Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

M-DVD

Link to the mod

MOD Stop Spammer v2.4.0
==================


Author:Matthias
Past Releases:M-DVD and snoopy_virtual
Version:2.4.0
Release:5th February 2021
Compatible With:SMF 1.1.1 - 1.1.12
SMF 2.0.15 - 2.0.18
Languages:




Read FAQ

Features:

If you don't know how this mod works you can find more info here and inside the official mod's support thread.

Thanks to 'Stop Forum Spam' for your DB and APIs.

Thanks to WhatsTheRent and KahneFan for idea.

uberjon

are there any adjustable settings? i don't see any in the acp? looks great on paper so far. hope its as good in reality!

Acans

This will work with keeping auto's that post links and porn and such right?, or does one need to be banned first
"The Book of Arantor, 17:3-5<br />  And I said unto him, thy database query shalt always be sent by the messenger of $smcFunc<br />  And $smcFunc shall protect you against injections and evil<br />  And so it came to pass that mysql_query was declared deprecated and even though he says he is not dead yet, the time was soon to come to pass when mysql_query shall be gone and no more."

uberjon

Quote from: α¢αηѕ on December 31, 2008, 09:53:43 AM
This will work with keeping auto's that post links and porn and such right?, or does one need to be banned first

if i add a bot to the SFS (stop forum spam) database, and the bot trys to register on your site it will detect it as a bot ;)

WhatsTheRent

Thanks for doing this, I think it will be very helpful is stopping spam.  That database is actually quite large and gets updated often

Is there a master on/off switch for this app somewhere in the settings?

thanks again

M-DVD

Quote from: uberjon on December 31, 2008, 08:10:21 AM
are there any adjustable settings? i don't see any in the acp? looks great on paper so far. hope its as good in reality!

No, not yet. Installed and working.

Maybe, then add an option to enable and disable.

Quote from: α¢αηѕ on December 31, 2008, 09:53:43 AM
This will work with keeping auto's that post links and porn and such right?, or does one need to be banned first

If you already have registered spammer, then not, you have to manually banned or delete.

The MOD, blocks Spammer at the time they are register.

Once blocked you can check if it was a false positive, you can left blocked, reject, delete or ban.

It also has a counter of all the blockade that has made the MOD.

Quote from: uberjon on December 31, 2008, 10:23:43 AM
if i add a bot to the SFS (stop forum spam) database, and the bot trys to register on your site it will detect it as a bot ;)

Yes, thanks :)

In the DB of SFS there are many Spammer reported that serve everyone. And everyone can contribute reporting more and more spammer and increase the DB.

Quote from: WhatsTheRent on January 01, 2009, 03:47:29 PM
Thanks for doing this, I think it will be very helpful is stopping spam.  That database is actually quite large and gets updated often

Is there a master on/off switch for this app somewhere in the settings?

thanks again

Thank you. In the next version, I will add this function.

If have more ideas for improving the mod and add more features, then I can do one update with all the latest features.


edi67

CrazyZone - My SMF Forum


From the difficult the hardening of the man you can see

edi67

weel i noticed one problem , installed and all work ok but here is one problem for over 1 hour i trying to register as new user in my forum using data of spammer (email or name of spammer registered in Stop forum Spam) and for all this time i cannot register cause my registration form give me always his error:

Error with DB Anti SPAM. Connection Failed.

Well as i see nobody can register in my forum when MOD cannot connect to DB of stop frm spam, and this happen a lot o time... so i need to unistall it for make my users register without problem.
Some solution for have one connectionmore stable ?
CrazyZone - My SMF Forum


From the difficult the hardening of the man you can see

M-DVD

Quote from: edi67 on January 04, 2009, 05:51:40 AM
weel i noticed one problem , installed and all work ok but here is one problem for over 1 hour i trying to register as new user in my forum using data of spammer (email or name of spammer registered in Stop forum Spam) and for all this time i cannot register cause my registration form give me always his error:

Error with DB Anti SPAM. Connection Failed.

Well as i see nobody can register in my forum when MOD cannot connect to DB of stop frm spam, and this happen a lot o time... so i need to unistall it for make my users register without problem.
Some solution for have one connectionmore stable ?

Hi.

