PDA

View Full Version : Scheduled Task to Ban BugMeNot


Zabadab
05-01-2006, 10:00 PM
Warning: Aparently this does not work with the latest vBulletin.

What is it?
One line summary: This "hack" allows you to ban publically shared accounts that come from a website called BugMeNot

More detailed summary: People visit BugMeNot to share accounts from websites that require registration. While this is great for websites such as the New York Times' site (which requires log-in to read articles), it is heavily annoying for forum communities as users will usually use these accounts to grab a bunch of attachments and will never actually contribute anything useful.

What does this script do?
I have written a scheduled task that will visit BugMeNot and retrieve a list of all shared accounts for your forum. All users on this list will then be banned. This is useful for two reasons:
You don't need to visit BugMeNot constantly to manually ban the accounts.
If you enabled attachments, you will be able to cut down on leeching.


What's new?
Version 1.3
FIXED: Infinite loop due to BugMeNot changing account listing URL with 301 redirect.
ADDED: Option for extra verboseness.
Version 1.2
FIXED: Infinite loop when no accounts found due to BugMeNot now returning 404 response code.
FIXED: allow_url_fopen php.ini setting is now no longer required to be enabled.
FIXED: Rewritten BugMeNot parser to use custom-coded HTML downloader.
Version 1.1
Almost a total rewrite incorporating most feedback.
Will ban more than the first five accounts now.
PHP4 compatibility now. Added a replacement function for array_combine(...)
Added checking for safe_mode and allow_url_fopen
Version 1.0
Initial Release

System Requirements

PHP >= 4.3.0, PHP >= 5.1.2 recommended.
safe_mode off
allow_url_fopen on
How do I install this?
Installation is very easy. The following may look like a lot, but they're all very simple steps. Here's what you have to do:
Download the script.
Edit the configuration variables in the file (see the next section)
Extract banbmn.php to your vBulletin "includes/cron/" directory.
Search the Admin CP menu for "Add New Scheduled Task" and click it.
Enter "Ban BugMeNot" in the "Title" field.
Change the hour field to the time your site is the least busy. (4am or something) - Leave all other date/time fields alone.
Enter the path ("./includes/cron/banbmn.php") to the script in the "Filename" field.
Click "Save"
Now run the task for the first time:
In the AdminCP menu, click "Scheduled Task Manager"
Next to the entry "Ban BugMeNot", click on "Run Now"
Wait for the task to finish; the more accounts on your forum are shared, the longer it takes.
Check your scheduled task log for details on what was done.


What can I configure?
Inside the script file is a configuration section where you can configure a variety of options that direct how the script will operate.
// Usergroup to ban shared accounts to. This needs to be a "bannable group."
$banto = 8;
This is the group all shared accounts will be banned into. You can find the Group ID with the "Usergroup Manager"
// Ban reason
$banreason = 'How about you sign up for your own account instead of using a shared one?';
This is the reason shared accounts are banend with. People who try to use these accounts will see this message.
// Custom Title (CT) for someone who is banned
$banct = 'Banned BugMeNot Account';
If you want to change the users title along with the ban, you can set the title in this variable. If you leave it blank the title will not be changed.
// Do you want extra verboseness?
$beverbose = FALSE;
This will make the script write many more messages into the scheduled task log. You can turn this on when testing the script, but you should turn it off once everything works.
// Do you want even MORE verboseness? (This will log the returned HTML too!)
// (I added this mainly for me to test if BugMeNot is trying to break my hack again.)
$moreverbose = FALSE;
Do not enable this. It will make your scheduled task log grow very large. The reason this exists as a setting at all is so you can try and find out why the script locks up. It will log the current loop iteration and the HTML code returned.
// Check password too?
// Otherwise, a username will be banned regardless of the fact the password is wrong.
// You WANT to leave this set to TRUE unless you have a GOOD REASON not to.
$checkpass = TRUE;
This setting controls if you want the password of an account to be verified as well. You should really leave this setting alone because if you disable it, anyone can add a valid username to the BugMeNot database (recall that BugMeNot is public and open to anyone) and it will be banned regardless of whether the login information is correct.
// Don't ban moderators?
// Probably not a good idea seeing as their accounts were shared.. >>;;
$dontbanmods = FALSE;
If you do not want to ban Administrators, Super Moderators, or Moderators, set this to TRUE. The default value of FALSE is fine, especially if you left password checking enabled.
// URL to your forums. (The thing you enter on BugMeNot to see accounts for it!) Set
// to AUTO to use what you set in Admin CP.
$bburl = 'AUTO';
This is the URL that is checked on BugMeNot. The default value of 'AUTO' is fine.
// Can the script sleep a bit?
// Tnabling this will make it seem less like a bot to the BugMeNot admins. DO NOT TURN
// THIS ON FOR LOADED SITES!
$dosleep = FALSE;
This determines if the script will wait between accessing URLs on BugMeNot. If you have a large forum do not turn this on. If you have a low-traffic forum (less than 300 members), you can turn this on to make it less likely that BugMeNot bans you.
// How long can it sleep?
// 3 - 5 seconds are good values. Anything bigger is dangerous and anything smaller useless.
$sleepmax = 3;
This determines how long the script waits between accessing URLs. The default value is fine.

Support & Beta Version Infos
Support: I am a fairly busy server administrator but I will try my best in supporting this script. The only thing I ask for is for people to click install.

Beta Version Infos: I could only do limited testing. Reports on how it works (positive and negative) would be nice. Also, please don't be "pissed off" immediately if the script does not work for you. Tell me that it is broken and I will fix it as soon as possible!

Jon_Simmonds
05-01-2006, 10:37 PM
nice :)

Bandit8007
05-01-2006, 11:20 PM
nice will prolly install it tomorrow.

Boofo
05-01-2006, 11:32 PM
What is BugMeNot? I've never heard of it.

thedvs
05-01-2006, 11:35 PM
its a pain in the butt site for people sharing accounts to boards both private and public.

e.g if you have paying members accounts, idiots can share them there

MissKalunji
05-02-2006, 02:11 AM
im not too sure if i understood this well care to explalin?

Torqued
05-02-2006, 02:43 AM
http://www.bugmenot.com/

Bugmenot.com - login with these free web passwords to bypass compulsory registration

Find and share logins for websites that force you to register:

vic_jay
05-02-2006, 03:27 AM
I think bugmenot is illegal. If its paid, and they are helping others share paid services that seems like contrib infringement

kall
05-02-2006, 05:31 AM
Nice idea!

Showing passwords in plain text might be considered a bit of a security risk tho.

RMS-Chef
05-02-2006, 06:20 AM
This would be nice to be able to configure it to silently move these users into Miserable Users.
Or would this achive that if instead of 8 you used a seperate group ID set for Miserable Users?

I would rather allow people to log in with teh provided username and have them have a "Miserable" experience. Expecially since most of the time you have to manually clear cookies to even log out of a Miserable acount.

Perhaps an admin PM or a bot style post in a specified forum as an alert.

Thanks for the hack.

RMS-Chef
05-02-2006, 06:27 AM
Nice idea!

Showing passwords in plain text might be considered a bit of a security risk tho.
I don't think that is much of an issue as it seems to only display the BMN publicly available password anyway. It does not seem to display a password of the account if it does not match, only the wrong password. I really think that the password check is a must and should not even be an option since anyone could simply add a bogus entry at BMN with a wrong password and get that user banned.

kall
05-02-2006, 06:32 AM
Sorry, yes.. after that explanation, I totally understand. You are right there. :)

Snake
05-02-2006, 08:00 AM
Awesome, I'll install this right away...

Rich
05-02-2006, 10:59 AM
I don't think I would need this, but the concept is pretty good.

**on a side note**
Lil Ripsta must have one of the most heavily modified sites on the net. Everytime I open a thread on vb.org, he is installing the modification. lol

Kihon Kata
05-02-2006, 03:01 PM
Wow cool! Great hack for us busy forums! One problem, it didn't work LOL

Fatal error: Call to undefined function: array_combine() in /home/httpd/vhosts/SITEHERE.com/httpdocs/forums/includes/cron/banbmn.php on line 179

help?

derekivey
05-02-2006, 06:51 PM
Nice Hack, I like it!

Derek

Kihon Kata
05-03-2006, 07:29 PM
BUMP, Is there NO support on this hack?Wow cool! Great hack for us busy forums! One problem, it didn't work LOL

Fatal error: Call to undefined function: array_combine() in /home/httpd/vhosts/SITEHERE.com/httpdocs/forums/includes/cron/banbmn.php on line 179

help?

Aurous
05-04-2006, 04:32 AM
It seems like it only grabs first 5 users from a particular domain. BMN only displays 5 usernames at a time. If you click on "No" to all of them, new usernames appear, which are not caught by this script. Hmm, I wonder how you'd go about this problem. Hack is well written, but without fixing this issue, its pretty much useless.

Zabadab
05-04-2006, 01:49 PM
Sorry, I am kind of busy you know, and vBulletin was nice enough not to send me topic reply notifications. -.-;

Wow cool! Great hack for us busy forums! One problem, it didn't work LOL

Fatal error: Call to undefined function: array_combine() in /home/httpd/vhosts/SITEHERE.com/httpdocs/forums/includes/cron/banbmn.php on line 179

help?

array_combine is only available starting PHP5. I should have made that more clear and will in the next update.

It seems like it only grabs first 5 users from a particular domain. BMN only displays 5 usernames at a time. If you click on "No" to all of them, new usernames appear, which are not caught by this script. Hmm, I wonder how you'd go about this problem. Hack is well written, but without fixing this issue, its pretty much useless.

I didn't know that. o_o;; Pretty easy to fix though. They use AJAX to "cast votes" for logins. So I can use GET requests to vote no on all accounts retrieved and do this until it no longer returns accounts. That will be implemented in the next version then I guess.

Zabadab
05-04-2006, 08:55 PM
As promissed, an update.

FIXED: array_combine() not available in PHP < 5.
FIXED: Only the first five accounts banned.

Note that I've rewritten the BugMeNot parser. It works for me, but I'd really like feedback on how it works for others. :classic:

Kihon Kata
05-04-2006, 09:07 PM
Thanks for getting on this. Wil re-install soon

Aurous
05-04-2006, 10:03 PM
As promissed, an update.

FIXED: array_combine() not available in PHP < 5.
FIXED: Only the first five accounts banned.

Note that I've rewritten the BugMeNot parser. It works for me, but I'd really like feedback on how it works for others. :classic:
Works great now. Thanks for the updates.

Another thing I noticed:
If you run the script a couple of times in short time span. The log shows "BugMeNot returned no shared accounts for your forum, ...". Where as if I go to the site and check directly, I still get a list of logins. If I keep clicking on "No" manually the list disappears and it returns no shared accounts for your site and doesnt show any result even if you close the window, clear cookies and search on BMN again. Now I tried visiting the site again from a different computer and the list shows up. I am not sure how the site works, but if they are storing sessions for a particular IP, then I wonder when they expire. It will be good to have this info in order for the script to be effective after running once.

Also, I was wondering if there are other identical sites on the net. I'm sure there must be a few around.

Zabadab
05-05-2006, 08:56 AM
Works great now. Thanks for the updates.

Another thing I noticed:
If you run the script a couple of times in short time span. The log shows "BugMeNot returned no shared accounts for your forum, ...". Where as if I go to the site and check directly, I still get a list of logins. If I keep clicking on "No" manually the list disappears and it returns no shared accounts for your site and doesnt show any result even if you close the window, clear cookies and search on BMN again. Now I tried visiting the site again from a different computer and the list shows up. I am not sure how the site works, but if they are storing sessions for a particular IP, then I wonder when they expire. It will be good to have this info in order for the script to be effective after running once.

Also, I was wondering if there are other identical sites on the net. I'm sure there must be a few around.
Yes, BugMeNot stores what accounts it returned for your IP and which of those did not work. Why it does this is a mystery to me but I like it quite a lot as it saves my hack from testing already tested accounts over and over. I doubt they save this information for longer than a week though.

In related news: BugMeNot aparently found out about this script and is now trying to stay ahead of me by changing their system every other day. :tired:

I've released version 1.2 which fixes the following:
FIXED: Infinite loop when no accounts found due to BugMeNot now returning 404 response code.
FIXED: allow_url_fopen php.ini setting is now no longer required to be enabled.
FIXED: Rewritten BugMeNot parser to use custom-coded HTML downloader.

I just have to keep trying to stay ahead of them now and hope they don't reinvent themselves every week...

Aurous
05-05-2006, 09:20 AM
In related news: BugMeNot aparently found out about this script and is now trying to stay ahead of me by changing their system every other day.

Well that was expected from them. I just hope you keep your script up-to-date for all of us.

Thanks a lot for a quick update on this hack.

Dr.Viggy
05-07-2006, 02:45 AM
installed just now after getting my first bugmenot user. thanks for this

*clicks install

Bernd Glasstett
08-15-2007, 09:59 PM
It doesn't work here. That's the error:
Database error in vBulletin 3.6.7:

Invalid SQL:
SELECT userid, liftdate FROM userban WHERE userid = T;

MySQL Error : Unknown column 'T' in 'where clause'
Error Number : 1054
Date : Thursday, August 16th 2007 @ 12:55:22 AM
Script : http://www.comicforum.de/admincp/cronadmin.php?do=runcron&cronid=22
Referrer : http://www.comicforum.de/admincp/cronadmin.php?do=modifyIP Address : 84.159.234.179
Username : Bernd Glasstetter
Classname : vB_Database

Running on vB 3.6.7 on PHP 5 and MySQL 5. Would love to use it...

Zabadab
08-15-2007, 10:20 PM
*shrugs*

I no longer use vBulletin, sorry. It does say what version this is for:
> vB Version: 3.5.4

Edit: if anyone wants to continue developing this, go ahead. I place this in the public domain.

Mecho
12-09-2007, 06:21 PM
damn . i need this hack alot .. bugmenot start to share new accounts and i dunno what shall i do to stop them !!

any idea plz ????

Hate bugmenot

Primal Rage
12-10-2007, 04:26 PM
<a href="http://www.bugmenot.com/report.php" target="_blank">http://www.bugmenot.com/report.php</a>

Mecho
12-10-2007, 10:11 PM
thanks man ... blocked their ...

:)

1F42
11-19-2008, 09:50 PM
nice one :)