permissions

Folder Permission Purpose
ct/admin/ 755 (read/execute) Page access
ct/logs/ 755 (write) Optional logging

Network Requirements

Endpoint Protocol Purpose
Gallery URLs HTTP/HTTPS Scanning target galleries
Font Awesome CDN HTTPS Icon library (6.5.1)
Warning: This scanner makes HTTP requests to external gallery URLs. Ensure your server:
  • Has outbound HTTP/HTTPS access
  • Is not blocked by the target sites
  • Has sufficient bandwidth for concurrent scanning

Features & UI Elements

Page Header

[Screenshot: new-check-header]

Element Description
Title "Enhanced Gallery Scanner" with search icon
Breadcrumb Dashboard → Galleries → Scanner
Back to Galleries Returns to admin.php
Bulk Import Link to comus.add.php
Admin Home Link to main.php

Category Selection

[Screenshot: new-check-categories]

Element Description
Select All Toggle all category checkboxes
Category List Scrollable list with checkbox per category
Gallery Count Shows scannable galleries count per category
Tip: Only scannable categories are shown. Immune categories are automatically hidden from the list.

[Screenshot: new-check-filters]

Filter Description
Scan Only On Site Scan only galleries with onsite > 0
Scan All in Database Scan all galleries regardless of onsite status
Scan Partners Only Scan only galleries with pref = 1
Skip Sponsors Exclude galleries with sponsor codes
Scan Approved Include Approved status galleries
Scan Pending Include Pending status galleries
Scan Waiting Include Waiting status galleries
Scan Disabled Include Disapproved/Blacklisted galleries

Scan Tests Section

The scanner supports 29 different tests organized in two columns:

Basic Tests (Left Column)

Test Description Default
404 Error Check Detect pages returning 404 Not Found Enabled
Checksum/Size Check Compare content size with stored value Enabled
Server Speed Check Flag slow-loading pages (>$serverspeed ms) Enabled
JavaScript Detection Scan for <script> tags, event handlers Enabled
Flash Detection Detect .swf files, Flash embeds Enabled
Popup Detection Find window.open(), alerts, popups Enabled
iFrame Detection Detect iframes and framesets Enabled
Redirect Check Track and flag excessive redirects (>5) Enabled
Broken Images Check Verify image URLs return 200 status Disabled
Video Content Detection Detect embedded videos (if not allowed) Disabled
Image File Quality Check Verify sufficient image count Enabled
2257 Compliance Check Verify 18 USC 2257 notices Enabled
DMCA/Copyright Detection Scan for studio names/watermarks Enabled
Banned Words Check Detect prohibited terms Enabled
Age Verification Check Ensure 18+ warnings present Enabled

Advanced Tests (Right Column)

Test Description Default
Geo-Restriction Detection Detect location-based blocks Disabled
SSL/HTTPS Issues Check certificates, mixed content Enabled
Mobile Compatibility Detect mobile-unfriendly content Enabled
Infinite Loops Detect auto-refresh/reload patterns Enabled
Browser Hijacking Detect history manipulation, exit traps Enabled
Forced Bookmarks Detect forced bookmark scripts Enabled
Console Flooding Detect excessive console.log Disabled
Right-Click Disabled Detect context menu blocking Enabled
Hidden Text Detect SEO spam hidden text Enabled
Keyword Stuffing Detect excessive keyword repetition Enabled
Cloaking Detection Detect bot/user content switching Enabled
Analytics Overload Detect excessive tracking scripts Disabled
Excessive Tracking Pixels Detect too many 1x1 images Disabled
Cookie Abuse Detect excessive storage usage Disabled

Action Settings Section

[Screenshot: new-check-actions]

For each violation type, you can configure the action:

Action Description
Flag Only Create report entry, no database changes
Disable Set gallery to Disapproved status
Delete Remove gallery from database
Blacklist Add IP and domain to blacklist, mark Blacklisted
Warning: Delete and Blacklist actions are PERMANENT! Always test with "Flag Only" first to see what would be affected.

AJAX Processing Settings

[Screenshot: new-check-ajax-settings]

Setting Options Description
Concurrent Requests 1, 2, 3, 5, 10 Number of simultaneous scans
Request Delay 0ms - 5s Pause between batches
Tip: Use 2 concurrent requests with 1-second delay for most servers. Higher concurrency may trigger rate limiting on target sites.

Scan Controls

Button Function
Start AJAX Scanning Begin the scan process
Pause Scanning Temporarily halt (can resume)
Stop Scanning Permanently stop scan
Cancel Return to admin.php

Progress Display

[Screenshot: new-check-progress]

Element Description
Progress Bar Visual percentage complete
Progress Info "Scanning X galleries with Y concurrent requests"
Status Info Current status, processed count, violations, actions, speed
Emoji Legend Color-coded violation and action icons
Live Results Scrolling log of scan results

Emoji Legend Reference

Basic Tests:

  • ❌ = 404 Error
  • 📏 = Size Changed
  • 🐌 = Slow Server
  • ⚠️ = JavaScript
  • 📸 = Flash
  • 🪟 = Popups
  • 🖼️ = iFrames
  • 🔄 = Redirects

 

Content Tests:

  • 🖼️💥 = Broken Images
  • 🎬 = Video Content
  • 📊 = Image Issues
  • 📜 = No 2257
  • ©️ = DMCA Risk
  • 🚫 = Banned Words
  • 🔞 = No Age Gate
  • 🌍 = Geo-Blocked

 

Security Tests:

  • 🔒 = SSL Issues
  • 📱 = Mobile Issues
  • 🔁 = Infinite Loops
  • 🕷️ = Browser Hijack
  • 🔖 = Forced Bookmarks
  • 💬 = Console Flood
  • 🖱️ = Right-Click Block

 

SEO Tests:

  • 👻 = Hidden Text
  • 🔤 = Keyword Stuff
  • 🎭 = Cloaking
  • 📈 = Analytics Spam
  • 👁️ = Excessive Tracking
  • 🍪 = Cookie Abuse

 

Actions:

  • 🚩 = Flagged
  • 🚫 = Disabled
  • 🗑️ = Deleted
  • ⛔ = Blacklisted

 

Completion Summary

[Screenshot: new-check-complete]

After scan completes:

Field Description
Total Processed Galleries scanned
Total Violations Sum of all violations found
Clean Galleries Galleries with no violations
Top Violations Most common violation types
Actions Taken Breakdown of flagged/disabled/deleted/blacklisted

Step-by-Step Usage

Running a Basic Scan

  1. Navigate to Admin Panel → Galleries → Scanner
  2. Click Select All Categories or check specific categories
  3. Verify Scan Approved and Scan Pending are checked
  4. Review the default scan tests (most are enabled)
  5. Ensure all Action Settings are set to Flag Only
  6. Set Concurrent Requests to 2 and Request Delay to 1 Second
  7. Click Start AJAX Scanning
  8. Monitor the progress display
  9. Review results in the verbose output area
  10. When complete, click View Reports to see flagged galleries

 

Tip:
Always start with "Flag Only" for all actions to preview what would be affected before enabling destructive actions.

 

Scanning Specific Categories

  1. Leave Select All Categories unchecked
  2. Check only the categories you want to scan
  3. This reduces scan time for targeted cleanup

Using Different Action Levels

Conservative approach:

  • All actions set to Flag Only
  • Review reports manually
  • Decide per-gallery what to do

 

Moderate approach:

  • 404 Errors: Disable
  • Banned Words: Disable
  • Everything else: Flag Only

 

Aggressive approach:

  • 404 Errors: Delete
  • Banned Words: Blacklist
  • Use with caution on trusted data only

 

Pausing and Resuming

  1. Click Pause Scanning during a scan
  2. Review current results
  3. Click Resume Scanning to continue
  4. Or click Stop Scanning to end

Interpreting Results

Each scan result shows:

  • Gallery ID and category
  • URL (truncated)
  • Load time in milliseconds
  • Violation emojis (if any)
  • Action emojis (what was done)
  • Details (violation specifics)

 

Example:

[10:15:23] Gallery 12345 [Amateur]: http://example.com/gall... - 1250ms - Violations: ⚠️ 🪟 Actions: 🚩 (javascript: 5 instances, popups: 2 instances)

 

Scan Test Details

404 Error Check

Detects when a gallery URL returns HTTP 404 Not Found.

Triggers: HTTP response code 404
Recommendation: Disable or delete galleries with 404 errors

Checksum/Size Check

Compares current page content size with stored filesize value in database.

Triggers: Content size differs by more than 20% from stored value
Recommendation: Flag for manual review (content may have changed legitimately)

Server Speed Check

Flags galleries that load slower than the configured threshold.

