Am I doing something wrong? I can't find "vbStopForumSpam Permissions - Access / View / Submit " for any group in the Usergroup Manager, as directed in the installation process:

Am I just not seeing it, or did I do something incorrectly?

Nope, youre doing it right, I just jumped the gun and put those in there but never coded the security behind it so it doesnt work. Sorry, I need to remove these from the package as theyve been removed in 0.7 and replaced with another security method

Hi ... :)

I seem to get quite a few of these:

Does ths mean that the host was down when these people registered?

BTW, any ETA on v.7?

Thanks....

Regards,
Badger

Badger - yes

0.7 is coming along slowly, not as fast as I liked but baby was born yesterday so Im going to have a lot of spare time on my hands over the next couple of weeks.

I might split the stats engine off from this version and release it as 0.8. It will still log all the details to the stats tables, just reporting will be left out.

Congratulations !!!!!!! :up:

I didn't realize that was going on in the background. :D

Family is far more important then this stuff....

Take it from a 60+ guy, enjoy this terrific time in your life and create some great memories...

Regards,
Badger

Quote:

Originally Posted by BadgerDog (Post 1570236) Ok, I just had a legitimate new member try to register and he got the spammer rejection message (our very first).... It didn't like his IP address, indicating it has been used by someone to spam forums in the past. Here?s the information from the log: What's very odd is that the actual IP address he was using when he tried to log on our site was IP Address: 195.93.21.8, which differs from the one he was rejected for? Is something broken here? :confused: By the way, I changed the username and email address for pivacy purposes. Regards, Badger

This MOD *looks* good, but the *most* important thing that users should be aware of is the possibility that a spammer's IP Address on one day (say Sunday 20th July, 2008) may be completely different from the one presented the day after (Monday 21st July, 2008). :eek:

IP addresses are dynamic, especially nowadays that BroadBand has hit off in such a huge way; simple thoughts... how many IP addresses are there, and how many people are there usin the internet, not to mention legitimate businesses? Just check your IP somewhere, switch off you system for a few minutes and restart... then recheck you IP. I'll bet both my hairy ones on the liklihood that your IP will have changed... more so in busy periods.! :erm:

Ergo, don't bother blocking IP Addresses, becuase it's very likely that you'll be blocking legitimate customers.! Really, the way to prevent spamming, is at registration, as this MOD does, but perhaps this MOD should add usernames and email addresses to a list when the Image Verification is failed and session cookie is different on reregistration.... :up:

• If IV is failed and session cookie/date & time the same as last registration - possibly a legitmate user has input image code wrong, so add user to spammer list, but moderate posts when actually registered.
• if IV is failed and session cookie/date & time is different from last attempt - likely to be a spammer returning... spambot sends registration info, but fails, and human equivalent returns to register (complete the job), so the session cookie and date/time will have changed for the same username.

The reason for this style of prevention: I've had a few spammers (or possibly the same one) returning to register after the SpamBot had failed only days earlier. :erm:

These threads explain it all in a lot more detail....
https://vborg.vbsupport.ru/showthread.php?t=184030
https://vborg.vbsupport.ru/showthread.php?t=185707
:)

Like I said, this mod isnt a perfect method of stopping spam. Ive addressed the changing IP issues but if you look at spamhaus / spamcop, are you seriously trying to tell me that this systems are inherently flawed? They stop billions of spams every day. Sure there is colateral damage.... Im guessing from the spambot registrations on my board, in the four figures now, there mightve been 1 false positive and thats what the Contact Us page is for.

Most of my spammers are caught on the email and username fields. If you look at the mod, you can disable checking on the IP number. As spambots dont register a new email address for every forum they try to register on, its a really good field for testing.

This mod gives you control of your forum, it doesnt push policy on anyone. If I want to stop an IP used for spamming within the 24 hours then *I* can. If you dont like the idea that you might block some poor innocent person who had the same IP as some spammer 6 hours after spammer changed IP, then dont test on IP number. From what Ive seen from my logs (and skippy, wired1 etc) is that it blocks a lot of persistent static/near static IP addresses. I think that youll be hard pushed to find a user of this mod complaining that its blocking innocent people on a mass scale but if you do, then why dont you code another mod?

Session cookies so change, restart your browser, its gone. You cant rely on session cookies as spambot engines do cookies. Im working on the mod each day and new features will be added all the time. Maybe Ill take some more time to add your suggested cookie theory... Its adds more control, which is what this mod is about

IP address count is about (256^4) - (2^25 + 2^16 + 2^20) give or take some for subnet broadcast addresses. 10/8 192.168/16 172.16/12 and 224/8 multicast

I really like this mod, although the amount of spammers has actually gone up. Maybe the spammers read stopforumspam.com as well and find my board.

The AE detector does find spam bots for me. I did not expect that some spam bots actually can be discovered with cookies. So please do add cookie tracking.

alfa ill do something like AE detector where the registration process sets a non-vb cookie. all cookie tracking can be extremely easily bypassed by a bot with little coding on the part of the scum writer. With more and more people using spambot posters and more and more boards being spidered/discovered and added to the lists, its bound to happen

what I might do is test a mod addition to rename register.php with another named file with hitting register.php resulting in a temp ban from that ip perhaps.

Ive got some code kind of working, on the list of things to do, where the register form has encoded javascript, where is adds random fields to the input form. If they arent there with the post back, it knows its a spammer (as you cant submit the form without javascript enabled) - i know, i know, forcing javascript is a royal facist thing to do but its another way to hinder spambots.

Asides from IP's and cookies, would it be possible to ID spammers based upon mac address or other things?

MAC address is very difficult as most webservers (I would guess in the high 99.9% here) dont have or allow access to p0f type tools to provide packet level inspection. MAC addresses arent all that unique as once youre removed the device manufacturer ID (which doesnt fill the full 24 bit), you only have a 24bit uniqie ID. There are a lot of network cards out there with the same MAC address and thats fine, just as long as there arent two with the same mac on the same subnet. Filtering on MAC therefore is a no-go area.

Th eonly way to stop automated bot register/post tools is to stop registration by means that the application doesnt know about, extra fields, simple questions, tick this box, click here serverside maps etc. Manual spammers is a different story, you just have to make it as hard as possible.

I agree, no solution will be 100% short of encroaching on impacting legitimate users.

For the record, I really like the notion of renaming register.php (obvious risks are third party mods which call that link directly(?!?!) and existing phrases that call it directly.. both manageable.

In that vein, modifying things in the page source like Generator Meta, etc. which specifically call out that you are running a VBulletin site.

That being said, hopefully you are:

1. Spending tons of time with the new child
2. Closing all feature adds for v7 (scope creep is addictive)
3. See #1

:-)

Did what you said, skipped your rant.

No more feature creep, I dont have the time. Maybe in a couple of months when I do.... Who knows but Ill keep your cookie/captcha idea in mind.

1. Oh yes
2. No more feature creep. Nothing new is going in, Im working on the last stages, data submission to stop forums spam.
3. See #1

:)

First of all, let me compliment you on your mod. I really like what you’re doing here. Also, congratulations on the new baby! I know that you are trying to keep the scope of the project from getting out of hand and that you also want to spend time with your family (which, I completely agree with)… But here is a suggestion that would be easy to add and would be a really nice compliment to the mod you already have. When you get a chance, take a look at Project Honey Pot (www.projecthoneypot.org). They have a list of known automated spammer ip addresses similar to the http://www.stopforumspam.com list, except the list is bigger, and probably less vulnerable to list contamination because of the way that the ip addresses are collected. Since they have an established api and sample code it would be really simple to have your mod query their data base in addition to the stop forum spam database.

Here’s a link to some sample code as well as some information about their api:

http://www.projecthoneypot.org/board...10&i=179&t=179
http://www.projecthoneypot.org/httpbl_api

I hope that you like the idea. Let me know what you think.

BINGO. You wouldn't believe how many spammers I've caught simply because they slapped URLs where it asks for their motherboard :)

Thank you, its really nice to hear positive feedback

Hmm, Im going to go look at this now and if the sample code can be added to the mod without too much trouble (which I hope is that case as I tried to make it flexible), then Ill most certainly add it.

Edit : Ive looked at this and it looks really really good. The code is small and can added very easily to my new code rewrite without too much trouble at all. As its DNS based, I dont have to worry about caching data ike I am with stopforumspam, its lightweight and should make the mod even more useful (to those that have actually installed it)

Cheers for this m8, starting using it yesterday and for the first time in 24hrs I have not got a single spammer ;)

Well Done, have some wine! hehe

I'm glad that you liked the honey pot recommendation. By checking both databases the mod should be even that much better at blocking spam.

This is getting better and better.

Watching this for the next version. :)

Good work.

Well, I sat down to add the projecthoneypot api but regardless of the times Ive tried to join, email them, etc, I cant get an account created, let alone an API key. If anyone has one that they wouldnt mind me using or knows someone on the project that can sort it, please drop me a line

Thanks

Their closed for maintenance:

that page wasnt there when i tried over the last two days, ill wait I guess, thanks alfa

hey,
I installed the mod but can't find the log. There is no such log under Statistics & Logs. am I doing install it wrong? thanks

Its logs are installed under Statistics and Logs as vbStopForumSpam Logs.

What version of vb are you using?

My seasonal traffic has died down a bit, but here are my numbers from July:

Out of the 614 registrations for the 31 day period:

~10%/66 were caught by SFS Email check
~21%/128 were caught by SFS UserID check
~27%/166 were caught by SFS IP check
~41%/254 made it past SFS Check (minus 2 that slipped by detection)

A few observations:

1) A significant increase in matches on Email check (10% in July versus .03% in June)
2) A significant decrease in IP matches (27% in July versus 45% in June)
3) A significant increase in valid registrations (41% in July versus 25% in June)

Thanks again pedigree!

Glad to help

On a note, I spent ages putting a lot of projecthoneypot.org code in there, seems wasted as I cant get a single email reply, confirmation, nothing from them, looks like the people running it have no been eaten by something or just dont care... So Ive removed it all as - I dont test it and if I cant test it, then people that would want to it use cant because the damned login/register system doesnt send confirmation emails for validation.

It a pity, it looked really useful. Who knows, someone there might pull their finger out of their backsides and make their website functional again....

Yes, thats a pity. But they seem to be absent at this time. Maybe they are on holidays?? Perhaps in a few weeks...

Pedigree,

Check your inbox. I just PMed you my access key.

... and with that, the code is going back in for testing, thanks Embroidables!!!

haha, just got a page of emails from them for my account confirmation, hehe

cool... it sounds like they finally got their sign up fixed.

Thought I'd report a database error received when trying to sort on IP address ... :)

Regards,
Badger

Good find. I can confirm that I also see this error when sorting VBStopFormLog by IP. (vb3.6.11 running VBSFS .61)

yeah, it was reported a couple of pages back and its been fixed. Im just trying to find a spare minute in the week to do some more work on it. A newborn, 6 hours/day travel and a kid in the terrible "twos"

Good to see youre on the ball though :)

The wife and the kids are in London tomorrow, leaving me at home without too much work on... I hope to get some code done

If you go to line 62 in admincp/vbstopforumspam.php and change

$order = 'ip ASC, date DESC';

to

$order = 'ipaddress ASC, date DESC';

then that will fix that error

one of the Best modifcation on the site, its saved me no end of work

over 400 spammers in 48 hours have been stopped

Thanks for the feedback :)

Glad to help. Hopefully, 0.7 will be even better.