Can be three cases:

1.- The StopForumSpam website was down at that time. (*)

2.- The SFS website has no range up to your site host. (*)

(*) sorry if my translation isn't a sentence technically correct.

3 .- Your host has disabled fsockopen().

For this case you can try this mod. cURL fetch_web_data

WVHunter

I have the same issue as reported by someone else.

I have a person trying to register.  I have exchanged emails with him several times and walked him through the steps of registering.  Telling him to make sure he types the letters in the box as exact (Spam Bot Mod) and to answer the question that is asked (I believe this is your Mod - Stop Spammer).

He is reporting the following:

An Error Has Occurred! Error with DB Anti SPAM. Connection Failed.

He has tried twice to register and cannot.

Does your Mod work with SMF 1.1.7 and the Mercury Theme?

I am currenlty trying your cURL fix, but don't know if I need it or not.

Thanks in advance.

M-DVD

Yes, it works with SMF 1.1.X, and the theme shouldn't influence the register.
   
Only happens to that person? Have you tried registering yourself?

Try using the MOD aldo's. I think that your host server haven't enabled fsockopen function, then, you can try using cURL.

Otherwise should be the other cases.

Tell me the results.

WVHunter

Quote from: M-DVD on January 27, 2009, 10:33:36 PM
Yes, it works with SMF 1.1.X, and the theme shouldn't influence the register.
   
Only happens to that person? Have you tried registering yourself?

As far as I know with that one person, yes.  Yes I registerd my self with another identity and email.  It worked for me once, but after deleting that account I tried again since this other person told me of his problem.  Now I get registered buy am not getting my activation code email.  Tried several times now and nothing.

QuoteTry using the MOD aldo's. I think that your host server haven't enabled fsockopen function, then, you can try using cURL.

I have downloaded and installed this MOD as well and still nothing.  I get registered and not getting my activation code email.

Activation code email is enabled in registration setup.

M-DVD

Ok, let me sort the ideas, i think i understood.

1.- Installing the MOD.

2.- Making the test, you registered pretending to be a normal user (in action=register) (not from the administration panel). And you registered with no problems.

3.- Later, a user will notify you the problem.

What was the problem? Would not connect with the DB? not had the activation code?.

¿I understood right?

HR

Any idea as t owhen you'll be putting in the 'off switch'?

I can explain this as simply as possible.. If I do it & implement I guarantee it.
If I do it and you implement it its a crap shoot.

M-DVD

Quote from: HR on February 04, 2009, 09:46:31 AM
Any idea as t owhen you'll be putting in the 'off switch'?


Yes, in this weeks, I will release a new version that will have some improvements, and also it function. :)

snoopy_virtual

Hi M-DVD

First of all thanks for your work.

I was having a lot of work fighting spammers until I found www.stopforumspam.com because I administer 10 different forums.

My first idea when I found them was to do a mod myself for SMF, but then I found your mod already done, so if you don't mind I am going to use your mod instead and try to add a few things if I can.

The fist thing I have found is a small mistake in your function chekDBSpammer.

I found it because I had in one of the forums I administer 600 members before I installed your mod.

In this particular forum 3 months ago there were only 30 members (it was open 2 years ago) and I was sure it was impossible all these 570 new members were all honest ones, so I started checking one by one in www.stopforumspam.com

That's a lot of ctrl+c ctrl+v so I decided to add to your mod a button to check all the members already in the forum in just one "click".
But it didn't work. I was getting all the time the same message some people are reporting here:

An Error Has Occurred! Error with DB Anti SPAM. Connection Failed.

Then I did instead a button to check just one member and everything was going right until I arrived to a particular member that was giving me the same error message again all the time.

Then I realized the difference. This member had chosen a username with a white space in the middle.

For example if you check username=pericolospalotes or username=perico_los_palotes you get no error, but if you check username=perico los palotes you get that error.

Then I went to www.stopforumspam.com and try to check manually that username and found out that their search script had changed it to username=perico+los+palotes

So the solution is obvious:

I just added the line:


$check_name = str_replace(" ", "+", $check_name);


Just at the beginning of the function, after the line:


global $sourcedir;


And now I have no problem with the buttons and I can check all the 600 members in less than 2 seconds. (By the way, 550 of them were actually spammers. I knew it.)

