Advertisement:

Author Topic: Stop Spammer  (Read 800287 times)

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1060 on: January 11, 2011, 05:13:17 AM »
Hi Henrik

One of the things I have in my TODO list is write a tutorial for this mod and update the FAQ M-DVD wrote in Feb 2009:

http://www.simplemachines.org/community/index.php?topic=283309.msg1920848#msg1920848

I never find time to do it, but that FAQ is a good starting point to understand the way the mod work.

A lot of things have changed in the mod since then, but I think you may find there answers for all your questions.

If after reading it you still don't understand something let me know.
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline henrik1782

  • Jr. Member
  • **
  • Posts: 252
  • SMF 2.0 RC5/Curve
Re: Stop Spammer
« Reply #1061 on: January 11, 2011, 06:32:04 AM »
Thanks snoppy...

And great work!
My favorite mods: Forum Firewall, httBL, MessagePreviewOnHover, BoardHover Mod, VB Style Board Index, Separate Replies and Views Column, Realtime clock by Joker, ENotify, Topic Solved.

PhobosK

  • Guest
Re: Stop Spammer
« Reply #1062 on: January 11, 2011, 08:25:17 PM »
As we know there is a bug in counting "Awaiting for approval" + there is another bug connected to this one:
i.e. if there are several spammers to be checked/approved (and none of their names is shown as the "Latest Member" + there is no other new user registered after them), if we delete/approve any of them (excluding the last registered) the last that have registered is shown as "Latest Member", although he is not approved yet.

I have created a patch for all this, and have tested it for a couple of days realtime, and it works fine for me. Probably a more extensive testing is needed though.

The patch is made on the basis of 1.1.12 SMF version and concerns only the Sources/Subs.php file.

Feedback is welcome...

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1063 on: January 12, 2011, 04:29:40 AM »
Thanks PhobosK. I will take a look at that.
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

PhobosK

  • Guest
Re: Stop Spammer
« Reply #1064 on: January 12, 2011, 02:12:01 PM »
I have made some more modifications and added some new features.

1. FIXED show all spammers even those that have been banned (is_activated=13 && is_spammer > 0)
2. FIXED updating of "Awaiting for approval" count, total users count etc
3. FIXED listing only active users as "Latest Member"
4. FIXED the assignment of is_activated 3 or 13 when a spammer is found, depending on the ban status of the found spammer
5. ADDED a "spam status" search criteria in the "Search Members" function
6. ADDED a "banned status" search criteria in the "Search Members" function. This should probably go to main upstream SMF branch anyway.
7. TODO adding appropriate marking of users with (is_spammer > 0 && is_activated != 3 && is_activated != 13). For example marking with an orange icon and text color of these members, so admins to have info that these users are potential spammers or whatever...
8. TODO adding an option to clear member's spam status (i.e. is_spammer) would be nice.
9. TODO adding an option to clear the blocked spammers count would be nice too.
10. TODO adding stats info about the blocked spammers in the "Registration" module options would be nice too.
I do not have time to implement these TODOs... so i leave this to others ;)

The patch should be applied on a working SMF 1.1.12 with installed StopSpammer Mod 2.3.9 (Of course that means you will need to uninstall the mod manually when a new version comes out).
The patch is with a -p1 option when put in the SMF forum folder.
The patch includes all previous modifications mentioned in my previous post(i.e. makes the previous attachment - Subs.php.diff - obsolete).
« Last Edit: January 12, 2011, 02:42:30 PM by PhobosK »

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1065 on: January 14, 2011, 07:20:07 AM »
@PhobosK>

I have started already analysing your work and found it very interesting indeed.

I didn't have time yet to analyse it properly yet, as I haven't got a lot of free time just now and I am using almost all of it to finish the tutorial for mod httpBL (that was supposed to be finished ages ago) but I can see you have already sorted a few things I had in my TODO list for mod StopSpammer, so that will save me a lot of time when I continue working on the next version for this mod. (Really appreciate that. Thanks.  ;) )

Anyway, as this support post is visited by a lot of people with very few programming knowledge, I always try to use as less technical words as possible (so everybody can understand it), so I have opened inside my personal forum a sub-forum "For developers only" where we can discuss all those new improvements (or any other new ideas anybody else may have) using a more proper language. (As I did as well for mod httpBL long time ago).

So, whenever I have time to analyse properly all the new improvements you have published here, I will be doing it inside that "For developers only" sub-forum.

If you are interested in reading it (or to participate in it) you can find it here:

http://www.snoopyvirtualstudio.com/foro/index.php?board=38.0

And thanks again for your efforts. Keep the good work!  ;)
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline grimm

  • Semi-Newbie
  • *
  • Posts: 11
  • Gender: Male
    • Schwarze-Schweiz
Re: Stop Spammer
« Reply #1066 on: January 17, 2011, 04:44:44 AM »
hello there,

I just installed your Mod but I get the error message that it cannot connect to the anti-spam database

SMF 2 RC4
Stop Spammer 2.3.9
"Closing your eyes forces you to see the darkness inside"
"Ist die Zeitkoordinate nur lang genug, sinkt die Überlebensquote für jeden auf Null…"

Chromatic-Fire Photography [nofollow] | Schwarze-Schweiz [nofollow]

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1067 on: January 17, 2011, 08:20:20 AM »
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline gizmo71

  • Semi-Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Gizmo's Gazebo
Re: Stop Spammer
« Reply #1068 on: January 20, 2011, 02:46:53 AM »
Since I upgraded to 2.3.9 on SMF 1.1.12 I've been seeing a lot of these in my error log:
Code: [Select]
8: Undefined index: id
File: ..../smf/Sources/ManageMembers.php
Line: 745

It looks like this code is wrong:
Code: [Select]
// Don't report yourself, idiot :P
if ($value == $user_info['id'] || '1' == $value)
unset($_POST['todoAction'][$key]);
and should actually say
Code: [Select]
// Don't report yourself, idiot :P
if ($value == $ID_MEMBER || '1' == $value)
unset($_POST['todoAction'][$key]);
to match the piece of code it's appended to. Looks like it's been copied over to SMF 1 from the SMF 2 version.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,648
    • StoryBB/StoryBB on GitHub
Re: Stop Spammer
« Reply #1069 on: January 20, 2011, 03:28:35 AM »
$user_info['id'] exists in SMF 1.1.x as well, just it's not brought into scope.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1070 on: January 20, 2011, 04:33:14 AM »
I saw it in my logs a couple of days ago as well.

I haven't said anything about it because it's only an error in the logs not affecting at all the way the mod is working, so I think it's not urgent.

I used $user_info['id'] instead of $ID_MEMBER because $user_info was already declared global in that function and $ID_MEMBER wasn't, and I didn't want to declare more globals if we didn't need them.

But it seems that, even with $user_info declared global at that point, $user_info['id'] has not been defined. (Don't really see why).

Anyway, thinking about that, I realized we don't need to check if the user is the admin there or not, because that part is inside the list of members waiting for approval or waiting for activation, and I don't think it would be possible that any admin could be in any of those lists.

So I think I should change all that part from:

Code: [Select]
// Clean the input.
foreach ($_POST['todoAction'] as $key => $value)
{
$_POST['delete'][$key] = (int) $value;
// Don't report yourself, idiot :P
if ($value == $user_info['id'] || '1' == $value)
unset($_POST['todoAction'][$key]);
}

To just:

Code: [Select]
// Clean the input.
foreach ($_POST['todoAction'] as $key => $value)
$_POST['delete'][$key] = (int) $value;

Either that or declare $ID_MEMBER as global and use it instead of $user_info['id'].

Also I don't think it has anything to do with SMF 1 or 2. I suppose the error must be the same in both of them.

The problem I have is I am having lately almost no spammers at all, so it's not easy for me to check all this.

I have even set up 2 new forums (one with SMF 1.1.12 and another one with SMF 2.0 RC4) with no other anti-spam things (no mod httpBL, no captchas, no anti-spam questions, etc) only with mod Stop Spammer, to see if I can check all this, but even with no more anti-spam measures, I am getting only 2 or 3 spammers a week, so it's not easy to do tests.

As soon as I found out what is the best way I will add it to the new version I'm doing.
« Last Edit: January 20, 2011, 04:37:06 AM by snoopy_virtual »
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,648
    • StoryBB/StoryBB on GitHub
Re: Stop Spammer
« Reply #1071 on: January 20, 2011, 04:35:48 AM »
Quote
Also I don't think it has nothing to do with SMF 1 or 2. I suppose the error must be the same in both of them.

SMF 2 doesn't have $ID_MEMBER...
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1072 on: January 20, 2011, 04:44:35 AM »
So to avoid problems it would be better to use $ID_MEMBER for SMF 1.x and $user_info['id'] for SMF 2.x

Ain't it?
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,648
    • StoryBB/StoryBB on GitHub
Re: Stop Spammer
« Reply #1073 on: January 20, 2011, 04:51:52 AM »
Well, I'd say use $user_info['id'] or $context['user']['id'] if they've been declared, because they should be consistent...
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1074 on: January 20, 2011, 05:20:37 AM »
That's what I thought and that's why I used $user_info['id'], but apparently the key "id" has not been defined at that point yet.

