Stop Forum Spam

[uberjon]

i believe, that it would so a "search" for email for "*@hotmail.co.uk"

in the manner that * != wildcard but = a digit/symbol/letter

also keep in mind, that on a select query for MYSQL a wildcard would be done like:

Code Select Expand


select email from bans where email like '%*@hotmail.co.uk%'


the % is the wildcard, not the *

few suggestions!

logging system for allowed and disallowed registrations and appealed registrations (yes appealed) if a user is denied. let them send an email or something to appeal it.

or!

don't "deny" registrations, have them set automatically to say group "spammers" (with no profile/post permissions/pm) THEN let them appeal via PM (only allow them to pm admin #1)

just a couple ideas. i do know the denied users on VB are suggested to appeal via contact form.. (and that it has a simple log system)

[Insight]

LOL

Duhhhh, of course * isn't a wildcard

Hahahaha, I obviously been in contact with my blonde gf too long. You would think after working with SQL for 8 years I would have known that...


Shoot me, shoot me now

[islam2hamy]

thank you for this good mod,
i have translate it to Arabic.

[islam2hamy]

the new Version translated .

attached

[ITA003]

thanks!

[islam2hamy]

you are welcome. 

[CrankyOldguy]

What are your guys thoughts on their data?
...

They also do a lot of IP banning which is fairly useless and only really risks banning genuine people.

I've ranted elsewhere about ANY anti-spam database.  StopForumSpam is no better or worse.  The problem is that the entries are put there by PEOPLE.  People make mistakes, get sloppy, and have grievances about other people, leading to overly-broad bans OR the occasional forum owner that lists a real person merely because they don't like them...  I know at least TWO forum owners that are petty enough to have included me in the StopForumSpam database if they had any clue about my real IP address or e-mail (I spoof whenever possible).   

Also, the kiddies using Xrumer are running it through proxies AND through botnets.  The botnet entries are real people that sadly have their home PC infected with trojans, giving the botnet owners remote-control over their PC.  Eventually the infected people will clean up their PC, but that won't remove them from the StopForumSpam database.

The same is true for web proxies.  I'm using one now.    After the initial spam surge on our forums in October when Xrumer 5.0a was released, we locked 'em down with reCAPTCHA.  SOME proxies work OK with reCAPTCHA, some don't.  Also, in the month or so since we've had reCAPTCHA installed, we've had two real people register using proxies that had already been blacklisted in the SFS database by IP address.  If we'd used this mod and blocked by IP, then neither of those two humans would have been able to register...

The data is flawed, and if you use it to automatically deny registrations then you WILL be missing out on a few real people.

Blocking by the full e-mail is slightly better, HOWEVER the forum spam tool (Xrumer) allows them to generate random e-mail addresses at gmail every day if they choose.  That means they slip through the net every time they get a new e-mail.  That's not very handy if you're trying to get rid of the spammers.  You're still stuck playing 'Whack-A-Mole'.

reCAPTCHA isn't perfect.  I've had people using IE that couldn't get it to work.  Not all, but some.  Also, reCAPTCHA doesn't work through most proxies.  People in restrictive regimes that filter Internet content (China, Iran, Britian and now Australia) frequently surf via proxy to get to what they want to see.  That'll get them banned in the StopForumSpam database once a spammer uses the same proxy.

It's far from a perfect world, and there is no perfect solution.  Personally, I use the StopForumSpam info, but I also look at everyone that it flags.  Sometimes it's just flat wrong, and they turn out to be people instead of web 'bots.

[BlessedMonkey]

Maybe I'm missing something ...

I manually installed this in my forum earlier and I checked all three boxes, check email, IP and username. Since then I've already had somebody try to register and it didn't reject them, even though when I ran their details through the Stop Forum Spam database they were listed there several times.

Anything I should be checking because, judging by other posters, it seems this add-on should definitely be working - and worth its weight in gold if it does the job!

[ITA003]

The forum url?

[Insight]

It doesn't really work though, it just blanket bans loads of potential users by banning email and IP addresses, all of which can be spoofed / reused.