May be the people that were getting the same error were checking also usernames with white space in the middle. If this is the case it will be sorted just adding that line.

If you want to add to your mod the button to check all the members in the forum, the code I have been using is:


$result = db_query("
  SELECT ID_MEMBER, memberName, emailAddress, memberIP
  FROM {$db_prefix}members
", __FILE__, __LINE__);

while ($row = mysql_fetch_assoc($result))
{
  $members[] = array(
    'id' => $row['ID_MEMBER'],
    'username' => $row['memberName'],
    'email' => $row['emailAddress'],
    'ip' => $row['memberIP']
  );
}
mysql_free_result($result);

foreach ($members as $member)
{
  $userid = $member['id'];
  $grado_spam = chekDBSpammer($member['ip'], $member['username'], $member['email']);
  if ($grado_spam != 0)
  {
    db_query("
      UPDATE {$db_prefix}members
      SET is_spammer = $grado_spam
      WHERE ID_MEMBER = $userid
    ", __FILE__, __LINE__);
  }
}


Anyway it's not finished, it has a few mistakes.

For example it set is_spammer = 2 to honest members with common names like "george" or "ruth", so I will need to add another button to tell the script "this member is not spammer" (I have been doing it today changing it manually inside the database, as they were just a few of them) and I will need to finish the HTML to put it properly inside the template (I have been using it in a separate page just linked to the forum via SSI) but it's a start.

Anyway I am more interested in develop a couple of buttons properly done inside the profile page (in admin mode only, of course). One for "check this user to see if it's a spambot" (if I am suspicious with somebody)  and another one for "Submit this member's details to stopforumspam database" (before I delete a spammer).

If I have some free time and I do them before you do them yourself I will send you the code.

And again congratulations for your work.

I really like the way you write code.  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

M-DVD

Quote from: snoopy_virtual on February 06, 2009, 01:40:10 AM
Hi M-DVD

First of all thanks for your work.

Thank you.

Quote from: snoopy_virtual on February 06, 2009, 01:40:10 AM
In this particular forum 3 months ago there were only 30 members (it was open 2 years ago) and I was sure it was impossible all these 570 new members were all honest ones, so I started checking one by one in www.stopforumspam.com

That's a lot of ctrl+c ctrl+v so I decided to add to your mod a button to check all the members already in the forum in just one "click".

If I understand correctly, precisely is (* similar) to one of the improvements that will bring the next version (which I don't know whether to call it version 1.1 or 2.0). :P

(*) Exactly so: "One for "check this user to see if it's a spambot" (if I am suspicious with somebody)"

Quote from: snoopy_virtual on February 06, 2009, 01:40:10 AM
But it didn't work. I was getting all the time the same message some people are reporting here:

An Error Has Occurred! Error with DB Anti SPAM. Connection Failed.

Then I realized the difference. This member had chosen a username with a white space in the middle.

For example if you check username=pericolospalotes or username=perico_los_palotes you get no error, but if you check username=perico los palotes you get that error.

Then I went to www.stopforumspam.com and try to check manually that username and found out that their search script had changed it to username=perico+los+palotes

So the solution is obvious:

I just added the line:


$check_name = str_replace(" ", "+", $check_name);


Just at the beginning of the function, after the line:


global $sourcedir;


Thanks, was beginning to think that the error could be in some char. A improvement would allow them to see the users with this problem (it wouldn't prevent its registration, but would give them a different "mark"). But you have saved me a lot of work.   :D


Quote from: snoopy_virtual on February 06, 2009, 01:40:10 AM
And now I have no problem with the buttons and I can check all the 600 members in less than 2 seconds. (By the way, 550 of them were actually spammers. I knew it.)

If you want to add to your mod the button to check all the members in the forum, the code I have been using is:


$result = db_query("
  SELECT ID_MEMBER, memberName, emailAddress, memberIP
  FROM {$db_prefix}members
", __FILE__, __LINE__);

while ($row = mysql_fetch_assoc($result))
{
  $members[] = array(
    'id' => $row['ID_MEMBER'],
    'username' => $row['memberName'],
    'email' => $row['emailAddress'],
    'ip' => $row['memberIP']
  );
}
mysql_free_result($result);

foreach ($members as $member)
{
  $userid = $member['id'];
  $grado_spam = chekDBSpammer($member['ip'], $member['username'], $member['email']);
  if ($grado_spam != 0)
  {
    db_query("
      UPDATE {$db_prefix}members
      SET is_spammer = $grado_spam
      WHERE ID_MEMBER = $userid
    ", __FILE__, __LINE__);
  }
}


Anyway it's not finished, it has a few mistakes.