Anyway all that is a little rhetorical. As I said I don't think we even need any of them at that point:

All that is inside a function to report to Stop Forum Spam members inside the "Waiting for Approval" and "Waiting for Activation" lists and I cannot see any situation where an admin can be in any of those lists.
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,648
    • StoryBB/StoryBB on GitHub
Re: Stop Spammer
« Reply #1075 on: January 20, 2011, 05:51:51 AM »
There is one situation where an admin might, actually. When an email address changes, the common scenario is for email re-activation (which occurs by fudging is_activated in the members table for that user) and even an admin should require reactivation IIRC.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1076 on: January 20, 2011, 06:05:24 AM »
True enough. You are right (as usually ;D )
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline gizmo71

  • Semi-Newbie
  • *
  • Posts: 16
  • Gender: Male
    • Gizmo's Gazebo
Re: Stop Spammer
« Reply #1077 on: January 20, 2011, 06:18:45 AM »
You've used $ID_MEMBER in the delete section (directly above the one that's wrong) - they should at the very least be consistent. ;)

Personally I'll patch it via my own mod until it's fixed (like I did with the last undefined index problem); I scan the error log at least once a week as it's a useful way to spot hacking attempts and other hidden problems.

Offline snoopy_virtual

  • Sophist Member
  • *****
  • Posts: 1,156
  • Gender: Male
    • jcredondosnoopy on Facebook
    • Snoopy Virtual Studio
Re: Stop Spammer
« Reply #1078 on: January 20, 2011, 06:42:20 AM »
In the other section (when you are viewing all the members) it uses in fact $ID_MEMBER, but that variable is declared global before.

If you want to use it as well in the other section you need to remember to declare it global before using it or you will get an error.
El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Offline SiL

  • Semi-Newbie
  • *
  • Posts: 18
Re: Stop Spammer
« Reply #1079 on: January 20, 2011, 07:38:37 PM »
I have made some more modifications and added some new features.

5. ADDED a "spam status" search criteria in the "Search Members" function
6. ADDED a "banned status" search criteria in the "Search Members" function. This should probably go to main upstream SMF branch anyway.

I had played with a few options in the search members functions too, one was to find members with any of the three criteria (ip,uid,email) and another check mark to display the "is_spammer" value just to verify the values set for the SFS data looked up. I haven't had the time to look closely at StopSpammer agin for a while, but a bit of free time over xmas break allowed me to see where the mod had been going.

Quote
7. TODO adding appropriate marking of users with (is_spammer > 0 && is_activated != 3 && is_activated != 13). For example marking with an orange icon and text color of these members, so admins to have info that these users are potential spammers or whatever...
8. TODO adding an option to clear member's spam status (i.e. is_spammer) would be nice.
9. TODO adding an option to clear the blocked spammers count would be nice too.
10. TODO adding stats info about the blocked spammers in the "Registration" module options would be nice too.
I do not have time to implement these TODOs... so i leave this to others ;)

The way I see it is that the "is_spammer" db is a binary bitwise entry that represents the data (email,uid,ip) as the 3 bits of tinyint. This entry is then also used for status for spammer/not spammer.  It then requires a bit of extra processing in the registration section, so that the admin/mod can allow/refuse registration. As you can see in {7.} above, the simple test is that if any of the criteria are met, (is_spammer >0) the "status" is set for is spammer.

Which perhaps defeats the potential value of weighting the data that SFS supplies (i.e. bit 2="4" = email;   bit 1 = "2" = uid;  bit 0 = "1" = ip;)
And because the "is_spammer" db is used for status, it makes it a bit more of a challenge to correct false positives and also clear the spammer status even if SFS has an entry in some of the fields.

I've looked at the db entries, and one way to make the processing of the spammer status and registration and clearing of that status easier would be to have a separate boolean value for "is_spammer" (lets call it "spammer_confirmed").  That way the algorithm for making the decision could be put in one place, perhaps easier adjusted or modified, have variable settings according to the end users preference (as I suggested earlier, the integer value of "is_spammer" equal to or greater than three as an automatic threshold is one option to fix false positives).

It could be added by changing "is_spammer" to TINYINT(4) and setting the most significant bit as the actual "spammer_confirmed" status, (or just adding a simple boolean to the block of settings an calling it "stopspammer_confirmed" or something similar).

To go with this, I would add an extra colour to the stopspammer icons, which is orange (warn). What this would mean is that this member has any of the "is_spammer" bits 0,1,2 set (i.e. there is some data present at SFS for this potential or already registered member).  When a member is actually identified as a spammer, either through the logic of the mod itself or by an admin/mod identifying spammer activity, bit 3 is set (i.e. "is_spammer" >= "8") and the icons are set to red. {or the setting "stopspammer_confirmed" is set}

To go with this would be a user setting for an automatic spammer threshold, which uses the integer value of "is_spammer".

perhaps "Paranoid" = is_spammer >= 1
            "Cautious" = is_spammer >=3
            "Safe" = is_spammer >=5

Once over the threshold the "spammer_confirmed" status could be automatically set.
What would then be visible for the admin is the orange flag members who are below the threshold, but may need to be observed. The options for enabling/disabling checking ip,uid,email in the settings would not be needed, for all three would always be looked up. 

Alternative settings items would be for an "automatic" processing {on/off}, and the integer value for the threshold for setting the "spammer_confirmed" flag. Clearing the "spammer_confirmed" flag would be a straightforward action for clearing a member's spam status (as in 8. above)

I hope this suggestion provides some "food for thought"

Sil