vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthread.php?threadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost.php?p=1646247&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3

If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed (https://vborg.vbsupport.ru/vborg_miscactions.php?do=installhack&threadid=176481)

Reserved

Lookin' good, I'll give it a try in the morning when I wake up.

SFS is a pretty good site, it's one of the reasons my site has had 0 spammers in the last 4+ months. That was just from adding their IP database to the IP banning in the ACP. This looks much better. :)

Awesome Mod!!! This will be very useful! :D

btw, does this work on 3.7.x?

Good work, thanks

Sounds good to me! Cheers. :)

Theres no reason why it shouldnt work on 3.7

Im not licensed to 3.7 and my forum is just a collection of friends chatting now and I cant afford the (or warrant the) money to upgrade it to 3.7

Ill be making a small change to the php file today, just to update a small security issue. I didnt test if it was running in the vb framework, not that I see it as an attack vector for anything

Fantastic mod! Hope to prevent bots from registering on my board:)

If anyone installs it in 3.7 and it doesnt work (you can test it yourself by grabbing a bot name from www.stopforumspam.com) - please tell me what happens and Ill try to fix it. I wish the VB guys would let me have a copy of 3.7 on my private machine, just for coding for it but I dont think thats the case.

Please mark "External" in the modification settings if this modification is retrieving data from an external site.

i try to import from this file --product-vbstopforumspam.xml

from this direction
http://beneficiofamily.com/asd.jpg

and is show

Database error in vBulletin 3.6.9:
Invalid SQL:
CREATE TABLE IF NOT EXISTS `vbstopforumspam` (
APIKey VARCHAR( 255 ) NOT NULL ,
ExcludeIPs VARCHAR( 5000 ) NOT NULL ,
ExcludeNames VARCHAR( 5000 ) NOT NULL ,
ExcludeEmails VARCHAR( 5000 ) NOT NULL ,
PRIMARY KEY ( APIKey )
) TYPE=MyISAM;;
MySQL Error : Too big column length for column 'ExcludeIPs' (max = 255). Use BLOB instead
Error Number : 1074
Date : Friday, April 18th 2008 @ 03:28:16 PM
Script : http://www.beneficiofamily.com/new/a...=productimport
Referrer : http://www.beneficiofamily.com/new/a...?do=productadd
IP Address : 87.111.36.43
Username : avi
Classname : vB_Database

i ask in vbulletin.com forums and the say

Gomjaba
Senior Member

You will have to ask the author who actually gave you the product (probably vb.org)

what version of mySQL are you using? Ill try to back port to non-v5 (but really, v4 is ending for end-of-live support)

Currently, those fields are there to support an upcoming version. Ill remove them in 0.3 (tonight) and attempt to support mySQL4. I dont have it installed and I cant really start installing multiple versions when v4 is so old. The 1.0 release will only support mySQL5...

If you get that error, open the XML file in notepad and delete these three lines (line 21-23) or just install v0.3

ExcludeIPs VARCHAR( 5000 ) NOT NULL ,
ExcludeNames VARCHAR( 5000 ) NOT NULL ,
ExcludeEmails VARCHAR( 5000 ) NOT NULL ,

save and then import the XML

This mod appears to be incomplete and dependent on data returned from the StopForumSpam site. I would be very nervous to install it in its present condition, maybe ever. I think the premise is okay but the implementation was not thought out as well as it might have been. Its dependency on StopForumSpam is troublesome in that they are but a single incomplete resource for IP addresses of forum spammers. I have been running a pilot spambuster for several months using their IP list for a starter lookup table and they are not as "uptodate" as you would think. I get a huge number of hits from spammers that are not in their list at all. Using only the IP address is also troublesome in that some spammer footprints get through simply because they are "not on the list".

Good idea though...

do you provide an IP list that I can make the mod work with, either downloadable or accessible?

The mod is completely dependant on SFS website, its just a RBL check. spamhaus isnt always uptodate as some would like but in stops billions of spam each day and it had to start somewhere.

With the mod installed, a spammer wll bypass its checks if not known about. Without the mod, it would get on regardless, this just puts one more step in the way.

great work, I'll give it atry.

One thing that concerns me is what happens if the SFS is down, does the registration just timeout or is their an expiry on the db call which if no return is made from the SFS site registration continues regardless of username used?

If the SFS website is down, the query will time out, adding about 10-20 seconds to the registration process but the script handles that.

You can configure the action to be taken if it times out, either allowing the registration or denying it with a configurable error, which defaults to something like "We verify new registrations against a database but its currently down, please try again later, sorry for the inconvenience"

Sounds interesting. Maybe I'll give it a try later.

Well, its blocking between 2-10 registrations per day on my small site, so it does work as another annoyance for the spammers

Great mod!

Quick question: Is the check for username/ip/email an "AND" check or an "OR" check? In other words, do all 3 have to match in order for someone to be blocked, or can any one match for a block? If it's an "OR" check, I probably will turn off username check as that could block a lot of potentially legit users.

Thanks!
-vissa

I installed this on 365 (which does have the needed hook). However, I tried registering myself more than once and it allowed me through after a relatively long wait. I did set the system to allow registration if there is a timeout/error. However, I don't see any record of the two attempts in the "vbStopForumSpam Logs".

Is the server still working with this? How can I test to make sure this plugin is still working and not just timing out every time?

Thanks
-vissa

It appears to only log blocked accounts. I can verify that it is working with 365.. Now to test with 3.7!!

-vissa

I will have to look at the code when I get home tomorrow but it should log timeouts. Ill reverify this and if its not the case, then make sure it logs this. Ill add an option to log everything as well, all tests, all timeouts etc, this will tell people exactly whats going on.

I have had at least 1 user report their friend could not register due to a fatal error.. This is using 3.6.5 w/vbseo

Errror below (some details changed to xxx)

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 1: parser error : Space required after the Public Identifier in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 1: parser error : SystemLiteral " or ' expected in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 1: parser error : SYSTEM or PUBLIC, the URI is missing in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 11: parser error : Opening and ending tag mismatch: HR line 9 and BODY in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: </BODY></HTML> in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 11: parser error : Opening and ending tag mismatch: P line 8 and HTML in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: </BODY></HTML> in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 12: parser error : Premature end of data in tag P line 7 in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 12: parser error : Premature end of data in tag P line 6 in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 12: parser error : Premature end of data in tag BODY line 4 in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: Entity: line 12: parser error : Premature end of data in tag HTML line 2 in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: in /includes/functions_vbsfs.php on line 42

Warning: SimpleXMLElement::__construct() [function.SimpleXMLElement---construct]: ^ in /includes/functions_vbsfs.php on line 42

Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /home/zzz/public_html/zzz/includes/functions_vbsfs.php:42 Stack trace: #0 /home/zzz/public_html/zzz/includes/functions_vbsfs.php(42): SimpleXMLElement->__construct('<!DOCTYPE HTML ...') #1 /home/zzz/public_html/zzz/includes/functions_vbsfs.php(114): getSFSXML('http://www.stop...') #2 /home/zzz/public_html/zzz/includes/functions_vbsfs.php(175): checkSFSSpam('Gypsy Rose', 'username') #3 /home/zzz/public_html/zzz/register.php(349) : eval()'d code(28): sfsProcess() #4 /home/zzz/public_html/zzz/register.php(349): eval() #5 /home/zzz/public_html/zzz/vbseo.php(1110): require('/home/zzz/...') #6 {main} thrown in /home/zzz/public_html/zzz/includes/functions_vbsfs.php on line 42


.AOLWebSuite .AOLPicturesFullSizeLink { height: 1px; width: 1px; overflow: hidden; } .AOLWebSuite a {color:blue; text-decoration: underline; cursor: pointer}

Looks like the above error only occurs for usernames that have a SPACE in them... You can temporarily turn off the username check to avoid this for now (though a few extra spammers might get through).... A bug in the code somewhere?

-vissa

0.4 uploaded and it should fix this issue

First off, thank you. Great Mod.

A couple of responses to previous comments as well as a few suggestions.

Regrading not StopFormSpam not having a complete list of SPAM IP/Email/Names, this is a moving target and a service is only as good as the data that feeds it and the sources that generate that data. It seems like the more of us that use this plug in (with our API keys enabled) the more we build up the StopForumSpam database.

Regarding usage when SFS is offline, perhaps caching a copy of the IP CSV locally (refreshing once an hour (or other configurable threshold)

I thought about caching the IP stuff locally. Im not sure if russ would appreciate an hourly download but a daily one might be viable. Ill look how I could add it to v1 :) It shouldnt be too hard as it caches IP data anyway.

Doesnt seem to work on 3.7 RC1.. just hangs up after you fill out the registration form.

Thanks pedigree, left it over at the SF Forum, but to echo it here:

Couple more suggestions:

1) Make the usernames in the VBStopForumSpam Log linkable to the user record so that when reviewing the log we can easily click to open that user and delete / ban

2) When adding the ability to "Add user to StopForum" I would love to see it in 2 places: a) the thread/post itself for deleting thread/post, deleting (or banning?) user and reporting to StopForum in one click b) the user drop down within a thread/post to delete and report user c) in the User record in Admin to select delete and report as a drop down option.

I had 10 or so slip by this morning and was looking high and low for the submit to SF option only to come back here and see it has not been added yet, doh!

Thanks pedigree, left it over at the SF Forum, but to echo it here:

Couple more suggestions:

1) Make the usernames in the VBStopForumSpam Log linkable to the user record so that when reviewing the log we can easily click to open that user and delete / ban

2) When adding the ability to "Add user to StopForum" I would love to see it in 2 places: a) the thread/post itself for deleting thread/post, deleting (or banning?) user and reporting to StopForum in one click b) the user drop down within a thread/post to delete and report user c) in the User record in Admin to select delete and report as a drop down option.

I had 10 or so slip by this morning and was looking high and low for the submit to SF option only to come back here and see it has not been added yet, doh!

#1 - not a problem, that can be easily added. Its going to POST a form to the user search function as the user is assigned an ID after vbSFS has completed its processing. I would have to add another plugin to link to a user id directly. You shouldnt really notice any difference unless you click a user that was blocked and then the search would return no results.

#2 - I can add that with a two forms. I emailed russ about remote form submitting and never got a reply. If he changes the way the form is submitted (ie hidden input values, cookie verification etc) on his site, then any form I make will instantly be broken. I was hopnig that he would finalise a submit API. Until then, I guess we can work around those :)

Doesnt seem to work on 3.7 RC1.. just hangs up after you fill out the registration form.

I dont have a license for 3.7 Im sorry so there is no way that I can even update the script. Unless vbulletin.com let people run a copy on a private network, Im sprry but a LOT of mods will never get ported beyond 3.6.x :(

I *might* be able to use a friends board but hes not purchased any upgrades.. Hes thinking about it.

Ive just had an email back from vbulletin.com who specifically said that if I wanted to write mods for 3.7, then I would have to pay to upgrade my license. Im not willing to pay a lot of cash to upgrade my forum (thats not used anymore) just in order to write free, non-paid mods Im sorry.

#1 is done and is with someone for testing, will be in v0.5

#2 As I mentioned in the original mod post, there are plenty of ban/delete/clean up mods out there, all linking from thread/post/forum pages. Ill see how I can add the report to the website without breaking any of the 1-click ban/delete mods... if I did, I would be very unpopular. This will require template changes so Ill try my best.

ive looked at th one-stop clean/ban plugin and it looks like I can add a "submit to stopformspam" in much the same way, in the same places. its not a small piece of code change so it might take me a little while Im afraid.

Anyone confirm whether this works on 3.6.2? I know I'm a little behind on upgrades.... but this would invaluable!!!

Just used the Stop Forum Spam site to remove one today, would be great to have it automated!

edit register.php and search for register_addmember_process and register_addmember_complete - if you find them in something that says hook on the same line, then it should work.

This is a great mod. Can you pretty pretty please port it to 3.7 ?

So StopForumSpam.com has stopped responding (5/23 4amPST) for the last 30 min or so (DOS??). The result is that registrations are failing with a blank white screen.

Errors being thrown are:

Database error in vBulletin 3.6.10:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), '124.8.230.120', '0', 'ip');;


Tried adjusting time out settings with no success.. bummer.

edit register.php and search for register_addmember_process and register_addmember_complete - if you find them in something that says hook on the same line, then it should work.

Thanks will give this a bash ... if and when the site comes back up!

Site is back up, albeit a bit slow at the moment.

No mention of what happened on the SFS forum.

Denial of service?

Since installing this I wasn't getting any new registrants where I had multiple eaach day. I tested it and when any of the checking features is enabled I get this error:

Fatal error: Cannot instantiate non-existent class: simplexmlelement in /home/content/XXXXXXX/html/forum/includes/functions_vbsfs.php on line 47

What gives?

edit register.php and search for register_addmember_process and register_addmember_complete - if you find them in something that says hook on the same line, then it should work.

I checked and both hooks are present, although I had to edit the xml file to change the version from 3.6.5 to 3.6.2 - but installed ok, after a quick text using an email address off the stop spam site ... I got the same error as above -

Fatal error: Cannot instantiate non-existent class: simplexmlelement in /homepages/13/d103069509/htdocs/includes/functions_vbsfs.php on line 47

After a quick check it would appear that the class simplexmlelement is only in PHP 5 upwards ... I'm on 4.4.8 -- so this isn't compatible.

Ill add a test in the code for the php5 function, if it doesnt exist, then it will have to skip. Php4 is end of live. If I get the time, Ill right a replacement for it but it seems pointless in doing that when php provides a perfectly good function

So StopForumSpam.com has stopped responding (5/23 4amPST) for the last 30 min or so (DOS??). The result is that registrations are failing with a blank white screen.

Errors being thrown are:

Database error in vBulletin 3.6.10:

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO vbstopforumspam_remotecache (date, data, spambot, field) VALUES (now(), '124.8.230.120', '0', 'ip');;


Tried adjusting time out settings with no success.. bummer.

Hmm, strange. I setup my firewall to drop all connections to SFS to test connection errors. Are you usign curl?

I suspect dropping connections (immediate failure) is probably exhibiting different behavior than a request stalling out from a delayed response?

I'm using default settings, so CURL if available.

My server is configured:


cURL support enabled
cURL Information libcurl/7.15.3 OpenSSL/0.9.7a zlib/1.2.3

Ill add a test in the code for the php5 function, if it doesnt exist, then it will have to skip. Php4 is end of live. If I get the time, Ill right a replacement for it but it seems pointless in doing that when php provides a perfectly good function

I'm not sure I understand what you mean, are you going to write a fix? I'd love to use this mod. I've got some pensy pests from germany and china, they were being blocked but otehrs couldn't register because of the error.

Thanks

Marck

ill write some code to check if youre using php5... if not, then Im still undecided what I should do. Tomorrow, I might write some code to parse the XML without php5 functions.

But you REALLY should move to php5

skippy - Ill test how it handles complete junk response and fix them up.

Aha! I was assuming I was on PHP 5.2 but i was not, somehow it was running on 4.8 (the other guy must have messd with the settings) changed it back, works like a charm now. Thanks :)

This is a very cool hack but I'm holding off until you get the bugs out.

Im on a heavily modified 3.6.5 so please keep developing this for 3.6 Looking forward to the stable release. :up:

From Russ regarding the slow down the other day:


DimeNOC, the datacenter where our server is hosted, experienced a massive power outage at around 8AM EST Friday morning. When the generator kicked on the UPS couldn't sustain the load and tripped about 40% of their servers. When ours finally came back up, a duplex mismatch caused the site to slow down to a crawl. Everything finally came back to normal though.

But you REALLY should move to php5

Easier said than done when you're hosting with 1and1 who very likely won't upgrade if I ask nicely!

Ill back port the XML to work on PHP 4 and add a lot of error checking for results that arent a timeout or a valid XML response.. That should work things more stable and more people happy :)

Just for the folks "waiting for a more stable version"

I have been running this for a week or so on a live site with 10,000+ unique visitors a day. I average 100 spam registrations a day. I am running this plugin (VB 3.6.10) and the only issue I had is when stopforum.com went offline due to the power outage.

It cut my bogus registrations down > 50% .. anxiously awaiting the ability to add to stopforum direct from vbulletin!

Thanks for all of you great efforts pedigree!

Thanks skippy :)

Ive just completed v0.6, ready for testing

And just for skippy, Ive started on the code to integrate a submit form directly to the UI. Should be ready shortly, dependant on my work load in the office and my laptop battery life on the train :)

Installed and running.

Only feedback so far is the Db issue requiring uninstall before upgrade and the loss of historical logs when doing so.

Had a couple get caught already, seems to be doing its job.

I was pondering the logs situation. I guess I could code around them.. Dont delete them on uninstall and if I ever have to change the log database table, I can test for and then upgrade just that table....

Ill do that from now on with specific mention in the instructions that an uninstall wont remove the logs table, with instructions on just how to do that

Just installed, we'll see how it goes! Gotten a lot of human spammers in the past couple of days, but most are on that blacklist.

Just some notes to fix up the instruction file:

OLD: 6 - You can edit the default rejection message by Admin Control Panel / Languages & Phrases / Error Messages / vbstopformspam_reject and vbstopformspam_reject_connectionerror

NEW: 6 - You can edit the default rejection message by Admin Control Panel / Languages & Phrases / Phrase Manager / Front-End Error Messages / vbstopformspam_reject and vbstopformspam_reject_connectionerror

OLD: Edit template MEMBERINFO
NEW: Edit template MEMBERINFO_BLOCK_STATISTICS

OLD: edit [admin folder name]/users.php
NEW: edit [admin folder name]/user.php (no 's')

Thanks Wired1 - Ill make those changes right now.

With the next version, the templates will be automatically modded so no template changes will be required. Those that have changed them manually can safely revert, making vb patches much easier

Thanks Wired1 - Ill make those changes right now.

With the next version, the templates will be automatically modded so no template changes will be required. Those that have changed them manually can safely revert, making vb patches much easier

Found the log, DAMN, in a 12 hour period, 21/46 registration attempts were blocked, SCHWEET :)

However, some names are duplicated, assuming this is because the registration page reloaded because the user didn't type in the password right or something.

Also, the permissions aren't working right for me. The buttons show up on the statistics page regardless of group. Rebuilt bitfields, no go.

Found the log, DAMN, in a 12 hour period, 21/46 registration attempts were blocked, SCHWEET :)

However, some names are duplicated, assuming this is because the registration page reloaded because the user didn't type in the password right or something.

Also, the permissions aren't working right for me. The buttons show up on the statistics page regardless of group. Rebuilt bitfields, no go.

The duplicates will come from two places
- The user refreshing and trying to reregister.
- Policy allowing a spammer. It will allow Spammer Allowed by Policy and then a Registration complete. This is to show that it has completed properly.

Ill retest the postbits, can you PM me a link or a small JPG, so that I can really concentrate on whats causing that error. Im going to remove the postfits and move to an options based group config. This will give a per group and a per user ganular control list and should work better for whitelisting control and group/user exclusion (dont want to submit your admin account right? :) )

It's the code for the MEMBERINFO_BLOCK_STATISTICS edit. I just removed the code for the time being, as it's not needed for the auto-blocking of spammers :)

I was trying to slap the edit into $template_hook[profile_stats_last] for awhile as well :)

Hmm, Ive done something bad here.

In between testing, copying/pasting from the server to my local machine to ZIP up the files, Ive made a bad mistake in the instructions

ALL THOSE THAT MODDED THEIR TEMPLATES, NEED TO DO THIS

Edit template MEMBERINFO

- Find this and delete


<if condition="$permissions[vbstopforumspamviewpermissions]1">
<div class="fieldset">Last IP Address : $bbuserinfo[ipaddress]
<a href="http://www.stopforumspam.com/ipcheck/$bbuserinfo[ipaddress]" target="_blank"><img

src="$stylevar[imgdir_statusicon]/vbsfs_view.gif" alt="View IP details at www.StopForumSpam.com" border="0">
</a>
<if condition="$permissions[vbstopforumspamsubmitpermissions]"><a href="#not_working_yet_$bbuserinfo[ipaddress]"><img

src="$stylevar[imgdir_statusicon]/vbsfs_submit.gif" alt="Submit spam user details to www.StopForumSpam.com" border="0"></a></if>
</div>
</if>


Or revert the template if youve made no other changes

God knows what I was thinking but unless you do this, people will see IP numbers of visitors.

Ive very sorry for this and thanks to Wired1 for making me think about it.

Ill be removing this from the instructions, reloading v0.61 without any template changes. In v0.7, the template changes will be automatic and verified completely

Ahh, thats why I think I didnt mod that block in the mod. :)Instructions need to be clarified then (at least for 3.7.x). Currently they say edit MEMBERINFO and look for:
<if condition="$vboptions['usereferrer']">

Looks like as of 3.7.x, they moved that code into the template I mentioned.

Thanks pedigree!

I have been blocking, using other mods, quite a lot of spammers coming from China lately. Will add this mod as an additional line of defense.

:up:

Instructions need to be clarified then (at least for 3.7.x). Currently they say edit MEMBERINFO and look for:
<if condition="$vboptions['usereferrer']">

Looks like as of 3.7.x, they moved that code into the template I mentioned.

Well, I completely bollocks up one of the most basic mistakes in PHP, the = and == comparisons :( If you modded the MEMBERINFO template, you need to undo the changes (or revert the template if no other changes have been made to it)

Ive uploaded v0.61 without template mods in the instructions, have notified those with "installed" to undo the template changes.

The core backend code will work on 3.6 and 3.7 and Ive code most of the code written for 3.7 that integrates a tab in the User Profile, based on the group list in the options (new configuration lists in v0.7) Until then however, Ill be testing the access controls like a nut job trying to get out of a box. All the template changes will be automatically parsed with hooks.

Why remove that section of code? Just add conditionals around it, that'll hide it from normal users
<if condition="can_moderate()"> .... </if>

Why remove that section of code? Just add conditionals around it, that'll hide it from normal users
<if condition="can_moderate()"> .... </if> and

That as well but I wanted to make sure that nothing sneaked out... It was "Panic stations"

Ive uploaded v0.61 without template mods in the instructions, have notified those with "installed" to undo the template changes.Was that the only template edit in the old instructions?

When attempting to upgrade from 0.6 to 0.61, I get this error:

Database error in vBulletin 3.7.0:

Invalid SQL:
ALTER TABLE usergroup ADD vbstopforumspamviewpermissions INT( 10 ) UNSIGNED DEFAULT '0' NOT NULL;

MySQL Error : Duplicate column name 'vbstopforumspamviewpermissions'
Error Number : 1060
Request Date : Tuesday, May 27th 2008 @ 03:11:56 PM
Error Date : Tuesday, May 27th 2008 @ 03:11:56 PM
Script : <ADMIN CP LOCATION>/plugin.php?do=productimport
Referrer : <ADMIN CP LOCATION>/plugin.php?do=productadd
IP Address : 97.100.166.130
Username : Wired
Classname : vB_Database
MySQL Version : 5.0.51b-community-nt

It was only the template edit, you dont need to reimport from 0.60 to 0.61

Although Im suprised to see that error. Ill have to add a check to test for suplicate posbfits like that.. It shouldnt ever happen

The uninstall drops those two columns from the database


$db->query_write("ALTER TABLE " . TABLE_PREFIX . "usergroup DROP vbstopforumspamviewpermissions");
$db->query_write("ALTER TABLE " . TABLE_PREFIX . "usergroup DROP vbstopforumspamsubmitpermissions");


You might have to run drop uninstall/reinstall and if that fails, drop them from phpMyAdmin.

Im going to look how that could possibly happen

Theyre going to be gone in v0.7 anyway.

Great work - I think this is very promising.

@pedigree: You got PN, I think I have something for you ;)

Wired I can only think that you didnt uninstall, thus it tried to recreate the postbits. Ive set the XML to ignore DB errors in the case of a force reinstall/overwrite

Is there any plan to port this to 3.7 ? In the interim I'm downloading the IPs and domains manually from StopForumSpam.com

v0.61 should work just fine in 3.7. I have access to someones 3.7 development board as it seems to be working great. Ive started on a specific 3.7 version that adds functionality to the user options as a tab - thats coming along nicely and I should have code out within a week, the 3.6 code isnt as easy to add.

It will have the ability to submit details to the remote site and test users details against the remote database if you think they managed to sneak past before the site was updated.