For example it set is_spammer = 2 to honest members with common names like "george" or "ruth", so I will need to add another button to tell the script "this member is not spammer" (I have been doing it today changing it manually inside the database, as they were just a few of them) and I will need to finish the HTML to put it properly inside the template (I have been using it in a separate page just linked to the forum via SSI) but it's a start.

Wow, this idea is very good, ¿i can add this feature in the MOD?  :P

Quote from: snoopy_virtual on February 06, 2009, 01:40:10 AM
If I have some free time and I do them before you do them yourself I will send you the code.

And again congratulations for your work.

I really like the way you write code.  ;)

The updating I have made already, I expected test it today or tomorrow. (If I add your code, maybe, it will take tomorrow or sunday).

Thank you too :D

snoopy_virtual

#17
You can use and modify any part of my code you want. No problem at all.

I think that free code is always better (that's why I use Linux)  :)

Just another small bug. Well, it's not a different one, it's the same one really but in your function sprintfspamer:

The variable $value can be either the username, the email, etc and you send a query to stopforumspam with that value:


<a href="http://www.stopforumspam.com/search?q=' . $value . '" target="_blank">


If $value is the username and it has white space, we have the same problem as before, so I would change the function like this:


function sprintfspamer($value, $url, $is_spamer, $type)
{
global $txt, $settings;

$value2 = str_replace(" ", "+", $value);
$format1 = ($is_spamer && $is_spamer >> ($type - 1) & 1)
? '<a href="http://www.stopforumspam.com/search?q=' . $value2 . '" target="_blank"><img src="' . $settings['images_url'] . '/icons/spammer.gif" alt="[' . $txt['manage_search'] . ']" title="' . $txt['stopspammer_title'] . '" style="vertical-align: middle" /></a>'
: '';
$format2 = $is_spamer ? array('<span class="error">', '</span>') : array('', '');

return $format1 . '<a href="'. $url . '">' . implode($value, $format2) . '</a>';
}


Note that I have changed $value with $value2 only in the query, not inside the last line. This way you send the query without white space but you leave untouched the name when you write it on the screen.




By the way, I think the way you use the binary numbers in the line:


$format1 = ($is_spamer && $is_spamer >> ($type - 1) & 1)


Is just brilliant. I really love it.

Do you know that in this world there are 10 kind of people?

  - Those who understand binary numbers.

  - And those who don't.

8)




Another idea I was just starting to develop is a button to submit the details of any spammer to stopforumspam's database.

The first thing you will need is a link (somewhere in the admin section) to stopforumspam to request an API key, because to be allowed to submit spammers details to stopforumspam's database you need to get one first.

The link need to point to:

http://www.stopforumspam.com/signup

And you will need an option to save the API key inside the settings table in our database to have it later as the variable $modSettings['api_key']

You could also add another value to the members database (apart from the value is_spamer to see if the member is a bad guy) another one to see if the details had been already submited (just a "yes" or "no").

Then inside the profile page of every member Profile.template.php you can add a conditional:

If (this guy is a spammer && the details hadn't been submitted yet)
{
    if (we already have an API key)
    {
        echo a button to submit details
    }
    else
    {
        echo the link to get an API key and the option to save it in the database
    }
}

The button could be a link to $scripturl . '?action=profile2; with a new subaction sa=submitSpammer

Then inside Sources/Profile.php we put a new function for this new subaction to actually submit the details.

There are a couple of ideas inside stopforumspam to do that.

I like for example this one:


function PostToHost($host, $path, $data_to_send) {
    $fp = fsockopen($host,80);
    fputs($fp, "POST $path HTTP/1.1\n" );
    fputs($fp, "Host: $host\n" );
    fputs($fp, "Content-type: application/x-www-form-urlencoded\n" );
    fputs($fp, "Content-length: ".strlen($data_to_send)."\n" );
    fputs($fp, "Connection: close\n\n" );
    fputs($fp, $data_to_send);
    fclose($fp);
}

PostToHost("www.stopforumspam.com", "/post.php", "username=" . $member['username'] . "&ip_addr=" . $member['ip'] . "&email=" . $member['email'] . "&api_key=" . $modSettings['api_key']);


The only thing I don't know is what will happen if the username has white space.