Triggers: Load time exceeds $serverspeed (default 3000ms)
Recommendation: Flag for review - may indicate poor quality hosting

JavaScript Detection

Scans page content for JavaScript code.

Patterns detected:

  • <script> tags
  • javascript: URLs
  • .js file references
  • Event handlers (onclick, onload, etc.)

 

Recommendation: Flag - JavaScript may be legitimate or malicious

Banned Words Check

Scans page content for prohibited terms.

Sources:

  • $badword config variable (comma-separated)
  • Built-in list of illegal content indicators

 

Recommendation: Blacklist galleries with banned words

SSL Issues Check

Validates HTTPS configuration.

Checks:

  • SSL certificate validity
  • Certificate expiration
  • Mixed content (HTTP resources on HTTPS page)

 

Recommendation: Flag for review

AJAX Endpoints

ajaxgetgalleries

Purpose: Fetch list of gallery IDs to scan

Method: POST

Parameters: Same filter options as the form

Response:

{

    "success": true,

    "totalgalleries": 1500,

    "galleryids": [1, 2, 3, ...]

}

 

ajaxscan

Purpose: Scan a single gallery

Method: POST

Parameters:

  • galleryid - Gallery to scan
  • check - Scan test flags
  • action - Action settings

 

Response:

{

    "success": true,

    "galleryid": 123,

    "galleryurl": "http://example.com/gallery/",

    "gallerycategory": "Amateur",

    "gallerystatus": "Approved",

    "loadtime": 1250.5,

    "httpcode": 200,

    "contentlength": 45678,

    "violations": ["JAVASCRIPT", "POPUPS"],

    "violationdetails": {

        "javascript": "5 instances found",

        "popups": "2 instances (window.open)"

    },

    "actionstaken": ["Flagged"],

    "error": false,

    "errormessage": ""

}

 

Security Features

CSRF Protection

All AJAX requests are protected with CSRF tokens:

  • Token generated per session using bin2hex(randombytes(32))
  • Stored in $SESSION['galleryscannercsrftoken']
  • Validated on each AJAX request

 

Protected Galleries

Galleries are automatically skipped if:

  • noscan = 1 in tblTgp
  • Category has immune = 1 in tblCategories

 

Safe Error Handling

  • Database errors logged but not exposed
  • Invalid requests return generic error messages
  • All user input sanitized before queries

Troubleshooting

Common Errors

 

Error:
"Database connection failed"


Cause: Cannot connect to MySQL
Solution:

  1. Check database credentials in config.inc.php
  2. Verify MySQL service is running
  3. Check server error logs

 

 

Error:
"Failed to connect" / "CONNECTIONERROR"


Cause: Cannot reach gallery URL
Solution:

  1. Verify the URL is accessible in a browser
  2. Check if your server IP is blocked
  3. The site may be offline

 

 

Error:
"Gallery not found"


Cause: Invalid galleryid passed to ajaxscan
Solution:

  1. Gallery may have been deleted
  2. Refresh the page and start new scan

 

 

Warning:
Scan stalls at 0%


Cause: JavaScript error or network issue
Solution:

  1. Check browser console for errors
  2. Verify no ad-blockers interfering
  3. Try with lower concurrent requests

 

 

Warning:
Too many violations flagged


Cause: Scan tests may be too aggressive
Solution:

  1. Review which tests are enabled
  2. Some tests (like JavaScript) may flag legitimate content
  3. Adjust thresholds based on your needs

 

Debug Tips

  1. Check browser Network tab - See AJAX requests/responses
  2. Check browser Console - JavaScript errors appear here
  3. Start with 1 concurrent request - Easier to debug
  4. Test on small category first - Faster iteration
  5. Check tblReports - See what violations were recorded

Violation Codes Reference

The reasons field in tblReports is a 32-character string where each position represents a violation type:

Position Violation
0 JAVASCRIPT
1 404ERROR
2 CHECKSUMMISMATCH
3 SLOWSERVER
4 FLASH
5 POPUPS
6 IFRAME
7 EXCESSIVEREDIRECTS
8 BROKENIMAGES
9 VIDEOCONTENT
10 INSUFFICIENTIMAGES
11 NO2257COMPLIANCE
12 POTENTIALDMCA
13 BANNEDWORDS
14 NOAGEVERIFICATION
15 GEORESTRICTIONS
16 SSLISSUES
17 MOBILEINCOMPATIBLE
18 INFINITELOOPS
19 BROWSERHIJACKING
20 FORCEDBOOKMARKS
21 CONSOLEFLOODING
22 RIGHTCLICKDISABLED
23 HIDDENTEXT
24 KEYWORDSTUFFING
25 CLOAKING
26 ANALYTICSOVERLOAD
27 EXCESSIVETRACKING
28 COOKIEABUSE
29-31 Reserved

X = violation present, - = not checked or clean

Translatable Strings

The following strings should be added to backendtranslations.md:

newchecktitle = "Enhanced Gallery Scanner"
newcheckbreadcrumb = "Scanner"
newcheckback = "Back to Galleries"
newcheckbulkimport = "Bulk Import"
newcheckhome = "Admin Home"
newcheckselectcategories = "Select Categories to Scan"
newcheckselectall = "Select All Categories"
newcheckfilteroptions = "Gallery Filter Options"
newcheckscanonsite = "Scan Only On Site"
newcheckscanall = "Scan All in Database"
newcheckscanpartners = "Scan Partners Only"
newcheckskipsponsors = "Skip Sponsors"
newcheckscanapproved = "Scan Approved"
newcheckscanpending = "Scan Pending"
newcheckscanwaiting = "Scan Waiting"
newcheckscandisabled = "Scan Disabled"
newcheckselecttests = "Select Tests to Perform"
newcheckactionsettings = "Action Settings"
newcheckviolationtype = "Violation Type"
newcheckflagonly = "Flag Only"
newcheckdisable = "Disable"
newcheckdelete = "Delete"
newcheckblacklist = "Blacklist"
newcheckajaxsettings = "AJAX Processing Settings"
newcheckconcurrent = "Concurrent Requests"
newcheckdelay = "Request Delay"
newcheckwarning = "WARNING: Automatic delete and blacklist actions are PERMANENT!"
newcheckstart = "Start AJAX Scanning"
newcheckpause = "Pause Scanning"
newcheckresume = "Resume Scanning"
newcheckstop = "Stop Scanning"
newcheckcancel = "Cancel"
newcheckinitializing = "Initializing scan..."
newcheckprocessed = "Processed"
newcheckviolations = "Violations"
newcheckactions = "Actions"
newcheckspeed = "galleries/min"
newcheckcomplete = "Scan Complete!"
newchecksummary = "Summary"
newchecktotalprocessed = "Total Processed"
newchecktotalviolations = "Total Violations"
newcheckcleangalleries = "Clean Galleries"
newchecktopviolations = "Top Violations"
newcheckactionstaken = "Actions Taken"
newcheckflagged = "Flagged"
newcheckdisabled = "Disabled"
newcheckdeleted = "Deleted"
newcheckblacklisted = "Blacklisted"
newchecknewscan = "Start New Scan"
newcheckviewreports = "View Reports"
newchecktest404 = "404 Error Check"
newchecktestchecksum = "Checksum/Size Check"
newchecktestspeed = "Server Speed Check"
newchecktestjavascript = "JavaScript Detection"
newchecktestflash = "Flash Detection"
newchecktestpopups = "Popup Detection"
newchecktestiframe = "iFrame Detection"
newchecktestredirects = "Redirect Check"
newchecktestbrokenimages = "Broken Images Check"
newchecktestvideo = "Video Content Detection"
newchecktestimages = "Image File Quality Check"
newchecktest2257 = "2257 Compliance Check"
newchecktestdmca = "DMCA/Copyright Detection"
newchecktestbanned = "Banned Words Check"
newchecktestage = "Age Verification Check"
newchecktestgeo = "Geo-Restriction Detection"
newchecktestssl = "SSL/HTTPS Issues"
newchecktestmobile = "Mobile Compatibility"
newchecktestloops = "Infinite Loops"
newchecktesthijacking = "Browser Hijacking"
newchecktestbookmarks = "Forced Bookmarks"
newchecktestconsole = "Console Flooding"
newchecktestrightclick = "Right-Click Disabled"
newchecktesthidden = "Hidden Text"
newcheckteststuffing = "Keyword Stuffing"
newchecktestcloaking = "Cloaking Detection"
newchecktestanalytics = "Analytics Overload"
newchecktesttracking = "Excessive Tracking Pixels"
newchecktestcookies = "Cookie Abuse"

Version History

Version Date Changes
1.0.0 2024-01 Initial release with basic scanning
1.1.0 2024-06 Added AJAX processing
1.2.0 2024-09 Added 29 scan tests
1.3.0 2024-12 Added concurrent request support

Related Pages