PDA

View Full Version : Mini Mods - seb - Bots and Spam - Regular Expression Rules: Validate Input Data.


sebaot
07-25-2009, 10:00 PM
This is my first released plugin. Don't expect anything earth-shattering. :-)

vBulletin VERSION

Tested on 3.7.0 only.

IMPORTANT NOTE

Two rules are installed by default. Please read the complete instructions because you may want to disable/remove them.

DESCRIPTION

Performs user-defined regular expressions on a new registration's userdata and automatically bans the user on successful condition. The regular expressions are located in a new table created by the product. Additionally, it creates a table for logging banned users and the rule that caught them. The tables are created upon installation and removed upon uninstallation.

DISCLAIMER

I wrote this for personal use. I came across some bots following a specific username pattern when registering, so I wanted to catch them at registration and automatically ban them instead of having to go throught he manual labor of doing it later. It's a simple way of keeping them from getting in, and it's limited to how well you can keep up with the patterns in the registration fields (where they follow patterns.)

DATABASE MODIFICATIONS

No existing tables are modified. Two tables are added when installing this product, and later deleted when uninstalling the product:

usernewregrxmap
Contains your regular expression and the field you want to test for the condition. For example:


RegularExpressionValue: /(\d){10}/
FieldName: username
Description: Ban on username containing 10 or more digits
Enabled: 1 (by default, 0 to disable the rule)



usernewregrxmap_log
Contains registrations and bans by this product. Stores the userid and the rule that caught the user. This is for your own use wherever you'd like to use it; logging is off by default, but it can be configured in the product settings group.

EXAMPLE REGULAR EXPRESSIONS

Two examples are included and installed and enabled by default, so you're going to have to delete them in case you don't want them to be applied to your new users and potentially ban legit users. The first bans users that register with 10 or more digits in their username, and the the second bans users with "whateversoftspam" in their email.

ADDING REGULAR EXPRESSIONS

Because I don't know how to easily make a secure user-interface for this, you need to add your regular expressions via "Admin CP" -> "Maintenance" -> "Execute SQL Query". For example:


INSERT INTO usernewregrxmap (RegularExpressionValue, FieldName, Description) VALUES ('/(\\d){10}/', 'username', 'Ban on username containing 10 or more digits')



Please note, in the above code, the regular expression in itself looks like:


/(\d){10}/



However, it's necessary to escape the \ in \d or it'll insert /(d){10}/ into the table.

LOGIC
The plugins use preg_match to evaluate the regular expression against the value of the keys found in $vbulletin->GPC in register_addmember_process:


// $regex is the value found in vbulletindatabase.usernewregrxmap.RegularExpressio nValue
// $fieldname is the value found in vbulletindatabase.usernewregrxmap.FieldName

if( preg_match($regex, $vbulletin->GPC[$fieldname])>0) {
... put user in the banned group ...
}



Because the user does not appear to have a userid in the register_addmember_process event, the register_addmember_complete event takes care of banning the user by checking to see if their usergroupid is equal to the banned usergroup id you can set in the product settings.

In case you turn on logging in the product settings group, it logs the banned user's id and the regular expression rule id in its own log-table. This is so you can use your own SQL queries to find repetitive patterns or correct regular expressions that caused mistaken bans.

SETTINGS

The settings that you can modify via "vBulletin Options" -> "vBulletin Options" -> "seb - Registration - RegEx Rules Settings" are:

- Banned Usergroup ID (default: 8)
- Usertitle for Banned Users (default: Banned)
- Banreason (default: Failed to pass registration rules)
- Banned by ID (default: 0)
- Append to Log Table (default: 0)

Note: I'm using "Banned by ID" set to 0, so I can filter out in other parts of the vBulletin system what users were banned by the system and keep them separate from users banned by administrators and moderators. You can, of course, use the ID of any admininstrator or user you'd like.

INSTALLATION INSTRUCTIONS

Import the XML file via "Admin CP" -> "Plugins & Products" -> "Manage Products" -> "Add/Import Product"

UNINSTALLATION INSTRUCTIONS

Remove the product via "Admin CP" -> "Plugins & Products" -> "Manage Products" -> "Uninstall"

NOTE (1):

When a user is banned by the product, a row is added to the vBulletin "userban"-table.

---------------------------------

CHANGELOG VERSION 1.1

I still consider the product a beta version and I use it personally only on my site. I've extended it to work in other parts of the application, and that's the reason for the update. It's taken a wider scope, so I've renamed the product and the settings groups accordingly.

- product renamed to "seb - Bots and Spam - Regular Expression Rules" to reflect its wider scope
- settings group renamed to "seb - Bots and Spam - Regular Expression Rules - Settings"
- column "Section" has been added to table "usernewregrxmap" so you can extend it with new plugins and sections
- existing rules will be updates to value in the "Section"-column saying "registration"

An example of the wider scope is included with a new plugin that implements a rules check when a new signature is submittes. This requires more flexibility, so I've added the option to customize the pre-rule and post-rule behavior a bit. The changes I've made to this is:

- settings variables titles where a rule can override the value is now called "Default ...", for example "Default Banreason"

The values with which you want to override settings default values with are stored in the following database columns:

- UsergroupID
- UserTitle
- PostCountToDisableRule
- BanReason

A new plugin has been added that makes use of this:

- "seb - RegEx Rule - Signature - Update Signature" and fires on profile_updatesignature_complete
- rules that applies to this plugin needs to have section equal to "signature"

This new plugin can, for example, match test the signature for the regular expression "/wowgold/i", and you can use PostCountToDisableRule to disable the rule provided that the user has the specified postcount. You can use UsergroupID to put the client in a special usergroup that you later take a look at, and you can add a custom usertitle and banreason. The banreason will only be applied if the new usergroupid for the user after a failed rule is equal to the setting variable "Default Banned Usergroup ID". What you can customize it to do is:

- if a user has postcount less than 10, perform the rule check, and if user fails the rulecheck, put the user in the banned group, and add a custom banreason saying "Spam in signature".

Alternatively, you can customize it to put the user in a custom usergroup and add the usertitle "Pending Moderation" or whatever else you'd like it to say.

sebaot
08-01-2009, 02:14 PM
These are the rules I'm currently using:


INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/(\\d){6}/', 'username', 'Ban on username containing 6 or more digits', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/(chongsoft)/', 'email', 'Ban on email containing specified string.', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/^(.{2})(beads|pearls)/i', 'username', 'Ban on username beginning with two letters followed by the string pearls.', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/^(.{2})(beads|pearls)/i', 'email', 'Ban on email beginning with two letters followed by the string pearls.', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/(forex)/i', 'username', 'Ban on username containing the string forex', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/^(abcd|bcde|cdef|defg|efgh|fghi|ghij|ijkl|jklm|klm n|lmno|mnop|nopq|opqr|pqrs|qrst|rstu|stuv|tuvw|uvw x|vwxy|wxyz|)\d{3,10}$/i', 'username', 'Ban on username containing the string 4 letter alphabet succession followed by 3 to 10 digits', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/(wowgold)/i', 'username', 'Ban on username containing the string wowgold', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section) VALUES ('/(wowgold)/i', 'email', 'Ban on email containing the string wowgold', 'registration')

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(online gold)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(wowgold)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(xrumer)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(forex)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(propecia)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(viagra)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(runescape)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(sunmanga)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(bjsattv)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(12hot)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)

INSERT INTO `usernewregrxmap` (RegularExpressionValue, FieldName, Description, Section, PostCountToDisableRule) VALUES ('/(cheapwatches)/i', 'message', 'Ban on signature message containing the string', 'signature', 10)