Maybe we will need to change it to "+" or to "%20" before submit it. I don't know.

I will try it and I will tell you.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

M-DVD

#18
Quote from: snoopy_virtual on February 07, 2009, 06:28:53 AM
You can use and modify any part of my code you want. No problem at all.

I think that free code is always better (that's why I use Linux)  :)

Thanks, I will add this feature.  :D

I am not yet decided whether to put a button to check all members, or (using the list) to review only selected members.  :-\

Quote from: snoopy_virtual on February 07, 2009, 06:28:53 AM
Just another small bug. Well, it's not a different one, it's the same one really but in your function sprintfspamer:

The variable $value can be either the username, the email, etc and you send a query to stopforumspam with that value:


<a href="http://www.stopforumspam.com/search?q=' . $value . '" target="_blank">


If $value is the username and it has white space, we have the same problem as before, so I would change the function like this:

Thanks again. This function had many changes to adapt to the new version v1.1, but hadn't corrected this.  :-[


Quote from: snoopy_virtual on February 07, 2009, 06:28:53 AM
By the way, I think the way you use the binary numbers in the line:


$format1 = ($is_spamer && $is_spamer >> ($type - 1) & 1)


Is just brilliant. I really love it.

Do you know that in this world there are 10 kind of people?

  - Those who understand binary numbers.

  - And those who don't.

8)

Yes XD.

This line also changes.

$suma += ('yes' == $q_is_spammer[2][$key]) * ('ip' == $value ? 1 : ('username' == $value ? 2 : 4));

Now:

$suma += ('yes' == $q_is_spammer[2][$key]) << ('ip' == $value ? 0 : ('username' == $value ? 1 : 2));

The binary operations better and faster than arithmetic operations :P

Quote from: snoopy_virtual on February 07, 2009, 06:28:53 AM
Another idea I was just starting to develop is a button to submit the details of any spammer to stopforumspam's database.

The first thing you will need is a link (somewhere in the admin section) to stopforumspam to request an API key, because to be allowed to submit spammers details to stopforumspam's database you need to get one first.
--
The only thing I don't know is what will happen if the username has white space.

Maybe we will need to change it to "+" or to "%20" before submit it. I don't know.

I will try it and I will tell you.

I had intended to include the APIkey, but, It is a good idea?, while i decide this, i think leave this feature for another version, although it would be better in a single release.

--

Good text in your signature  8)

snoopy_virtual

Quote from: M-DVD on February 07, 2009, 09:10:09 AM

I am not yet decided whether to put a button to check all members, or (using the list) to review only selected members.  :-\


Maybe better only with selected members, because anyway if you try to check too many in one go sometimes the server reach the time execution limit and the script just stop working.


Quote from: M-DVD on February 07, 2009, 09:10:09 AM

This line also changes.

$suma += ('yes' == $q_is_spammer[2][$key]) * ('ip' == $value ? 1 : ('username' == $value ? 2 : 4));

Now:

$suma += ('yes' == $q_is_spammer[2][$key]) << ('ip' == $value ? 0 : ('username' == $value ? 1 : 2));

The binary operations better and faster than arithmetic operations :P


I was going to tell you that as well and forgot it.

Better like that.

Quote from: M-DVD on February 07, 2009, 09:10:09 AM

I had intended to include the APIkey, but, It is a good idea?, while i decide this, i think leave this feature for another version, although it would be better in a single release.


I think it's a good idea, but of course it's up to you. It's not a big deal to send them manually, but the problem is that I am too lazy and always prefer to have as much as possible with just one click.  8)

I will wait anyway to see your new version to see what options you add and then I will try it to see if I still miss anything.

Quote from: M-DVD on February 07, 2009, 09:10:09 AM

Good text in your signature  8)


I don't remember where I got it from, but it's because I don't like the people who talk when they have nothing important to say.  ;)

(For the english people, the text in my signature means: "The true wise man is the one who see a lot, study a lot, analyse a lot and disturb very little")

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Advertisement: