• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • πŸ‘‰ Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • πŸ’Έ Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

    • βœ… Confirm that the server meets the System Requirements
    • πŸ”₯ Check for any available Hotfix - your issue could be already reported/fixed
    • πŸ“š Read documentation - It will be required to Debug and understand Errors for a faster support response

Must read Guide: Combat child abuse content using project Arachnid API (free)

mkerala

πŸ‘½ Chevereto Freak
What is it?

Operated by the Canadian Centre for Child Protection, Project Arachnid is an innovative tool to combat the growing proliferation of child sexual abuse material (CSAM) on the internet. The project was setup to scan the internet for CSAM and send takedown notice to concerned parties.

How does it work?

The service is hosted on AWS and capable of handling very high volume of traffic. The API scans for CSAM using MD5 hash database as well as use fuzzy image matching to detect images. When you submit the image list via API, the images get downloaded to their server instantly. Within next few mins you will receive an email if any content gets flagged.

How to get access to the API?

You can contact the team to request free access to the API https://projectarachnid.ca/en/contact/.

This is public initiative by the Canadian Centre for Child Protection and there is no fee or charge to use the API. However, API access is granted after reviewing your request to prevent abuse.

Script to send images to the API

PHP:
<?php
set_time_limit(1000);
include('dbconnectfile.php'); //Your database config file
date_default_timezone_set('GMT+0'); // Your time zone
$time=date('Y-m-d H:i:s');
$ptime=date('Y-m-d H:i:s',strtotime('-61 minutes')); //Time invertal to retrive image list. This should match your Cron job interval.
$result = mysqli_query($link,"SELECT * FROM images where image_date_gmt > '$ptime'"); //Retrives all images uploaded after last check.

echo '<h2>Mod time '.$time.'</h2>'; //Output current time
$post= '[';
if (mysqli_num_rows($result)>0){
while($r=mysqli_fetch_array($result))
{
$imagename=$r["image_name"];
$imagex=$r["image_extension"];
$storid=$r["image_storage_id"];
$imgurl='https://s'.$storid.'.yoursite.com/images/'.$imagename.'.'.$imagex.''; //Rebuild to your image direct URL. If you don't use external storage ignore $storid

$curl = curl_init();
$post = $post .'{  "url": "'.$imgurl.'"  },';
}
}
$post= $post .'{  "url": "'.$imgurl.'"  } ]';
curl_setopt_array($curl, array(
    CURLOPT_URL => "https://api.arachnid.c3p.ca/api/crawls/{crawl parameter}/multiple-links", //Set your crwal parameter
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 200,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => $post,
    CURLOPT_HTTPHEADER => array(
        "Content-Type: application/json", "Authorization: {Your API Key}"
    ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

echo '<h2>End time '.$ptime.'</h2>'; //End time to indicate time interval of images retrived

//Email alert in case the API failed
if ($err) {
    echo "cURL Error #:" . $err;
    $email = "username@gmail.com";
$content = $err;
$name = "Alert";
$sender = "alert@yourdomain.com";
$subject = "Alert: API failed";
$headers = "From: $name "."<".$sender.">\r\n";
mail($email, $subject, $content, $headers );
} else {
    echo $response;
}
?>

PHP:
<?php
$link = mysqli_connect("localhost:3306", "username", "password", "databasename"); //your database server details

if (!$link) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}
mysqli_select_db($link, 'databasename') or die("Could not open the db 'databasename'");
?>

Configure Cronjob to run every hour

Code:
0 * * * * /usr/bin/php /var/www/html/api.php


Files attached.

To manually trigger the API open https://yoursite.com/api.php. If successful, the API will respond with URL list received and a custom ID.

PS: There is also option in API to wait for response. This could be useful if we could implement it like ModerateContent to stop the upload all together.
 

Attachments

  • Downloads.zip
    1.6 KB · Views: 12
Last edited:
I've been looking for something like this for a while and we could use it besides ModerateContent for an extra filtering layer.

Nice find!
 
I've been looking for something like this for a while and we could use it besides ModerateContent for an extra filtering layer.

Nice find!
I can ping you my contact's email. He is super helpful and can help you gain access to the API.

Compared to ModerateContent this is more accurate and much faster(AWS!). If this can be implemented at system level, will be able to block all those CSAM uploads instantly.
 
I do like to see something like this in chevereto as well. So i hope @Rodolfo will be adding this into chevereto :) So we can request a free api and use this protection on our sites.
 
I'm super interested in this. I had to use Cloudflare's for this scan, as image hosts in america are typically required to scan for this content. ModerateContent was so terrible and kept erroring out for me.
 
@Rodolfo please integrate this into V3 and so it helps 1000s of website out there to fight against CSAM.

If we are sending 1000s of request to them, their server may get overloaded, so you can send moderated images of moderatecontent to them, like adult only images to check for CSAM.
 
I'm super interested in this. I had to use Cloudflare's for this scan, as image hosts in america are typically required to scan for this content. ModerateContent was so terrible and kept erroring out for me.
How exactly does cloudflare do this job? cloudflare is only a DDOS protection and some cache and such, but i have not seen it blocking images like this.
 
It only truly works once a year, CloudFlare will send you an email when thy do their "annual legally required scan"
 
Last one was about a month ago. it won't happen again for another year with cloudflare
 
so cloudflare does a scan once a year? Then that feature is worthless. Your site will be attacked by some 1 else by than and that's when your host provider will take action xD
 
I'm a PHP developer. Can I implement this on my own? What file do I look at if I want to trigger this when an image is uploaded?
I'd also want to implement this but I'm not sure which file I'd have to alter or add stuff to!

Moderatecontent team had published steps to integrate their API with chevereto. I think you can refer to that on to get an idea.

They have taken it down since Chevereto now natively support it. But the document can be still accessed via archive.org.
 
Moderatecontent team had published steps to integrate their API with chevereto. I think you can refer to that on to get an idea.

They have taken it down since Chevereto now natively support it. But the document can be still accessed via archive.org.
https://moderatecontent.com/documentation/chevereto still live on their website, but it's for older chevereto v3.16.0. We are on v3.20.8 so yeah chevereto has it built in. But Moderatecontent does not fight against CP since their system goes more after adult content, such as nudity that is only thing their system does.

While your main topic has another service that fights against CP which is whole different thing and goes after MD5 Hash or something i guess.
 
Back
Top