Captcha + Are you human seems to have stopped the 4 pages of spam bots I had sign up each day dead but doesn't hurt actual users who don't even get the chance to prove they are genuine using stopforumspam.

[BlessedMonkey]

The forum url?

Sorry for the slow response, been slightly busy tending to what passes for life ..


My forum is at hxxp:www.thesoggypineapple.com [nonactive]

I've had a few listed on Stop Forum Spam trying to join and it's seemingly not rejected them, I've had to check them myself, nor is it keeping a log of those rejected if it is working. As far as I can tell, I made all the changes listed and I've uploaded the two files - and it's appearing in my registrations settings.  I'm confused lol

Thanks for any info.

[ITA003]

I've had a few listed on Stop Forum Spam trying to join and it's seemingly not rejected them, I've had to check them myself, nor is it keeping a log of those rejected if it is working. As far as I can tell, I made all the changes listed and I've uploaded the two files - and it's appearing in my registrations settings.  I'm confused lol

The rejected user are logged in forum log with messagge like this:

The user USERNAME with Email EMAIL (IP IPADDRESS) is a Spam, please contact forum administrator.

The same showed to user.

I manually installed this in my forum earlier and I checked all three boxes, check email, IP and username. Since then I've already had somebody try to register and it didn't reject them, even though when I ran their details through the Stop Forum Spam database they were listed there several times.

Why do you install it manually?

Make sure that do you apply correctly your Register.php file.

[BlessedMonkey]

Hi.

I installed it manually as I'm running a custom theme and wasn't sure if the automatic install would work, and there weren't many steps involved.

As far as I can see all of the steps in the manual install were followed and took correctly, I did a find on the new code and all changes were present, which is what's confusing me. I'm not seeing any forum error log entries relating to it though, so something's up somewhere. I've no doubt that it's something I've done wrong lol

Anyhoooo. I can't work on it tonight, too tired, but will uninstall the plugin tomorrow (I have a backup of the forum I can copy the unaltered files from rather than do deleting bits) and give it another try.


EDIT: I installed the update (again manually) into a test forum I use to mess around with - and using details taken from the SFS database I got the correct rejection. So, obviously I've messed up the install in the live forum - I need shooting, I know. Anyway, I should be able to just copy the altered files from the test forum and upload them to the live one. Hopefully that'll sort it. If it doesn't, I'll come back and beg for more help lol

Thanks for the advice, much appreciated!


UPDATE: couldn't sleep so gave copying the test forum's files across - and it seems to have solved it, it caught a test registration. Sorry for wasting your time, I should have known I'd simply messed up somewhere *sigh* ... thanks for the help, and for creating what looks to be a very useful addon!

[Rasyr]

The rejected user are logged in forum log with messagge like this:

The user USERNAME with Email EMAIL (IP IPADDRESS) is a Spam, please contact forum administrator.

By this, are you referring to the "Forum Error Log" or to the "Moderation Log"?

Personally, I would prefer it to show up in the moderation log, not the forum error log (since I have that turned off cause another mod is generating a ton of mild errors (which I have not figured out how to fix yet).

[HR]

Hmm install fails on register template.. cant find "<td width="100%" colspan="2" align="center">" anywhere.. can somebody give me a heads up on the above and below of it in Register.template.php?

[ITA003]

Can you send me the Register template file?

[ITA003]

The rejected user are logged in forum log with messagge like this:

The user USERNAME with Email EMAIL (IP IPADDRESS) is a Spam, please contact forum administrator.

By this, are you referring to the "Forum Error Log" or to the "Moderation Log"?

The Forum Error Log.

[HR]

Can you send me the Register template file?

I got it.. just had to look at a default template (clean) and place accordingly.

[HR]

I have to tell you, Ive installed this on 2 1.1.7 boards and the response has been overwhelming. On my test board alone its stopped over 15 spam registrations and on a fully active forum its stopped over 50 in the last week.

Great work!

[HR]

Any chance you can port this to 2.0? There is another but I have issues with it and it doesnt have an off switch lol