Ive got it going on 3.7.0, he hasnt pulled 3.7.1 yet as hes in the middle of fixing the templates

v0.61 should work just fine in 3.7. I have access to someones 3.7 development board as it seems to be working great. Ive started on a specific 3.7 version that adds functionality to the user options as a tab - thats coming along nicely and I should have code out within a week, the 3.6 code isnt as easy to add.

It will have the ability to submit details to the remote site and test users details against the remote database if you think they managed to sneak past before the site was updated.

Ive got it going on 3.7.0, he hasnt pulled 3.7.1 yet as hes in the middle of fixing the templates

Just tested on 3.7.1 and it works great!

From an email I sent about recent site activity:

Interesting side effect, since rolling in the new spam prevention I'm 110% effective at registration for the last day or 2. (I say 110% because I'm getting some false positives)..

Then everything stopped. All of the spam registrations went away for a couple of hours...

...then I got slammed with a storm of delivery failure notices. Apparently I angered the SPAM gods and they went from fake registrations to sending out on my behalf. I'm at 27,980 at the time of this writing. (No new spam registrations during this whole storm).. interesting to see how things shake out and if the fake registrations start back up again.


The number died down at 194,270 failed message delivery messages (someone sending with my domain name as the sender/reply to.

Sadly fake registrations started up again but still most are getting caught.

Question. Is it possible to auto ban users based on their email domain suffix (.cn)

I know I can prevent them from signing up with this using the out of box, but I prefer to let them continue to use a suffix I can recognize and am ok with bulk banning and then dump them in ban right away. The spammer (unless they read this post :-?) will not know why they are being banned and this will be quite a big net for me at present time.

Any suggestions?

Question. Is it possible to auto ban users based on their email domain suffix (.cn)

I know I can prevent them from signing up with this using the out of box, but I prefer to let them continue to use a suffix I can recognize and am ok with bulk banning and then dump them in ban right away. The spammer (unless they read this post :-?) will not know why they are being banned and this will be quite a big net for me at present time.

Any suggestions?Personally, I use the User Banning Options and block certain IP ranges / domains from there.

So, you're wanting to LET them join, and then BAN? Why?


Hey pedigree, the log only shows their username as a link if they've completed the registration process, correct?

Because right now they are using .cn domains 95% of the time so it is easy to take a swipe at good versus bad in the registrations that slip through.

If I ban .cn via vbulletin options they will not be able to register and will switch to alternate domains (this is what happened when I tried to use the Vbulletin banning) and the trend may not be as easy to spot

Today, even though the majority of the registrations are banned as soon as they sign up, they continue to use .cn domains.. my logic is that if I auto ban .cn I can make sure the large majority of attempts are caught without ever having to check an RBL or remote service.

This is all subject to the trend variation obviously.

IP addresses were much to hard of a moving target for me. I spent some time trying to amass large lists of proxies and such (thousands and thousands of addresses) and adding them every time one slipped through. A lot of effort for not much success.

I believe very much in the centralized model where a few take the pain for the many so we stop them in their tracks the first time someone reports an issue.. seems to be doing the trick so far for me!

Where are the signup logs stored and where can I view them please ?

Where are the signup logs stored and where can I view them please ?

AdminCP -> Statistics & Logs -> vbStopForumSpam Logs

Looking at the logs....

25 out of 36 signups have duplicate log entries.

Half of the entries that were successful do not have a link to their user entry in the admin cp

Duplicates in the logs is explained a couple of posts up.

Not being linked, if your configuration is anything like mine, is a result of multiple checks during registration (in my case StopForumSpam and RBL).. You will see a "Registration successful" if it made it past StopForumSpam, but if RBL caught it then there is no link.

So basically, if the user does not exit then there should not be a link to the user (easy concept I just made sound REALLY complicated I think.. heh.. )

Duplicates in the logs is explained a couple of posts up.

Not being linked, if your configuration is anything like mine, is a result of multiple checks during registration (in my case StopForumSpam and RBL).. You will see a "Registration successful" if it made it past StopForumSpam, but if RBL caught it then there is no link.

So basically, if the user does not exit then there should not be a link to the user (easy concept I just made sound REALLY complicated I think.. heh.. )

Skippy has it. There is no link in the logs as no user account was created.

Duplicate logs for each user isnt really a duplicate. If you have a "log but allow" policy or a user that is registering is beyond the cut off date allowed (ie listed on sfs.com website with a lastseen of X days ago, where X is bigger than the configuration in your forum), then it logs this and continues with registering / adding the user, where it logs a new user registration.

Successful registration is there as a request from people, so that they can click through to users even if they generated no warning, a "one stop" portal page if for no better description. I will add an option to disable that in the next version if you like

Looking at the logs....

25 out of 36 signups have duplicate log entries.

Half of the entries that were successful do not have a link to their user entry in the admin cp

And these users exist? The registration check has two parts (as it uses two differnt vb hooks).

The first part does all the work, queries the server and logs if it finds a spammer, blocked or allowed.

The second part does one thing, it logs succesfully created users and attempts to join that user with its username logged in step 1 by the means on a unique token in the logs. If a new user is created and you can see it in the user options and there is no link in the logs to that user for a log entry, then there is a bug that I will have to address.

Hey pedigree, the log only shows their username as a link if they've completed the registration process, correct?

It should be that way, yes. but Im going to go back to the code and figure out if thats not the case all the time.

For those finding users registering, please verify their userid and if there is a link in the logs to the usercp for them. If you find a valid user and no link to the user cp, please PM me with the exact version of vBulletin and a copy/paste of the log entries.

I've been using this mod for a few days now, it's really doing a great job thus far. I'd highly suggest adding an option to allow the flagged registration to go through but have them go into a special usergroup we set up.

abrecher - Ill add that to v0.7,which is coming along nicely.

Its got GUI integration now (both in 3.7 and 3.6 in the same package), just need to add permission controls to that and recode the backend record / caching as Ive rewritten a lot of it to cut down on the number of remote calls and to allow for further changes if and when theyre made. Youll be able to submit details to the remote website from the GUI, once I get a response from the guy who runs stopforumspam.com

Ive just looked at the source for 3.7, specifically this

// assign user to usergroup 3 if email needs verification
if ($vbulletin->options['verifyemail'])
{
$newusergroupid = 3;
}
else if ($vbulletin->options['moderatenewmembers'] OR $vbulletin->GPC['coppauser'])
{
$newusergroupid = 4;
}
else
{
$newusergroupid = 2;
}

There is the ability to change the user group after this but we could run into a problem. The default "new user" group is 2 but as you see, if there is COPPA or VerifyEmail set, a new user goes into a different group. Moving a user out of VerifyEmail to another group, will (but Ill have to double check) bypass email verification testing. Still, I guess if youre moving new users into a group, theyre not going to have any posting ability as part of the permissions of the special group.

Ill add it, disabled by default, with an explaination of the ramifications of a different default group, blocking admin/mod/supermod groups in the code (because otherwise, that would be bad)

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

Please read the post right before yours.

This plugin stops approximately 15-35 spammers from signing up to my forums DAILY! I'd HIGHLY recommend it to anybody with a busy forum. I'm using it without any issues on VB 3.7.1 . Thanks again to pedigree!!

Youre welcome and thanks for the feedback, its always nice to hear from people that appreciate the effort involved. If you think v0.6 is good, wait until v0.7 :)

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

The only real thing stopping it being included right now is that the guy who runs stopforumspam.com doesnt have an API system for submitting data yet. What I am doing in v0.7 is using cURL to submit data to his online HTML form. Its not ideal for a couple of reasons

- If he changes the form code, its values or does referring checking, it breaks all the template code. The results have to be parsed out of HTML code, rather than the current read API where the results are in a known XML format
- If you dont have cURL installed on your webserver, then you have to use a local form in your template, which exposes your API key to anyone you grant vbStopForumSpam access to. This would then allow them to use your key to create false records on the stopforumspam server (if they wanted to be malicious)

Its not me delaying the ability to submit data, its just waiting on the finalised API from russ (who seems to be a very very busy guy)

Thanks for explanations pedigree. If it's possible to add this feature in the future, this mod will be the most efficient weapon against spammers.

Keep up the good work.

Modification Request:

Perhaps a way to sort the columns of the log, as well as a way to show the top 10 blocked IPs / email addresses / user names?

Also, a way to graph some of the stats, and search within a time frame? I'm guessing there's functions already built in that do these, based upon the standard vB logs.

Wired, way ahead of you there, well, a bit.

I was thinking about the table structure for graphing the statistics just last night. I did this for an intranet helpdesk system at work and the management loved the graphing more than the 8 months actual work, typical :)

I hope to have both a html table and a GD bar graph. Im also going to add support for GeoIP to report by country and much better sorting in the logs system. Ill certainly add a date search timeframe to the logs as well.

Ill sneak in an option to PM users each day with a breakdown on the blocked/logs registrations as well.

Support for GeoIP to ban based on Geological Data would be great, too.

One stop solution against Spammers :)

Support for GeoIP to ban based on Geological Data would be great, too.

One stop solution against Spammers :)

That can be done as a comma delimited list of country codes

eg

cn,kr,br,ar,ru

Sounds great :)

Support for GeoIP to ban based on Geological Data would be great, too.

One stop solution against Spammers :)Don't forget about proxies...

Most of our spammers either don't find a proxy (open ones are getting rare) or didn't use one.

installed / tested. awesome mod, exactly what i was looking for when searching for spam. kudos to you.

note: to all of those complaining, it is almost impossible to stop -every- spammer with one simple program/script. this just adds on to the help of ridding the annoyance.

Don't forget about proxies...

I can put RBL lookups in there as well but I think there is already a mod for that.

The GeoIP has some anonymous proxies, which I can use to add additional tests. If someone has the GeoIP full version and would like to test the mod against that, then even better.

Maybe I could add functionality to check new posts against the surbl website RBL as well... maybe after v0.7

installed / tested. awesome mod, exactly what i was looking for when searching for spam. kudos to you


Thanks :) Now click Installed :cool:

@pedigree: I just checked, the last NN spammers weren't clever enough to use a proxy. Mayber they are even in countries where they cannot/must not use proxies...

@pedigree: I just checked, the last NN spammers weren't clever enough to use a proxy. Mayber they are even in countries where they cannot/must not use proxies...

Thank you Great Firewall of China.... Adding a check box to "Block anonymous proxies" isnt a huge code change with all of the code rewrites Im doing. Ill add it, you never know, it might get a spammer

My weekly praise to pedigree and the amazing work on this mod.

Just took a look at the last few days activity:

Out of 6740 attempted registrations:


1850 of them were valid users
100 were blocked due to email
3200 were blocked due to IP
1590 were blocked due to username


Thank you Great Firewall of China.... Adding a check box to "Block anonymous proxies" isnt a huge code change with all of the code rewrites Im doing. Ill add it, you never know, it might get a spammer

For what it is worth, I use a real time analytic tool GetClicky (http://getclicky.com/28494). One thing that I do when determining if a user was improperly rejected is to check the IP address and see if there is activity on my site. 100% of the time so far they do not show up, most likely indicating that they are blocking javascript from executing. I'm not sure if this is helpful information as a secondary check or not as it seems that it may catch users with outdated browsers as well, but so far is a good canary for me.

$bbuserinfo[ipaddress]

That gives me my own IP address instead of the users (in userinfo template), what's the correct var for the members ip addy?

I realize a lot of these suggestions are dependent on a better API / submission system from StopForumSpam.com :)

Suggestion: Once a submission function is built in, perhaps add an additional layer of analyzing to it? Example:

User1 / Email1 / IP1 was found to be a spammer via IP today. 3 hours later, they attempted to register again. User1 / Email1 / IP2.

So, if someone that's attempting to join passes, a last check would compare their user name and/or email and/or IP to previously blocked registrations. This way, they could be shut down from registering under slightly different credentials. An option in the adminCP could be added so the Admin can say how many days back in the log file to check (if not the whole thing).

Suggestion: If a submission is blocked, grab the rest of the offending info from the StopForumSpam site, and compare against the suggestion. If it doesn't all match, submit the submission's info so the StopForumSpam site is more complete.

Suggestion: Also, perhaps a function that would compare only allowed registrations to the StopForumSpam site. After all, some spammers make a login, and then don't spam for days. If another forum has caught them and flagged them, now you can be aware of this "sleeper" member and ban them. Notice could come via PM or New Thread post (akin to the Multiple Login AE mod here).

Not sure what would be best: checking on a CRON (or something similar), or only checking via a manual button. Perhaps an additional table column, so that if an allowed registration was checked 3 times after the account was created, it won't be checked again (so as to limit bandwidth and resources, both on the forum and StopForumSpam's site). Also, an option for the admin to manually OK an account, so it's bypassed in this check (or automatic, e.g. 20 posts in the forum, or in a certain group, or whatever).

Suggestion: A search for the log would be nice as well :)

Suggestion: Once the manual / auto submission tool (and possibly some of the others I've suggested) are in place, color code (or whatever) the log? Example: Spammers I've submitted in red, (easily customizable by admin via FFFFFF), or mark by symbols (searchable of course), ones thoroughly checked in green, etc.

The obvious risk is that users that were originally flagged incorrectly that you manually approved would get caught. If this kind of checking happened it would need to only affect users of a certain user group(s).

My vote would be to tie the "re-check" to an activity that would warrant concern (posting, PMing, etc)..

Scenario being a "Registered" group and a "Promoted Registered" group. Users in registered group are checked against StopForum before being allowed to post. Failures can either be quarantined or prevented.

Set up a promotion schedule (time, # posts, whatever) to move users to Registered so your trusted users don't pay performance penalties.

You're talking about the comparison down the road? It doesn't have to auto-ban them or anything, just notify the admin of this new information. They can decide depending on the user's posting habits, the frequency that they showed up on the list (that's already part of the API), a simple google check, etc.

I realize a lot of these suggestions are dependent on a better API / submission system from StopForumSpam.com :)

Suggestion: Once a submission function is built in, perhaps add an additional layer of analyzing to it? Example:

User1 / Email1 / IP1 was found to be a spammer via IP today. 3 hours later, they attempted to register again. User1 / Email1 / IP2.

So, if someone that's attempting to join passes, a last check would compare their user name and/or email and/or IP to previously blocked registrations. This way, they could be shut down from registering under slightly different credentials. An option in the adminCP could be added so the Admin can say how many days back in the log file to check (if not the whole thing).

Suggestion: If a submission is blocked, grab the rest of the offending info from the StopForumSpam site, and compare against the suggestion. If it doesn't all match, submit the submission's info so the StopForumSpam site is more complete.

StopforumSpam.com doesnt have the functionality to pull all the other details for spammers based on just one field. We cant get a list of IPs that SpammerX has logged in from. I can however, put all the details for a failed registration into the database. To be useful over a 24 hour period, I might think about changing the local cache from 90 minutes to 24 hours.



Suggestion: Also, perhaps a function that would compare only allowed registrations to the StopForumSpam site. After all, some spammers make a login, and then don't spam for days. If another forum has caught them and flagged them, now you can be aware of this "sleeper" member and ban them. Notice could come via PM or New Thread post (akin to the Multiple Login AE mod here).


When I get all the template code working, there will be options for mods to examine users, refresh SFS.com data and act on that. In order to run proactive scanning against all the users against all SFS.com data, would require more work both on my time (I have a baby due in 6 weeks) and in cron execution time. Unless you have the Ajax cron mod installed, running a job like that would kill so poor users session. Maybe in v1+ Ill be able to add an automated pull from SFS.com of their IP lists. Anything more would be a lot more code. I want to get the next version out, working before baby is born because after that, well, I wont have much more time until I go back to work.


Not sure what would be best: checking on a CRON (or something similar), or only checking via a manual button. Perhaps an additional table column, so that if an allowed registration was checked 3 times after the account was created, it won't be checked again (so as to limit bandwidth and resources, both on the forum and StopForumSpam's site). Also, an option for the admin to manually OK an account, so it's bypassed in this check (or automatic, e.g. 20 posts in the forum, or in a certain group, or whatever).

Suggestion: A search for the log would be nice as well :)


Ill add a search to the logs after I get all the new code working


Suggestion: Once the manual / auto submission tool (and possibly some of the others I've suggested) are in place, color code (or whatever) the log? Example: Spammers I've submitted in red, (easily customizable by admin via FFFFFF), or mark by symbols (searchable of course), ones thoroughly checked in green, etc.

Auto submit can be sorted and logs updated to reflect that, its not a big, as long as you have cURL installed. Without cURL, automated submission will be extremely difficult, something that can be done but something that Im not really wanting to code for.

main goals for the next couple of weeks, is to get the core rewrite sorted, the 2.6 and 3.7 template changes sorted so that they rewrite templates on the fly, allowing mods to view all the data about the user, do whois/google searches, updating SFS.com data and submitting them manually, better loggind support and statistics reporting. Auto submitting user data to SFS.com might sneak in there but any companion, posting, PM etc will have to wait until all that is stable.

I spend 4-5 hours a day on a train to/from work so my time is a bit limited but Im trying to get it all sorted and out asap.

$bbuserinfo[ipaddress]

That gives me my own IP address instead of the users (in userinfo template), what's the correct var for the members ip addy?

Yeah, thats why I posted an update to v0.61 saying that you should remove the template changes. In the next version, all the templates changes will be automatically made. Ill have a couple of people who said they will help me in the testing, which will ensure I dont make some an awful screwup again :)

I think it might be $userinfo[host] but Im not on my machine, that could be wrong.

My weekly praise to pedigree and the amazing work on this mod.

I'm not sure if this is helpful information as a secondary check or not as it seems that it may catch users with outdated browsers as well, but so far is a good canary for me.

Thanks for the numbers, gives me a warm fuzzy knowing that I might be p*ssing off at least one spammer. Maybe he might get so depressed at not being able to register and will just kill himself, fingers crossed

vBulletin works without javascript and this would block everyone using NoScript in Firefox (like myself, I wouldnt be without it). Ill put it in the bugtracker as a "maybe feature" for a future release though, maybe with a notice in the new user that says "Javascript is required for this registration" where isubmit button disabled by default, javascript used to enable it and with javascript used to make a form value. That would give fair warning to users with javascript disabled etc (personally, I HATE websites that refuse to work with javascript off and prefer not to use them)

the 2.6 and 3.7 template changes sorted so that they rewrite templates on the fly, allowing mods to view all the data about the user, do whois/google searches
I hope you think about server load for Big Boards to only user the code where really needed ;)

I hope you think about server load for Big Boards to only user the code where really needed ;)

Yup, certainly have. Currently (and I dont imagine its going to change much), it uses two hooks that are hit on each page, global_start and cache_templates.

global_start is used to test if the page is member.php and then inserts a menu item into the options_postbit, that is one or two conditional checks. Firstly, it checks if its running 3.6.x as 3.7.x doesnt have the options postbit menu (3.7 has user details page load as a profile block instead).

cache_templates is used to check if the page is showthread.php or misc.php and then tells vbulletin to insert the "left click username context menu" postbit or the new user detail templates into the cache. A lot of mods do this and it shouldnt impact performance at all.

Once in the cache, vbulletin and any accelerators, will take care of that. Template checks shouldnt be a hit at all, but thats the price to pay for auto template changes.

I dont have a large board to test it against but Im open to suggestions

Ok, thanks.

I can test it on our boards, you see the microtime in the footer.

StopforumSpam.com doesnt have the functionality to pull all the other details for spammers based on just one field. We cant get a list of IPs that SpammerX has logged in from.You can from the search page. This one goes back to a better API being in place.


When I get all the template code working, there will be options for mods to examine users, refresh SFS.com data and act on that. In order to run proactive scanning against all the users against all SFS.com data, would require more work both on my time (I have a baby due in 6 weeks) and in cron execution time. Unless you have the Ajax cron mod installed, running a job like that would kill so poor users session. Maybe in v1+ Ill be able to add an automated pull from SFS.com of their IP lists. Anything more would be a lot more code. I want to get the next version out, working before baby is born because after that, well, I wont have much more time until I go back to work.Congratulations :) This could be done manually for the time being, and wouldn't kill anyone's session that way. The suggestion is meant to be run after the fact. I'm just seeing correlating spammer info in my logs, and want to help flesh out the spammer patterns :)


Auto submit can be sorted and logs updated to reflect that, its not a big, as long as you have cURL installed. Without cURL, automated submission will be extremely difficult, something that can be done but something that Im not really wanting to code for.Definitely wait for a better API from the site :)


main goals for the next couple of weeks, is to get the core rewrite sorted, the 2.6 and 3.7 template changes sorted so that they rewrite templates on the fly, allowing mods to view all the data about the user, do whois/google searches, updating SFS.com data and submitting them manually, better loggind support and statistics reporting. Auto submitting user data to SFS.com might sneak in there but any companion, posting, PM etc will have to wait until all that is stable.

I spend 4-5 hours a day on a train to/from work so my time is a bit limited but Im trying to get it all sorted and out asap.Take your time man, we all appreciate the work you're doing! :)

yeah, parsing HTML that could change at any time, is a real horrible way to get reliable information

One question: Where can I see this part?
5 - Edit Usergroup permissions (Optional) (AdminCP -> Usergroup -> Usergroup Manager -> (Group) -> vbStopForumSpam Permissions - Access / View / Submit
Here you can allow specific usergroups access to details in User Ooptions/ Whos Online etc
Is this on a user's profile page or...?
I edited the rights for my admin group to yes.

You cant and you wont be able to do that until v0.7 and then it wont be with the XML postbits.

The code that I have now is displaying all this information but I need to complete more code before I release it.

ok, I see - no problem.

So interesting change of events, the past couple of days have been very quiet from a SPAM registration stand point. I have, however, started getting a few spam messages through the contact us form.

This leads me to the request of a modification:

Optional settings to check SPS on:

* Contacts

and for folks that were deemed good during registration, but were sleepers:

* Posts
* PMs

Optional settings to check SPS on:

* Contacts

and for folks that were deemed good during registration, but were sleepers:

* Posts
* PMs

Ill see how I can add these options. If they were good during registration as a sleeping spammer, we would have to test their details again. This could be done the first time that they post or send a PM. I dont think that would be too hard to add. Ill look up the hooks at add that to the list of things to do.

Contacts being Contact Us I guess? Using the above method, I could do that. You would need to change the blocking text from "If you think this block is in error, use Contact Us" to "hmm, no change Charlie" :)

Sorry, I should have been more clear.

1) These would be enabled / disabled by admin preference

2) The notion would be that it would only check posts/pms for users that belong to specified user groups. This supports the notion of using promotions on your site to identify trusted users (ie. registered users versus trusted registered users (after 6 days and 3 posts or whatever your flavor is)

3) Contact, yes Contact Us. The understanding being that if you enable this you have prevented users from contacting you if they are incorrectly banned. Mitigation could include javascript, image based or some other obfuscated version of your email in the failure message)

On a separate note, let's try to give this Mod some visibility!

I have nominated it for Mod of the Month, if you received benefit please do the same. Let's get it up for the masses in July and get Pedigree some recognition.



wow, Im flattered, thanks. That would be great even to be nominated for the vote.

Sorry, I should have been more clear.
2) The notion would be that it would only check posts/pms for users that belong to specified user groups. This supports the notion of using promotions on your site to identify trusted users (ie. registered users versus trusted registered users (after 6 days and 3 posts or whatever your flavor is)

3) Contact, yes Contact Us. The understanding being that if you enable this you have prevented users from contacting you if they are incorrectly banned. Mitigation could include javascript, image based or some other obfuscated version of your email in the failure message)

2 - There is an option in 0.7 to put new users into a specific group. You could use that to apply filters against. Ill have to up the database cache time incase Russ at sfs.com gets hammered/DDoSed by large forums that leave users in a group like this. Maybe I could include a "cut off" period for users in this group, where it doesnt check them if registered over 30 days (or X) days ago.

What I could also do is add a cron job to pull the daily IP ban list and put that into the cache. They should catch a lot of spam without the necessary remote queries. Its a fine balance between protecting against spam and DDoSing the limited resources of a one-man free website :)

If Russ was to move the lot into DNS instead of XML/HTML, that would make things a lot easier as he would have DNS servers caching data :)

3 - I believe captcha can be enabled on the ContactUS page but as the loading would be much less on this page than people posting into forums, I dont think lookups would be a problem here.

Captchas can be enabled (as can custom questions on 3.7).. sadly It seems that I am dealing with human spammers (mix of china, india, russia and us based) <sigh>

well, Ill add a IP based lookup for the Contact US page, pulled initially from the dialy cron job that pulls the IP lists and failing that, from a live lookup.

Voted as one way of thanks!!

Yes, voted, too - before the 1st reminder post ;)

Im flattered, I really am.

Update on 0.7rc.

The core caching / whitelist / lookup rewrite is complete with the following requests included
- GeoIP country banning (goodbye China - nothing personal but you spam too much)
- Much better caching support
- Better remote lookup support
- Statistics logging
- Locally cached cron import of the stopforumspam IP database

The core has been rewritten to allow easy integration into the Contact Us form and into post thread / message or PM so that you can configure it to check if details appear on the database for X days after registrations. This will allow a system admin to set, for example, a threshold of 30 days. If posting a PM or message within the first 30 after registrations, it will check the database if they appear as a spammer and will block it, with an optional PM notification to a mod/admin group.

Also included in the starter of the UI support, is full 3.6 and 3.7 integration, giving details of whois information, links to google searches, etc etc.

With the statistics module (that Ive started), youll get full graphs on a yearly period (older than a year gets auto pruned), with a daily, monthly and yearly totals/averages of
- Cache hits vs misses
- Country ban breakdowns
- Successful vs Banned vs Expired* registrations

*Expired is where there is a hit on the spam database but its older than the threshold set in the forum.

Installed and testing ... :up:

Thanks .... :)

One thing that has me a little confused is the field for:

The www.StopForumSpam.com API Key to submit spammers details with

Is this something I need to use this mod effectively and if so, how do I obtain a key?

Appreciate your efforts in trying to help us block spammers...

Regards,
Badger

the API key is available from www.stopforumspam.com - its a feature that never quite made it into 0.6 but will make its appearance in 0.7. It allows you to submit user details to the ban list on stopforumspam.com

Thanks pedigree.... :)

Is there any way to test this mod after install to make sure that people can still register and it's not blocking legitimate users?

I installed it earlier, but I haven't seen any new registrations since then, so I wanted to make sure everything was functioning ok.

Looking forward to v.07 .....

Regards,
Badger

You can disable blocking in the options and set actions to "Log and allow registration".

if you look at admincp -> logs -> vbstopforumspam -> submit

you should see if youve have any new registrations logged by vbsfs

Im sitting here look at all the debug logs for 0.7 and I might go to bed now :D

Badger,

In theory, you can register for your own site to test, and then test by registering while browsing your site with a few random anonymous proxy websites (http://www.the-cloak.com , etc.)

Thanks ... :up:

I did a test by pretending to be a spammer and using an email address that was known from the "stop forum spam" web site and that seemed to work fine. I got the rejected error message and a log entry was created. Unfortunately, it was from my own IP address, so I hope it didn't send that anywhere reporting my IP address as a spammer.. :D

I'll have to try registering using correct information and see if it lets me though now ...

Regards,
Badger

Thanks ... :up:

I did a test by pretending to be a spammer and using an email address that was known from the "stop forum spam" web site and that seemed to work fine. I got the rejected error message and a log entry was created. Unfortunately, it was from my own IP address, so I hope it didn't send that anywhere reporting my IP address as a spammer.. :D

I'll have to try registering using correct information and see if it lets me though now ...

Regards,
Badger

0.6.1 does NOT send your info anywhere to be banned. You'll be able to log on just fine.

0.6.1 does NOT send your info anywhere to be banned. You'll be able to log on just fine.

Thanks .... :up:

I've tested it thoroughly now and it seems to be working fine. I guess the real value of this is how accurate and up to date we can keep "stop forum spam" using the feedback mechanism of this mod, once it's available in v0.7.

Appreciate the author's efforts in trying to help us all deal with spam. It's the most annoying aspect of trying to run a professional and mature Vbulletin environment.

Regards,
Badger

Thanks for the feedback all.

A couple of people that have added to comments and provided feedback are running larger boards and havent had any issues with 0.60/0.61. It seems stable and is working well, not as well as it could be but that will be addressed in the next version.

What Wired1 said about sending information, it doesnt. Its completely passive and only ever retrieves information. 0.7 will have the functionality to submit details based on group membership. I hope Russ is updating sfs.com in real time but he seems to be a very difficult person to get a response out of.

Installed on vb 3.7.1 pl2 with php 5.2.6 and curl. I will let you know how it goes.

Many thanks for this!!

BTW: does this mod extend the time needed for registration? Does it conflict with ISBOT (https://vborg.vbsupport.ru/showthread.php?t=135094)?

Thanks for the feedback all.

A couple of people that have added to comments and provided feedback are running larger boards and havent had any issues with 0.60/0.61. It seems stable and is working well, not as well as it could be but that will be addressed in the next version.

What Wired1 said about sending information, it doesnt. Its completely passive and only ever retrieves information. 0.7 will have the functionality to submit details based on group membership. I hope Russ is updating sfs.com in real time but he seems to be a very difficult person to get a response out of.

You're welcome.... :)

Thank you for investing your time in this... appreciate it... :up:

Been using it for about a day now and the log is building. I notice one set of entries that repeated 6 times with the last one (2008-07-01 09:56:33) having the underline clickable link,whereas the other entries don't.

joe 2008-07-01 09:56:33 joe@xxxx.de xx.xx.xxx.xxx Allowed registration
joe 2008-07-01 09:53:37 joe@xxxx.de xx.xx.xxx.xxx Allowed registration
joe 2008-07-01 09:52:53 joe@xxxx.de xx.xx.xxx.xxx Allowed registration
joe 2008-07-01 09:52:02 joe@xxxx.de xx.xx.xxx.xxx Allowed registration
joe 2008-07-01 09:51:17 joe@xxxx.de xx.xx.xxx.xxx Allowed registration
joe 2008-07-01 09:50:11 joe@xxxx.de xx.xx.xxx.xxx Allowed registration

Why would this repeat that many times?

BTW, I put in X's and chanhed the username to protect the registrant's privacy.

Regards,
Badger

Badger hmm thats strange, it might happen I guess if the user refreshed the page and then has data resubmitted. What Ill do is add code to check if the user/email is in use and them stops processing, allow control to pass back to vbulletin for rejection... No point doing all that processing if the user exists.

Thanks for that, it made me thinks

And this is an open request...

Post here what you would like to see in the ways of stats, charts, graphs etc...

so far Ive got

Bar graphs
- Registrations per hour blocked / allowed by policy / allowed with old data / allowed clean / whitelisted / blacklisted

Pie charts
- Blocked domains by domain name
- Blocked domains by country
- Blocked registrations by domains
- Blocked registrations by IP in 16/24 bit subnets (hard on the CPU)
- Cache hits vs misses vs time

Hi pedigree ... :)

I've been using this mod for the last 6 months without any problems, but since it handles the registrattion page differently thatn the default vbulletin code, could that be why it repeated 6 times? If he kept making mistakes and it's a java code based registration, it might be a factor?

https://vborg.vbsupport.ru/showthread.php?t=144869

Regards,
Badger

BTW: does this mod extend the time needed for registration? Does it conflict with ISBOT (https://vborg.vbsupport.ru/showthread.php?t=135094)?Nope. When they hit submit, it compares their IP / email address / user name against a list, and if they're on the list, no entry permitted. I believe they just come back to the registration page so they can change their user name / email address.


pedigree: in 0.7.0, can we now sort the log by all columns, and/or do a search on it? As a secondary suggestion (and I can see this somewhat being outside the scope of your mod, so if you agree, no biggie), maybe compare all people who were banned in the past month, and compare it to successful registrants in the vBStopForumSpam logs? This way, an admin can have a quick list to manually report to the black list (e.g. hitting a button to do it)? This would allow the admin to only report those who have banned because of spamming, and not violating other rules on the forum.

Come to think of it, if someone was PERM banned via an infraction (granted not many use infractions in this way I think), maybe this mod could somehow detect it and auto-report it?


Badger, the repeats are normal. It's the user screwing up, that's it. I see it all the time in my logs, and my register form is standard. They're just mis-typing or something.

Now, if the error was added to the log, that would be nice, although I'm not sure how much it would help to prevent spam.

Took a bit of time and tallied up stats for all of June for one of my sites

Out of the 7180 registrations for the 30 day period:

~.03%/250 were caught by SFS Email check
~25%/1860 were caught by SFS UserID check
~45%/3260 were caught by SFS IP check

~25%/1810 made it past SFS Check

note: of the 1810 that made it past SFS, 780 of those were caught by RBL Checking and rejected, 12 slipped through completely but were manually discovered, no false positives that I am aware of.

And this is an open request...

Post here what you would like to see in the ways of stats, charts, graphs etc...

How is the data being aggregated? Have you indexed the log table for reporting or are you normalizing the reporting data elsewhere?

I'd be interested in some long term % based trending (week, month, year) as line graphs

Things like:

% of blocked registrations over time
Of blocked registrations, % email, % ip, % username on a single graph over time

Thanks again and Great Job!

At the moment, the only data that I have going to a stats table is cache hit/miss numbers, records on an hourly total. Ive done that with a roundrobin type system, almost. It purges records over 1 year old (just as RRDtool does) and logs on hourly totals, inserting new records and updating existing ones (for those with mysql knowledge, its an insert on duplicate key update with an index on the primary date field)

I thought about using RRDtool but couldnt find a pure php implementation of it as I couldnt rely on hosts having binary execution rights etc.

All of the graphs are going to have weekly/monthly and yearly trending for each - something that I hope wont kill the server too much, hence why Im using hourly totals rather than just inserting a new row per sample.

The stats tables will be seperate from the log data so if you purge your logs, the stats will remain untouched.

There is also a diagnostics logs, off by default, where it will attempt to log each step of the registration process with records purged after 7 days. As this table contains a TEXT field, I wanted to keep the size down. This is mainly for debug review if something starts going wrong with the code.

skippy - I was thinking about RBL checking but there is already a package doing so that I left it at that :) Would you like to see something like it in this, with graphing? I was thinking about adding SURBL support in a later version.

Wired1 - You will be able to sort on all the fields and Ill add a search as well. It will be a match on any field, you wont be able to specify which field you want to search on as I want to get this released before my son is born. Ill be working during my paternity leave when I really shouldnt, so I wont have too much spare time. As for the ban/report, its a bit out of the scope but Ill add it to the list for future releases.

pedigree, a single mod to manage all of my spam validation would be a holy grail for me...

that being said, having two right now is not the end of the world and many things on your list seem much higher priority (especially that whole son thing :-p)

It seems to work very well on vb 3.7.1 PL2

So well, that I am being flooding by emails from this hack. How do I turn them off?

Ok, I caught a spammer who wasn't blocked by "stop forum spam" site.

How do I now get that information, IP address, email address and user name to their site?

Thanks... :)

Regards,
Badger

So well, that I am being flooding by emails from this hack. How do I turn them off?


@Alpha1: What emails are you receiving? I don't remember there even being an option for this mod to email?


Ok, I caught a spammer who wasn't blocked by "stop forum spam" site.

How do I now get that information, IP address, email address and user name to their site?

@BadgerDog: You can add new entries at: http://www.stopforumspam.com/add

@BadgerDog: You can add new entries at: http://www.stopforumspam.com/add

Thanks... did that ... :up:

My first "kill"... :D

Regards,
Badger

It seems to work very well on vb 3.7.1 PL2

So well, that I am being flooding by emails from this hack. How do I turn them off?

Good to hear about 3.7PL2.

Are the emails coming from the "Contact Us" page? If so, then two ways really

1. Edit the phrase and remove the "Contact Us if you think this is wrong" incase they didnt think of doing that

2. Disable the "Contact Us" page in vBulletin options.

Are the registrations all spammers? Maybe you could PM me a copy/paste of your logs so that I can verify theyre spammers and not the plugin gone mad.

Edit : This mod doesnt send emails

.. oh, the next version will do spambot filtering on the Contact Us page as well :)

This looks awesome - and *exactly* what I need at the moment! :) My forum gets around 55,000 unique visitors and 250,000 pageviews a day - and it's being ruined by spammers! I'll post back in a few days to let you know the results (it's already caught one and I only installed it 60 seconds ago!).

Thanks pedigree! :)

Ok, I just had a legitimate new member try to register and he got the spammer rejection message (our very first)....

It didn't like his IP address, indicating it has been used by someone to spam forums in the past. Here?s the information from the log:

========================================
Username 2008-07-08 12:55:38 xxxxxxx@xxx.com 195.93.21.36
Result on field ip - 195.93.21.36 - Spammer and rejected by policy
========================================

What's very odd is that the actual IP address he was using when he tried to log on our site was IP Address: 195.93.21.8, which differs from the one he was rejected for?

Is something broken here? :confused:

By the way, I changed the username and email address for pivacy purposes.

Regards,
Badger

Checking that IP on the stopforumspam.com website, it's linked to an AOL.com email address. AOL also owns that IP range. Most likely someone was spamming from a computer w/ AOL as the ISP. AOL frequently cycles IP addresses around, so that's how they got that IP.

AOL operate transparent proxy servers that filter/monitor and record all HTML data passing from their networks, for many reasons, data mining, advertising etc... It being on the same 24 subnet is a bit strange bit who knows what AOL think.

ISPs that transparently redirect/filter and cache HTTP traffic are always going to be a problem when filtering on IP numbers. I thought about filtering on the HTTP_FORWARDED_FOR headers fromthe caches but that would easily allow a spammer to inject headers and therefore bypass filtering.

All I can suggest is create him an account and mail him the password or decrease the age expiry to under 30 days, that will treat the record at sfs.com as too old and will ignore it.... Or even better, tell him to get his ISP to turn off proxying. A friend owns an ISP and with bandwidth being so cheap compared to the overhead of running caching servers, given the low hits, he turned them all off.

This raises the question of one of the missing features of the site regarding modding up an IP, email or username. Right now you can flag something bad, but can never rectify that (unless you flagged it and manually remove it from your list of spammers)..

Obviously a concept like this is prime for fraud if not done correctly.

Anyone have any suggestions on how we may implement a "whitelist" feature without inviting automated bots to pollute the database?

I think those questions are best raised on the stopfrorumspam.com website. I did kind of foresee that and thats why I put a "lastseen" expiry in the mod. By default, from memory, its 90 days. 0.7 has whitelisting features for username/email and IP addresses/subnets as well as the said expiry.

Expiry being that a postive spambot result from stopforumspam.com with a lastseen thats older than the threshold set in your options, will result in a negative spambot result. This kind of works around some of the issues.

All I can suggest is create him an account and mail him the password.


That's how I handled this individual...

Thanks ... :)

Regards,
Badger

No solution is ever going to be perfect :(

Am I doing something wrong? I can't find "vbStopForumSpam Permissions - Access / View / Submit " for any group in the Usergroup Manager, as directed in the installation process:

Edit Usergroup permissions (Optional) (AdminCP -> Usergroup -> Usergroup Manager -> (Group) -> vbStopForumSpam Permissions - Access / View / Submit
Here you can allow specific usergroups access to details in User Ooptions/ Whos Online etc

Am I just not seeing it, or did I do something incorrectly?

Am I doing something wrong? I can't find "vbStopForumSpam Permissions - Access / View / Submit " for any group in the Usergroup Manager, as directed in the installation process:



Am I just not seeing it, or did I do something incorrectly?

Nope, youre doing it right, I just jumped the gun and put those in there but never coded the security behind it so it doesnt work. Sorry, I need to remove these from the package as theyve been removed in 0.7 and replaced with another security method

Hi ... :)

I seem to get quite a few of these:

[REMOTEERR] Unverfied but allowed by policy

Does ths mean that the host was down when these people registered?

BTW, any ETA on v.7?

Thanks....

Regards,
Badger

Badger - yes

0.7 is coming along slowly, not as fast as I liked but baby was born yesterday so Im going to have a lot of spare time on my hands over the next couple of weeks.

I might split the stats engine off from this version and release it as 0.8. It will still log all the details to the stats tables, just reporting will be left out.

0.7 is coming along slowly, not as fast as I liked but baby was born yesterday so Im going to have a lot of spare time on my hands over the next couple of weeks.

Congratulations !!!!!!! :up:

I didn't realize that was going on in the background. :D

Family is far more important then this stuff....

Take it from a 60+ guy, enjoy this terrific time in your life and create some great memories...

Regards,
Badger

Ok, I just had a legitimate new member try to register and he got the spammer rejection message (our very first)....

It didn't like his IP address, indicating it has been used by someone to spam forums in the past. Here?s the information from the log:



What's very odd is that the actual IP address he was using when he tried to log on our site was IP Address: 195.93.21.8, which differs from the one he was rejected for?

Is something broken here? :confused:

By the way, I changed the username and email address for pivacy purposes.

Regards,
Badger

This MOD *looks* good, but the *most* important thing that users should be aware of is the possibility that a spammer's IP Address on one day (say Sunday 20th July, 2008) may be completely different from the one presented the day after (Monday 21st July, 2008). :eek:

IP addresses are dynamic, especially nowadays that BroadBand has hit off in such a huge way; simple thoughts... how many IP addresses are there, and how many people are there usin the internet, not to mention legitimate businesses? Just check your IP somewhere, switch off you system for a few minutes and restart... then recheck you IP. I'll bet both my hairy ones on the liklihood that your IP will have changed... more so in busy periods.! :erm:

Ergo, don't bother blocking IP Addresses, becuase it's very likely that you'll be blocking legitimate customers.! Really, the way to prevent spamming, is at registration, as this MOD does, but perhaps this MOD should add usernames and email addresses to a list when the Image Verification is failed and session cookie is different on reregistration.... :up:


If IV is failed and session cookie/date & time the same as last registration - possibly a legitmate user has input image code wrong, so add user to spammer list, but moderate posts when actually registered.
if IV is failed and session cookie/date & time is different from last attempt - likely to be a spammer returning... spambot sends registration info, but fails, and human equivalent returns to register (complete the job), so the session cookie and date/time will have changed for the same username.


The reason for this style of prevention: I've had a few spammers (or possibly the same one) returning to register after the SpamBot had failed only days earlier. :erm:

These threads explain it all in a lot more detail....
https://vborg.vbsupport.ru/showthread.php?t=184030
https://vborg.vbsupport.ru/showthread.php?t=185707
:)

Like I said, this mod isnt a perfect method of stopping spam. Ive addressed the changing IP issues but if you look at spamhaus / spamcop, are you seriously trying to tell me that this systems are inherently flawed? They stop billions of spams every day. Sure there is colateral damage.... Im guessing from the spambot registrations on my board, in the four figures now, there mightve been 1 false positive and thats what the Contact Us page is for.

Most of my spammers are caught on the email and username fields. If you look at the mod, you can disable checking on the IP number. As spambots dont register a new email address for every forum they try to register on, its a really good field for testing.

This mod gives you control of your forum, it doesnt push policy on anyone. If I want to stop an IP used for spamming within the 24 hours then *I* can. If you dont like the idea that you might block some poor innocent person who had the same IP as some spammer 6 hours after spammer changed IP, then dont test on IP number. From what Ive seen from my logs (and skippy, wired1 etc) is that it blocks a lot of persistent static/near static IP addresses. I think that youll be hard pushed to find a user of this mod complaining that its blocking innocent people on a mass scale but if you do, then why dont you code another mod?

Session cookies so change, restart your browser, its gone. You cant rely on session cookies as spambot engines do cookies. Im working on the mod each day and new features will be added all the time. Maybe Ill take some more time to add your suggested cookie theory... Its adds more control, which is what this mod is about

IP address count is about (256^4) - (2^25 + 2^16 + 2^20) give or take some for subnet broadcast addresses. 10/8 192.168/16 172.16/12 and 224/8 multicast

I really like this mod, although the amount of spammers has actually gone up. Maybe the spammers read stopforumspam.com as well and find my board.

The AE detector does find spam bots for me. I did not expect that some spam bots actually can be discovered with cookies. So please do add cookie tracking.

alfa ill do something like AE detector where the registration process sets a non-vb cookie. all cookie tracking can be extremely easily bypassed by a bot with little coding on the part of the scum writer. With more and more people using spambot posters and more and more boards being spidered/discovered and added to the lists, its bound to happen

what I might do is test a mod addition to rename register.php with another named file with hitting register.php resulting in a temp ban from that ip perhaps.

Ive got some code kind of working, on the list of things to do, where the register form has encoded javascript, where is adds random fields to the input form. If they arent there with the post back, it knows its a spammer (as you cant submit the form without javascript enabled) - i know, i know, forcing javascript is a royal facist thing to do but its another way to hinder spambots.

Asides from IP's and cookies, would it be possible to ID spammers based upon mac address or other things?

MAC address is very difficult as most webservers (I would guess in the high 99.9% here) dont have or allow access to p0f type tools to provide packet level inspection. MAC addresses arent all that unique as once youre removed the device manufacturer ID (which doesnt fill the full 24 bit), you only have a 24bit uniqie ID. There are a lot of network cards out there with the same MAC address and thats fine, just as long as there arent two with the same mac on the same subnet. Filtering on MAC therefore is a no-go area.

Th eonly way to stop automated bot register/post tools is to stop registration by means that the application doesnt know about, extra fields, simple questions, tick this box, click here serverside maps etc. Manual spammers is a different story, you just have to make it as hard as possible.

I agree, no solution will be 100% short of encroaching on impacting legitimate users.

For the record, I really like the notion of renaming register.php (obvious risks are third party mods which call that link directly(?!?!) and existing phrases that call it directly.. both manageable.

In that vein, modifying things in the page source like Generator Meta, etc. which specifically call out that you are running a VBulletin site.

That being said, hopefully you are:

1. Spending tons of time with the new child
2. Closing all feature adds for v7 (scope creep is addictive)
3. See #1

:-)

WOW !!! That was an unnecessarily defensive reply to my post, for which mine was just helping one user be aware of the IP dynamics of t'internet.

------- Please skip past this thread if you don't like long posts -------

Pedigree, where in my post do you think I've attacked your creation?

Apologies to any users, including yourself, Pedigree, should you believe this post is 'Threadwaste/Postwaste', but surely some of you will have got to a point with users misunderstanding the context, or entirety of the posts you make - this is one of those very moments; I am really *sick* to the back teeth of posts not being read correctly, and then someone taking their hat off at some poor user about it.

I really do not see why you have come to be so defensive from what I have written, and so, I feel I should make myself much more clearly understood...

Like I said, this mod isnt a perfect method of stopping spam. Ive addressed the changing IP issues but if you look at spamhaus / spamcop, are you seriously trying to tell me that this systems are inherently flawed?
In fact, I do not *try* to *tell* you anything about flawed systems at other locations, and I certainly do not, at any point, comment on the level of quality your MOD provides.
They stop billions of spams every day. Sure there is colateral damage.... Im guessing from the spambot registrations on my board, in the four figures now, there mightve been 1 false positive and thats what the Contact Us page is for.I haven't complained about collateral damage. I haven't complained about any of my members not being able to register due to IP blocking. I did, however, directly inform a single user that IP blocking can be a problem for board registrations, other users will read the same post and understand the same. With regards the Conact Us page, should you happen to read any of the many quality articles that other experienced Bulletin Board Admins have written (not just vB), you may come to realise that when an internet user searches, and happens to come across a website, if the information they are seeking is not within the first several clicks, they are more likely to move onto another website; Contact Us, is no guarantee that you will keep a customer in your shop, so to speak. (this is not a criticism to your post, btw).
Most of my spammers are caught on the email and username fields. If you look at the mod, you can disable checking on the IP number. As spambots dont register a new email address for every forum they try to register on, its a really good field for testing.

This mod gives you control of your forum, it doesnt push policy on anyone.Now, that part of your post was, IMO, the only constructive part, in response to my post. Although, looking through your MOD listing description, at no point do you mention any switching of IP blocking facility, or any facilities, as I come to read the description again; only after looking at the second attached screenshot, do I spot a selection box showing ENABLE, and then one must logically assume there is a DISBLE selection too, though, unfortunately, this fact of logic may not be readily obvious to some (honestly, there are users that just don't know, we've all come across them, and we help them).
If I want to stop an IP used for spamming within the 24 hours then *I* can.And, this does seem quite an over-defensive response to something I haven't written; your use of "*I* can" is what pushed me to write this lengthy tome. It appears, judging from your sentence, that you believe I have somehow attempted to stop you from preventing spammers..? Sorry, I fail to see where I have restricted your use of your MOD.
If you dont like the idea that you might block some poor innocent person who had the same IP as some spammer 6 hours after spammer changed IP, then dont test on IP number. From what Ive seen from my logs (and skippy, wired1 etc) is that it blocks a lot of persistent static/near static IP addresses. I think that youll be hard pushed to find a user of this mod complaining that its blocking innocent people on a mass scale but if you do, then why dont you code another mod?I haven't said that I don't like the idea of blocking 'some poor innocent person'. And, why should I code a MOD? I had come to this MOD thread to examine your MOD, to check whether it was the product for me. I did suggest an addition, not only to your MOD, but to any MOD that attempts to prevent spamming registrations by using the points I had listed so many times before, and herein.
Session cookies so change, restart your browser, its gone. You cant rely on session cookies as spambot engines do cookies.You really have misunderstood the suggestions I have made....
You know, as well as I, that vB sets a cookie on your system (or spambot system) each and every visit to your vB board. So, if you record the cookie with each registration, then if that registration fails and another attempt is made with the same username/email, and the cookie is different the second time round, then your vB software will know that the registration MAY be a spambot. For this suggestion to work, you must assume that people are not THICK, and that they will try registering again within the same cookie session, should their first attempt 'balls up', somehow. Ergo, humans register and reregister in the same cookie session, whereas spambots go away and come back later to try again.
Im working on the mod each day and new features will be added all the time. Maybe Ill take some more time to add your suggested cookie theory... Its adds more control, which is what this mod is aboutExactly! So, why be so defensive?
IP address count is about (256^4) - (2^25 + 2^16 + 2^20) give or take some for subnet broadcast addresses. 10/8 192.168/16 172.16/12 and 224/8 multicastIt's nice to know some people care, and know perfectly well what they're on about...! :D

But, aside from clearing any misunderstandings, I would really like to hear your views on the suggestions I've provided, ie. the failed spambot registrations due to the image verification process.

I hope this has made things much clearer. However, please do not hesitate to contact me with regards any of the above.

Yours,

;-D

Did what you said, skipped your rant.

No more feature creep, I dont have the time. Maybe in a couple of months when I do.... Who knows but Ill keep your cookie/captcha idea in mind.

1. Spending tons of time with the new child
2. Closing all feature adds for v7 (scope creep is addictive)
3. See #1
:-)

1. Oh yes
2. No more feature creep. Nothing new is going in, Im working on the last stages, data submission to stop forums spam.
3. See #1

:)

First of all, let me compliment you on your mod. I really like what you’re doing here. Also, congratulations on the new baby! I know that you are trying to keep the scope of the project from getting out of hand and that you also want to spend time with your family (which, I completely agree with)… But here is a suggestion that would be easy to add and would be a really nice compliment to the mod you already have. When you get a chance, take a look at Project Honey Pot (www.projecthoneypot.org). They have a list of known automated spammer ip addresses similar to the http://www.stopforumspam.com list, except the list is bigger, and probably less vulnerable to list contamination because of the way that the ip addresses are collected. Since they have an established api and sample code it would be really simple to have your mod query their data base in addition to the stop forum spam database.

Here’s a link to some sample code as well as some information about their api:

http://www.projecthoneypot.org/board/read.php?f=10&i=179&t=179
http://www.projecthoneypot.org/httpbl_api

I hope that you like the idea. Let me know what you think.

Th eonly way to stop automated bot register/post tools is to stop registration by means that the application doesnt know about, extra fields

BINGO. You wouldn't believe how many spammers I've caught simply because they slapped URLs where it asks for their motherboard :)

First of all, let me compliment you on your mod. I really like what you’re doing here. Also, congratulations on the new baby!

Thank you, its really nice to hear positive feedback

I know that you are trying to keep the scope of the project from getting out of hand and that you also want to spend time with your family (which, I completely agree with)… But here is a suggestion that would be easy to add and would be a really nice compliment to the mod you already have. When you get a chance, take a look at Project Honey Pot (www.projecthoneypot.org). They have a list of known automated spammer ip addresses similar to the http://www.stopforumspam.com list, except the list is bigger, and probably less vulnerable to list contamination because of the way that the ip addresses are collected. Since they have an established api and sample code it would be really simple to have your mod query their data base in addition to the stop forum spam database.

Hmm, Im going to go look at this now and if the sample code can be added to the mod without too much trouble (which I hope is that case as I tried to make it flexible), then Ill most certainly add it.

Edit : Ive looked at this and it looks really really good. The code is small and can added very easily to my new code rewrite without too much trouble at all. As its DNS based, I dont have to worry about caching data ike I am with stopforumspam, its lightweight and should make the mod even more useful (to those that have actually installed it)

Cheers for this m8, starting using it yesterday and for the first time in 24hrs I have not got a single spammer ;)

Well Done, have some wine! hehe

I'm glad that you liked the honey pot recommendation. By checking both databases the mod should be even that much better at blocking spam.

This is getting better and better.

Watching this for the next version. :)

Good work.

Well, I sat down to add the projecthoneypot api but regardless of the times Ive tried to join, email them, etc, I cant get an account created, let alone an API key. If anyone has one that they wouldnt mind me using or knows someone on the project that can sort it, please drop me a line

Thanks

Their closed for maintenance:
Project Honey Pot is currently undergoing maintenance. As a result, we've turned off some portions of our website, including the page you just requested, however most information can still be accessed if you are logged in. (Don't worry, we're still tracking harvesters and spammers!)

We'll be back online soon, please check back. If you have any questions, you can email us at: maintenance@projecthoneypot.org.

Thanks for your patience.
The Project Honey Pot Team

that page wasnt there when i tried over the last two days, ill wait I guess, thanks alfa

hey,
I installed the mod but can't find the log. There is no such log under Statistics & Logs. am I doing install it wrong? thanks

Its logs are installed under Statistics and Logs as vbStopForumSpam Logs.

What version of vb are you using?

My seasonal traffic has died down a bit, but here are my numbers from July:

Out of the 614 registrations for the 31 day period:

~10%/66 were caught by SFS Email check
~21%/128 were caught by SFS UserID check
~27%/166 were caught by SFS IP check
~41%/254 made it past SFS Check (minus 2 that slipped by detection)

A few observations:

1) A significant increase in matches on Email check (10% in July versus .03% in June)
2) A significant decrease in IP matches (27% in July versus 45% in June)
3) A significant increase in valid registrations (41% in July versus 25% in June)

Thanks again pedigree!

Glad to help

On a note, I spent ages putting a lot of projecthoneypot.org code in there, seems wasted as I cant get a single email reply, confirmation, nothing from them, looks like the people running it have no been eaten by something or just dont care... So Ive removed it all as - I dont test it and if I cant test it, then people that would want to it use cant because the damned login/register system doesnt send confirmation emails for validation.

It a pity, it looked really useful. Who knows, someone there might pull their finger out of their backsides and make their website functional again....

Yes, thats a pity. But they seem to be absent at this time. Maybe they are on holidays?? Perhaps in a few weeks...

Pedigree,

Check your inbox. I just PMed you my access key.

... and with that, the code is going back in for testing, thanks Embroidables!!!

haha, just got a page of emails from them for my account confirmation, hehe

cool... it sounds like they finally got their sign up fixed.

Thought I'd report a database error received when trying to sort on IP address ... :)

Database error in vBulletin 3.6.7:

Invalid SQL:

SELECT * FROM vbstopforumspam_log AS logs

ORDER BY ip ASC, date DESC
LIMIT 0, 30;

MySQL Error : Unknown column 'ip' in 'order clause'
Error Number : 1054
Date : Wednesday, August 27th 2008 @ 07:18:22 AM
Script : http://www.xxxx.com/admincp/vbstopforumspam.php?do=view&pp=30&orderby=ip&page=1
Referrer : http://www.xxxx.com/admincp/vbstopforumspam.php?do=view&pp=30&orderby=email&page=1
IP Address : xx.xx.xx.xx
Username : Badger
Classname : vB_Database

Regards,
Badger

Good find. I can confirm that I also see this error when sorting VBStopFormLog by IP. (vb3.6.11 running VBSFS .61)

yeah, it was reported a couple of pages back and its been fixed. Im just trying to find a spare minute in the week to do some more work on it. A newborn, 6 hours/day travel and a kid in the terrible "twos"

Good to see youre on the ball though :)

The wife and the kids are in London tomorrow, leaving me at home without too much work on... I hope to get some code done

If you go to line 62 in admincp/vbstopforumspam.php and change

$order = 'ip ASC, date DESC';

to

$order = 'ipaddress ASC, date DESC';

then that will fix that error

one of the Best modifcation on the site, its saved me no end of work

over 400 spammers in 48 hours have been stopped

one of the Best modifcation on the site, its saved me no end of work

over 400 spammers in 48 hours have been stopped

Thanks for the feedback :)

Glad to help. Hopefully, 0.7 will be even better.

Spotted a bot trying to sign up a couple of times now. It's not getting through but the message in the log is

Result on field email - bnm444+20080831@gmail.com [REMOTEERR] Unverfied and rejected by policy

Not sure if that's a bug due to the "+" in the email address or not. But thought I'd flag it up for you anyway.

Thanks again for your work with this. It's saving me so much time.

Sy

For August 2008, Out of the 3580 registrations on my site for the 31 day period

~4%/150 were caught by SFS Email check
~17%/640 were caught by SFS UserID check
~36%/1300 were caught by SFS IP check
~41%/1490 valid registrations

1) Spammers caught by Email check are back in my normal range (not sure why it spiked to 10% last month)
2) Valid registration sticking at 41% for two months in a row now. Would like to see it higher, but much better than the 20-25% I was seeing For the first half of the year.

Spotted a bot trying to sign up a couple of times now. It's not getting through but the message in the log is

Not sure if that's a bug due to the "+" in the email address or not. But thought I'd flag it up for you anyway.

Thanks again for your work with this. It's saving me so much time.

Ive had a look at the results that the remote site gives when using a plus addressed email. It response with "invalid email address" and as the result isnt in the XML-ish that its expected, the mod assumes that it got an error, which it did in a way. Ive reported it to the remote site for investigation as email addresses can have (RFC says) a-z 0-9 % - + _ .

I wonder if its a method identified by spammers or just luck, either way, if I dont get a response from the remote site about this, Ill add code to handle "remotely reported invalid email addresses" properly.

1490 valid registrations, Im lucky if I get that in hits per month :)

Skippy, did you notice the PM to the 0.7 beta site?

hi,

You can add in your description that it works on vb 3.7.3 just fine.It just catched two spammers trying to register

Ive had a look at the results that the remote site gives when using a plus addressed email. It response with "invalid email address" and as the result isnt in the XML-ish that its expected, the mod assumes that it got an error, which it did in a way. Ive reported it to the remote site for investigation as email addresses can have (RFC says) a-z 0-9 % - + _ .

I wonder if its a method identified by spammers or just luck, either way, if I dont get a response from the remote site about this, Ill add code to handle "remotely reported invalid email addresses" properly.
Awesome. Thanks for the quick reply.

Sy

For August 2008, Out of the 3580 registrations on my site for the 31 day period

~4%/150 were caught by SFS Email check
~17%/640 were caught by SFS UserID check
~36%/1300 were caught by SFS IP check
~41%/1490 valid registrations
Where can i see this?

Alfa1 i think skippy drew up those numbers from logs as there isnt a reporting tool in 0.61

Ah. I see. Thanks.

I seriously have no idea what I'd do without this mod! Thank you so much again for releasing it. We block approximately 15-25 spammers from signing up daily with it.

was working for me in 3.7.3 but started getting out of memory errors taking the whole board down, any ideas?

My PHP memory limit is 64MB

was working for me in 3.7.3 but started getting out of memory errors taking the whole board down, any ideas?

My PHP memory limit is 64MB

if you have a busy board (eg lots of people that are trying to register) it might cause things like this no idea what you can do about that except increasing the limit

the mod itself shouldnt be using that much memory. How many people are you seeing each day? That are trying to register? What PHP version are you running and on what OS/version?

Web Server Apache v2.2.9
PHP 5.2.6
PHP Memory Limit 64.00 MB
MySQL Version 5.0.45

100 users average at any one time

When I turn the plug-in off, the server memory load drops 30%

I am getting a lot of spam blocks, maybe that's it.

could someone tell me where i can find the function to report Spammers to the SFS Database? i think this two images i uploaded with this mod are for this function? right?

could someone tell me where i can find the function to report Spammers to the SFS Database? i think this two images i uploaded with this mod are for this function? right?

yeah good question i've looked for it myself turned on the usergroup permissions but can't find it ... I just added my own form to the admincp that adds the spammers to SFS database throug cURL or a socket connection if cURL is not availible

As mentioned in the thread before, that functionality was in the XML postbit but not actually included in the code, I kind of jumped the gun a bit sorry. I was hoping that an API was forthcoming from sfs.com but it hasnt been. The site admin of sfs has gone awol for a while as hes busy so Ill see if I can add the API code to the site. In the meantime, Ive got code there to add it and parse back the HTML to see if it was successful or not.

0.7 will include the ability to submit data to the website.

To acorndomains - the plugin should only really load when the page is doing a registration. Ill revisit the 0.6 code and look to see if its recompiling the code when it shouldnt need to - if it is then Ill try to modify the plugin to avoid loading the function code when its not required. Are you using any php accelerators at all?

Any ETA on next version ? This mod is a life and time saver for me. So far today it's stopped over 30 spam signups.

0.7 is almost done but is missing a lot of the GUI changes, the complete stats engine and has no bug/error handling at the moment. Ive adding those on a weekly basis when I get time from work, which isnt that often these days.

Instructions are included in the instructions.txt file - PLEASE read it first.

From above, is this file the installation.txt file or am I missing something?

one or the other depending on the version

First I'd like to thank you for taking the time to do this while you've obviously been busy at home.

I installed this mod easily this morning. Here is an excerpt from the log.

horoscopey 2008-09-27 10:40:29 horoscopey@ebaysweep.com 71.239.75.95 Result on field ip - 71.239.75.95 [REMOTEERR] Unverfied but allowed by policy
horoscopey 2008-09-27 10:40:29 horoscopey@ebaysweep.com 71.239.75.95 Result on field email - horoscopey@ebaysweep.com [REMOTEERR] Unverfied but allowed by policy
horoscopey 2008-09-27 10:40:29 horoscopey@ebaysweep.com 71.239.75.95 Allowed registration



I have email and username set to enabled, but left ip disabled in the admincp vsStopForumSpam settings.

Since horoscopey is the spam lists, can anyone tell me what I might be doing wrong?

First I'd like to thank you for taking the time to do this while you've obviously been busy at home.

I installed this mod easily this morning. Here is an excerpt from the log.


I have email and username set to enabled, but left ip disabled in the admincp vsStopForumSpam settings.

Since horoscopey is the spam lists, can anyone tell me what I might be doing wrong?

if you see "[REMOTEERR]" the stopforumspam service is down (or something has gone wrong while checking) in this case you need to set the option to block registeration on remote connection errors.

Hello.

First off, the idea of this mod is absolutely amazing. Great work.

I'm having some issues running it on version 3.7.3 Patch Level 1.

The install went smooth as butter...hooks were placed...and etc. etc.

When I went to try and 'sign up' as a new user using one of the names off that site...I got the following:

Warning: Unknown(includes/functions_vbsfs.php): failed to open stream: No such file or directory in [path]/register.php(385) : eval()'d code on line 3

Fatal error: (null)(): Failed opening required 'includes/functions_vbsfs.php' (include_path='.:/usr/local/lib/php:/usr/local/lib/php/PEAR:/usr/local/share/pear') in /hsphere/local/home/ic3dnet/forums.ic3donline.com/register.php(385) : eval()'d code on line 3

I am just starting out in VB...so kind of not sure what to do now. Can someone please help me? Thank you...I greatly appreciate it. I'll remove the product in the mean time.

Hello.

First off, the idea of this mod is absolutely amazing. Great work.

I'm having some issues running it on version 3.7.3 Patch Level 1.

The install went smooth as butter...hooks were placed...and etc. etc.

When I went to try and 'sign up' as a new user using one of the names off that site...I got the following:



I am just starting out in VB...so kind of not sure what to do now. Can someone please help me? Thank you...I greatly appreciate it. I'll remove the product in the mean time.

your functions_vbsfs.php is missing you need to upload this file from the zip to your vBulletin /includes directory and this error will be gone

heh, thanks for

a. The feedback
b. Delphi for the helping hand. This is what happens when you take your kids out to the beach :) - you miss these postings

When installing vBulletin mods, there is usually an "upload" folder. There are the files that you have to upload to the (usually) root of your forum (dont upload the upload folder itself, just its contents).

While lots of modders do try to keep PHP contained within the XML product plugin, its not always possible to do so, hence the extra files.

Well done. The last day or so I have been hit really hard by forum spammer, posting some pretty explicit sexual content. I been looking at this mod the last few days, and decided to give it a try, as I GOT to do something about this damn spam! It's been a few hours now, and it has blocked & logged over 10 registrations. By looking at the log, these its apparent that these are spammers, and not legit users (e.g username of FeMaleAnimeP0Rn, etc).

Thanks a lot for this mod!

Must be a sensitive liberal!
LOL

WOW !!! That was an unnecessarily defensive reply to my post, for which mine was just helping one user be aware of the IP dynamics of t'internet.

------- Please skip past this thread if you don't like long posts -------

Pedigree, where in my post do you think I've attacked your creation?

Apologies to any users, including yourself, Pedigree, should you believe this post is 'Threadwaste/Postwaste', but surely some of you will have got to a point with users misunderstanding the context, or entirety of the posts you make - this is one of those very moments; I am really *sick* to the back teeth of posts not being read correctly, and then someone taking their hat off at some poor user about it.

I really do not see why you have come to be so defensive from what I have written, and so, I feel I should make myself much more clearly understood...


In fact, I do not *try* to *tell* you anything about flawed systems at other locations, and I certainly do not, at any point, comment on the level of quality your MOD provides.
I haven't complained about collateral damage. I haven't complained about any of my members not being able to register due to IP blocking. I did, however, directly inform a single user that IP blocking can be a problem for board registrations, other users will read the same post and understand the same. With regards the Conact Us page, should you happen to read any of the many quality articles that other experienced Bulletin Board Admins have written (not just vB), you may come to realise that when an internet user searches, and happens to come across a website, if the information they are seeking is not within the first several clicks, they are more likely to move onto another website; Contact Us, is no guarantee that you will keep a customer in your shop, so to speak. (this is not a criticism to your post, btw).
Now, that part of your post was, IMO, the only constructive part, in response to my post. Although, looking through your MOD listing description, at no point do you mention any switching of IP blocking facility, or any facilities, as I come to read the description again; only after looking at the second attached screenshot, do I spot a selection box showing ENABLE, and then one must logically assume there is a DISBLE selection too, though, unfortunately, this fact of logic may not be readily obvious to some (honestly, there are users that just don't know, we've all come across them, and we help them).
And, this does seem quite an over-defensive response to something I haven't written; your use of "*I* can" is what pushed me to write this lengthy tome. It appears, judging from your sentence, that you believe I have somehow attempted to stop you from preventing spammers..? Sorry, I fail to see where I have restricted your use of your MOD.
I haven't said that I don't like the idea of blocking 'some poor innocent person'. And, why should I code a MOD? I had come to this MOD thread to examine your MOD, to check whether it was the product for me. I did suggest an addition, not only to your MOD, but to any MOD that attempts to prevent spamming registrations by using the points I had listed so many times before, and herein.
You really have misunderstood the suggestions I have made....
You know, as well as I, that vB sets a cookie on your system (or spambot system) each and every visit to your vB board. So, if you record the cookie with each registration, then if that registration fails and another attempt is made with the same username/email, and the cookie is different the second time round, then your vB software will know that the registration MAY be a spambot. For this suggestion to work, you must assume that people are not THICK, and that they will try registering again within the same cookie session, should their first attempt 'balls up', somehow. Ergo, humans register and reregister in the same cookie session, whereas spambots go away and come back later to try again.
Exactly! So, why be so defensive?
It's nice to know some people care, and know perfectly well what they're on about...! :D

But, aside from clearing any misunderstandings, I would really like to hear your views on the suggestions I've provided, ie. the failed spambot registrations due to the image verification process.

I hope this has made things much clearer. However, please do not hesitate to contact me with regards any of the above.

Yours,

;-D

nevermind ... found my answer

you have to love liberals, makes the world a funnier place :)

unicorn - Im glad

Madmunki - thanks :) Its always good to hear positive feedback, unlike liberals

Installed. Thank you

Step 6 in instructions. I only see Front end FAQ/Help and Front End Redirect messages. I dont see front end error messages there.
Am I missing something?

Thank you! My board was being hit hard by spammers today and this is stopping them. Prevented 6 from registering since I've installed it. :)

it rocks! Been working for me too!

I have another question. How come some say allowed user to register but I can find no trace of that user?

great just installed a few minutes ago. had about 50 registrations today all from russia. already this script stoped 41 all with email from mail.ru or gmail.com

thank you for this mod.

September board statistics are in:

9580 Total Registration attempts

18%/1700 were SFS blocked Emails
24%/2340 were SFS blocked UserName
31%/3000 were SFS blocked IPs
26%/2540 were valid registrations

Sadly valid registrations dropped significantly from last month. I had kind of hoped the spammers had given up and moved on.

IP continues to be the largest blocked reason followed by email addy and then username.

How come some say allowed user to register but I can find no trace of that user?
From what I understand the script works by checking against the SFS database for the details you have defined (username, email, IP, all three or selection of all). If there is no trace on SFS for those details then it allows the registration to proceed to the next stage, the actual vB registration itself.

If the user is showing in your logs as being allowed to register but then there is no userid link (basically the username isn't underlined) then the user didn't complete the registration process. If that was a spammer then you've nothing to worry about as they never actually registered and all you'd need to do, if you are certain that it is a spammer that's not on SFS, is add the details from the log to the database.

Hope that make some sort of sense lol.

Sy

unicorn, sym0n said exactly the issue. Ill check out the phrase location but if you search for "spam" in phrases, youll find it

great mod sir. so far so good.. only let one register so far... well i think it might be one. lmao.

Thanks

awesome product :D

stopped over 2500 spammers since i added it in august :D

Loving this plugin. Well done!

Am i right in the following:

- The images that are uploaded are for future versions, and there is no way to use version 0.61 to report spam?
- If i see a lot of the same user in the log a few seconds after each other (where they have been Allowed registration) then this is because they are more than likely typing an incorrect captch etc?

Cant wait for the next version.
Thanks

Lateuk - thanks and

1 - Thats right. Im working on the code on both ends as Im now a developer on stopforumspam.com
2 - Exactly or theyre resubmitting the same data / existing email , username details etc

Note to those that reported errors with + in email addresses. Ive just fixed that bug on stopforumspam.com so no more having to wrong about those at the moment

lots of spammers are still getting through and post really nasty images.

cyprustm - start adding them to the database here, ban the domains that their emails are coming in from... this mod will help but its not a fix all. Setup new accounts so that new users cant post without being moderated and try a combination of some of the other spam mods, limit sigs for new users, disable attachments and disable links for users < 10 posts for example

pedigree sorry, i did not mean to sound like criticizing this mod, which is realy great stoped abut 500 registrations all spammers in just a day. its just that some got through and posted realy nasty pics.

ps how to i set restrictions so that users with less than 10 posts cannot post images/links etc?

Been getting hit really hard in the last 2 days. This mod seems to work well so far - 5 spammers blocked with in first 7 minutes. Hope it will handle the 10 to 15 that are registering.

This beats the hell out of sitting in front of the computer deleting accounts.

pedigree sorry, i did not mean to sound like criticizing this mod, which is realy great stoped abut 500 registrations all spammers in just a day. its just that some got through and posted realy nasty pics.


ps how to i set restrictions so that users with less than 10 posts cannot post images/links etc?
https://vborg.vbsupport.ru/showthread.php?t=96018 for 3.5 will forbid users with less then 15 posts to post urls maybe it stil works

I knew you werent critising the mod :)

Try this mod as well.

https://vborg.vbsupport.ru/showthread.php?t=177704

Thanks again for this - in just over a day it has stopped 180+ spammers from registering. :)

wow, 180.... thats great news

Would you guys mind if, disabled by default, there was an option in the next version of the mod that would report these stats to the stopforumspam.com webserver, completely anonymous of course.... Just so that we can all get an idea of just how many spammers Im starting to p*ss off?

Nope, I wouldn't mind that at all.