News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

snoopy_virtual

I have found a small mistake in the last temporary version 2.3.3 I had done, so I have released a new version 2.3.4

In this new version 2.3.4 it have been fixed all the bugs we have been talking about lately and it has also a new feature: You can use now your own API key if you want, or (if you haven't got one) leave it blank and the mod will use the default one.

As I still have no access to the mod's official page I have put it again in my own forum:

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=296.0

Quote from: Nerd3D on December 15, 2009, 08:31:46 PM
OK, here's a feature request. Can we have on the prefs page check boxes for which fields to test. All my false positives are user name only. Can we in the mean time is there a not-too-complicated way to set this up. So it only checks IP and Email.

It looks like a great idea, and I don't think it's very complicated.

As I still have a few days left until I have access to the official page to upload  the final version 2.4 there, I can try to modify my temporary version to add also this feature in it.

I will tell you how it goes.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Tiribulus

#361
Just letting you know you have a deprecated "ereg" which shows up on line 303 of my ManageRegistration.php file:

'stopspammer_faildb' => ereg('[0-2]', $_POST['stopspammer_faildb']) ? $_POST['stopspammer_faildb'] : '0',

Actually it was already in M-DVD's code. Everything else seems to be good,
Thanks

BTW, near as I can tell, in this case simply changing ereg to preg_match seems to work. Stopspammer works and I get no errors after that.

snoopy_virtual

Quote from: Tiribulus on December 15, 2009, 11:29:41 PM
Just letting you know you have a deprecated "ereg" which shows up on line 303 of my ManageRegistration.php file:

'stopspammer_faildb' => ereg('[0-2]', $_POST['stopspammer_faildb']) ? $_POST['stopspammer_faildb'] : '0',

Actually it was already in M-DVD's code. Everything else seems to be good,
Thanks

BTW, near as I can tell, in this case simply changing ereg to preg_match seems to work. Stopspammer works and I get no errors after that.

You are right. I haven't seen that one.

I'll change it.

Thanks.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Tiribulus

No trouble, thank YOU for continuing work on this mod. Here's a zinger. The are you human mod also has an ereg which for me was a few lines below the one for this mod. Never gave an error until yesterday when I installed your version of stopspammer and then both deprecation errors showed up in my log. How weird is that? I'm sure it's something with my machine, but thought it was interesting.

snoopy_virtual

Link updated again today in my server to version 2.3.5 to sort the small bug reported by Tiribulus and to add the new feature requested by Nerd3D.

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=296.0

Quote from: Tiribulus on December 16, 2009, 09:36:11 PM
No trouble, thank YOU for continuing work on this mod. Here's a zinger. The are you human mod also has an ereg which for me was a few lines below the one for this mod. Never gave an error until yesterday when I installed your version of stopspammer and then both deprecation errors showed up in my log. How weird is that? I'm sure it's something with my machine, but thought it was interesting.

The function ereg() has been deprecated from PHP 5.3.0 onwards but it still works if you have in your server an older version of PHP.

I suppose your server admin must have updated PHP last week to a newer version.  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Leemy

I have the current version of this. It has caught some users.  A user registered today and posted some really offensive spam. He was from IP 195.24.76.208 which is a registered Stop Forum Spam problem IP. SO why didnt it work???

Nerd3D

Wow that was quick! Thanks Snoopy. Installed and seems to be running fine in 1.11.11

Nerd3D

Quote from: Leemy on December 17, 2009, 05:57:31 PM
I have the current version of this. It has caught some users.  A user registered today and posted some really offensive spam. He was from IP 195.24.76.208 which is a registered Stop Forum Spam problem IP. SO why didnt it work???
Just guessing but maybe the SFS data base was not accessible when he registered.I believe the defaunt action is to let them register if the db is down.

snoopy_virtual

Quote from: Nerd3D on December 18, 2009, 02:34:58 AM
Quote from: Leemy on December 17, 2009, 05:57:31 PM
I have the current version of this. It has caught some users.  A user registered today and posted some really offensive spam. He was from IP 195.24.76.208 which is a registered Stop Forum Spam problem IP. SO why didnt it work???
Just guessing but maybe the SFS data base was not accessible when he registered.I believe the defaunt action is to let them register if the db is down.

No.

The default action when there is no connection with the DB is to leave the member NOT approved but with a yellow color, so you will remember to check that user later.

What version of SMF are you using?

And what version of mod StopSpammer?

Remember that the current version for mod StopSpammer is 2.3.5

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

darubillah

could you please update MOD Stop Spammer v2.3 for SMF v2.0 RC2

spiros

Quote from: darubillah on December 20, 2009, 07:18:22 AM
could you please update MOD Stop Spammer v2.3 for SMF v2.0 RC2

Yep, that would be nice :)

snoopy_virtual

Quote from: spiros on December 20, 2009, 07:45:49 PM
Quote from: darubillah on December 20, 2009, 07:18:22 AM
could you please update MOD Stop Spammer v2.3 for SMF v2.0 RC2

Yep, that would be nice :)

That's exactly what we have been doing lately and that's why we have now version 2.3.5

Please read the latest posts:

http://www.simplemachines.org/community/index.php?topic=283309.msg2398594#msg2398594

From that one onward.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

spiros

Thanks for your kind reply; I can only see 2.3 on the mod page, is that meant to be 2.3.5?

Nerd3D

I may have encountered a bug in the 2.3.5 version on 1.1.11. On the settings page in Admin>Registration>Settings. The drop down box always shows "Stop Registration and Display Error" I set it to "Member Approval and Yellow icon" and hit [save]. When I come back it set to the "Stop Registration" setting. This appears to be the "stopspammer_faildb" value in the settings table and it's not getting updated when I save the settings.

snoopy_virtual

Quote from: spiros on December 21, 2009, 08:59:30 AM
Thanks for your kind reply; I can only see 2.3 on the mod page, is that meant to be 2.3.5?

Please read the latest posts:

http://www.simplemachines.org/community/index.php?topic=283309.msg2398594#msg2398594

From that one onward.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

Quote from: Nerd3D on December 21, 2009, 12:45:47 PM
I may have encountered a bug in the 2.3.5 version on 1.1.11. On the settings page in Admin>Registration>Settings. The drop down box always shows "Stop Registration and Display Error" I set it to "Member Approval and Yellow icon" and hit [save]. When I come back it set to the "Stop Registration" setting. This appears to be the "stopspammer_faildb" value in the settings table and it's not getting updated when I save the settings.

Yes there was a bug. My mistake, sorry.

The problem was when I changed the deprecated function ereg() to preg_match()

Both functions are very similar but they don't work exactly the same.

I have corrected this bug and published a new version 2.3.6 in my server:

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=296.0

Thanks mate.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Nerd3D

Groovy, fixed with your latest patch. I've poked it every way I can think and I can't seem to break it now. (I'm really good at breaking things too!)

SiL

#377
Quote from: snoopy_virtual on December 15, 2009, 10:15:50 PM

Quote from: Nerd3D on December 15, 2009, 08:31:46 PM
OK, here's a feature request. Can we have on the prefs page check boxes for which fields to test. All my false positives are user name only. Can we in the mean time is there a not-too-complicated way to set this up. So it only checks IP and Email.

It looks like a great idea, and I don't think it's very complicated.

As I still have a few days left until I have access to the official page to upload  the final version 2.4 there, I can try to modify my temporary version to add also this feature in it.

I will tell you how it goes.

If I can point you to an extract from my previous request in October, and it is connected with the false positive issue - it is a suggestion for a slightly modified version of Nerd3D's request

Quote from: SiL on October 26, 2009, 01:09:01 AM
I noticed a number of false positives based on username only - legitimate members may be using the same username as a spammer, but of course with a different ip address and email address.
Because of dynamic IP assignment the same can be true for IP address hits.
The spam check weights the detection flag as

email address = 4
username = 2
ipaddress = 1

Doing a quick check with an offline mirror of a forum database for 300-400 entries threw up
a number of false positives - these were almost always username only or ip address only.

So my thinking is the boundary between a false positive and a real positive spammer is the value "3" . If the "is_spammer" value is 1 {ip address - e.g. dynamic} or 2 {common username}, this is a warn, but no action required (registration allowed).  Any "is_spammer" value of 3 or higher is placed in the waiting list.

& how would this be useful? 

My suggestion would be to have a checkbox, maybe call it "strict" or "catch all" - if this is checked, an "is_spammer" value between 1 and 7 will satisfy the spammer criteria and user will be placed on waiting list to be checked/approved (this is how I understand the mod to currently work).
  however...

If the "catch all" checkbox is NOT checked, only spammers with an "is_spammer" value between 3 and 7 will be put on the waiting list.  Those users who are unlucky enough to have a common username shared with a spammer, but otherwise legitimate will be allowed through as normal.

{see original post for remainder of suggestion}

snoopy_virtual

Quote from: SiL on December 25, 2009, 09:20:06 AM

...

If I can point you to an extract from my previous request in October, and it is connected with the false positive issue - it is a suggestion for a slightly modified version of Nerd3D's request

...

etc etc


You are right SiL.

I remember when you did that suggestion last October.

The problem was at that time I was too busy with other things and M-DVD was doing this mod on his own. I didn't even have time enough to read properly all your suggestions and just did a mental note to study them later.

Now that it's the other way round (with M-DVD too busy with other things and me updating the mod on my own) I need to check again the full post to see if I have missed any more clever suggestions.




Going back to the false positive issue, I haven't seen yet in my forums any false positive due to IP, but of course they are possible, so I think we should take into consideration your solution as well.

The way I have done it just now following Nerd3D's suggestion (with 3 check-boxes to turn on and off the options to check username, email and IP) is not perfect, because if you turn off the option to check all IPs, you will open the door to your forum to a lot of spammers, but with your solution (let them in only if the IP was in the spammers DB but the username and email wasn't) I think it will be better.

I am not sure anyway if we can have both solutions at the same time or if we need to choose only one of them.

I will try to see if there is a way to put inside the mod's configuration both improvements, so everybody will be able to choose whatever works better for every particular forum.

If that's not possible and we can have only one of them, I think your solution is slightly better, but of course, before I can be sure about that, I need to see them working with real forums.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

SiL

Quote from: snoopy_virtual on December 26, 2009, 10:31:59 AM

I will try to see if there is a way to put inside the mod's configuration both improvements, so everybody will be able to choose whatever works better for every particular forum.

If that's not possible and we can have only one of them, I think your solution is slightly better, but of course, before I can be sure about that, I need to see them working with real forums.

thankyou - your efforts are appreciated worldwide, I am sure   :)

Advertisement: