News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Spoof Detector

Started by Sesquipedalian, May 09, 2022, 02:46:12 PM

Previous topic - Next topic

Sesquipedalian

Link to the mod

Spoof Detector

A modification for SMF 2.1 that detects and prevents the use of Unicode character spoofing to cause mischief.

There are two main features of Spoof Detector:

  • It ensures character spoofing cannot be used to create visually confusable names. For example, if a member named "Bob" (Latin letter o) exists, this mod will prevent another member from using the name "Bοb" (Greek letter omicron).
  • It detects and prevent attempts to bypass the word censor via character spoofing. For example, if "quack" (Latin letter a) is censored, also censor "quack" (Cyrillic letter a).

Spoof Detector uses the Unicode Consortium's official list of "confusable characters" to detect spoofing attempts.


Settings

Before the mod will take effect, the admin must go to Administration Center ► Modification Settings ► Spoof Detector and run the Build Spoof Detector Lists task. This will download the latest version of the "confusable characters" list and use it to build and store a list of visually unambigous versions of members' display names.

Once that step has been completed, the following settings can be used:

  • Detect character spoofing in members' display names
  • Detect character spoofing in the word censor


Notes

  • Already existing member names are not affected by this mod. So if "Bob" and "Bοb" both already exist on your forum, they will both be able to continue using their current display names unchanged. The new rules will affect them only when one of them tries to change their display name.
  • Detecting character spoofing in the word censor may sometimes cause words to be censored incorrectly. For example, if the word "bum" is censored, the word "burn" might also be caught by the word censor, because "m" and "rn" are considered to be confusable in the Unicode Consortium's official list. To prevent a word from being censored incorrectly, just add another entry in the word censor to replace the word with itself (e.g.: "burn" => "burn").


License

Spoof Detector is released under the MIT License. A full copy of this license is included in the package file.


Changelog

Version 1.1:
  • Detects and prevents attempts to spoof reserved names.
  • Updates included data to Unicode 15.

Version 1.0:
  • Initial release
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

-Rock Lee-

Well, since I'm trying to update all my translations, I'll leave the Spanish here (Latam and es) if I don't lose practice :P.


Regards!
¡Regresando como cual Fenix! ~ Bomber Code
Ayudas - Aportes - Tutoriales - Y mucho mas!!!

Sesquipedalian

Thanks, @-Rock Lee-. I will add these and post an update soon.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Sesquipedalian

@-Rock Lee-, there are mistakes in two of the translated strings that you provided:

  • In the translation for $txt['spoofdetector_desc'], you use "charlatán" and "cuac" as examples.
  • In the translation for $txt['spoofdetector_censor_help'], you use "masticar" and "mascar", and then "car" and "ticar" as examples.

In both cases, these strings are not confusable with one another, so different examples are needed.

To fix the translation for $txt['spoofdetector_desc'], please choose one word or the other, and then simply replace a Latin letter "a" with a Cyrillic letter "а" in the second occurrence.

To fix the translation for $txt['spoofdetector_censor_help'], please use two Spanish words that are spelled the same, except that one word has the letter "m" where the other word has the letters "rn". For example, "amas" and "arnas" might work, or "matemos" and "maternos", or something like that.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

-Rock Lee-

I was guided more by the examples, but at the time of translating them they were not clear, so I used another one that could be understood and fulfilled the idea. But it still sounded somewhat shocking because I couldn't find a possible translation, with those types of examples in Spanish (at least in Argentine) because very few words can really be confused in practice, many synonyms are used when naming them. I am going to investigate what word might be used and understood, I also did not want to use one that only appears in very specific examples without making clear what it refers to  (Spanish against technical English falls to pieces :'().
¡Regresando como cual Fenix! ~ Bomber Code
Ayudas - Aportes - Tutoriales - Y mucho mas!!!

Sesquipedalian

If you think other examples would be better for Spanish, that's fine. The important part is that the example words must be visually confusable. The meaning of the example words is irrelevant. Another set of Spanish examples is "carnada" and "camada". No one would think they mean the same thing, but they look very similar in many fonts.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Sesquipedalian

This mod has been updated with Unicode 15 data, and it now detects and prevents attempts to spoof reserved names. For example, if "admin" is a reserved name, Spoof Detector will prevent users from setting their name to "αdmin" (Greek "α"), "аdmin" (Cyrillic "а"), etc.
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Advertisement: