vb.org Archive - Contacts Spam Filter

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 3.5 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=113)

- - Contacts Spam Filter (https://vborg.vbsupport.ru/showthread.php?t=119663)

Contacts Spam Filter

This little product/plugin disallows automatic sending of spam through the Contact Us page.

Notes to version 1.1.0.0

Due to an almost personal battle against some spammers - intended as: high spam update rate, specially in the weekends when both me and spammers have nothing to do - I added an option to check the allowed number of hyperlinks in the message body, which makes this spam filter a little more intelligent. ;)

The default number of allowed links is set to 12, which appears to be the lower limit from the latest research.

For customizing the message and the number of allowed hyperlinks, an option interface was added, which appears right below the vBulletin Options list - Site Name / URL / Contact Details, as 'Contact Us' Spam Filter Settings.

Version History
1.1.0.2 Additional recognition strings (repetitive 'http://')
1.1.0.1 FIX: Hyperlinks count bug.
1.1.0.0 Additional recognition strings; check of allowed number of hyperlinks in the message body; options interface

1.0.1.10 Additional recognition string
1.0.1.9 Additional recognition string (not published)
1.0.1.8 Additional recognition string (not published)
1.0.1.7 Additional recognition string
1.0.1.6 Additional recognition string (not published)
1.0.1.5 Additional recognition string (not published)
1.0.1.4 Additional recognition string
1.0.1.3 Additional recognition string
1.0.1.2 Additional recognition string
1.0.1.1 Full vBulletin integration, updateable
1.0.0.0 Basic Spam Filter

How does it?

Can you give us some more information on what this does that the image verification doesn't do?

more info?

Ok, by reading the XML i found out that if someone goes directly to the sendmessage.php without coming from any of the forums page, the Contact form is not displayed.

If the referring page is not the one you specified in the CP options, normally http://www.domain.tld/sendmessage.php, an automated script with the POST / GET commands will receive an essentially blank page, and the mail is not sent.

This is useful only to sites, like mine, where image verification is not appliable.

PHP Code:


		
			
$MyMessageURL = $vbulletin->options['bburl'] . '/' . $vbulletin->options['contactuslink'];

if($_SERVER['HTTP_REFERER'] != $MyMessageURL)

{

die('Spam filter: Please send your message through the appropriate message form.');

}

Sooner or later the spam bots will be updated to send also the referrer header, but until then this one works pretty well ... ;)

When this will happen, an additional test may be to add a host IP comparison.

Here is an update, which does some extra work against automated browsers, and thus has become pretty safe and easy to update.

PHP Code:


		
			
<?php

$MyDieMessage = 'Spam filter: Please send your message through the appropriate message form.';



// Make sure the form was sent from a browser

if(!$_SERVER['HTTP_USER_AGENT'])

{

    die($MyDieMessage);

}



// Make sure the form was POSTed

if(!$_SERVER['REQUEST_METHOD'] == 'POST')

{ 

    die($MyDieMessage);

} 



// Allow only the sendmessage script

$MyReferrer = strtolower($_SERVER['HTTP_REFERER']);

$MyURL = strtolower($vbulletin->options['bburl'] . '/' . $vbulletin->options['contactuslink']);

if($MyReferrer != $MyURL)

{ 

    die($MyDieMessage);

} 



// Filter header injections

$MyHeaders = array(

    "Content-Type:", 

    "MIME-Version:", 

    "Content-Transfer-Encoding:", 

    "bcc:", 

    "cc:"

    );



// Loop through each POST item and check for the headers

foreach($_POST as $MyKey => $MyPostItem)

{

    $MyTempItem = strtolower($MyPostItem);

    foreach($MyHeaders as $MyHeader)

    {

        if(strpos($MyTempItem, strtolower($MyHeader)) !== FALSE)

        {

            die($MyDieMessage);

        }

    }

}



// Check for '9c53d2119880d95e96e1a71e3a6c8340' in the message body.

// This string is found in automated browsers (all yet) at the bottom.

// For completeness we parse all post variables for this string.

// Prepared for more recognition strings.

$MyStrings = array(

    '9c53d2119880d95e96e1a71e3a6c8340',

    'dc64615b0a1e1bd3cb2689bf82248b5c'              // 2006-06-27

    );



// Loop through each POST item and check for the headers

foreach($_POST as $MyKey => $MyPostItem)

{

    $MyTempItem = strtolower($MyPostItem);

    foreach($MyStrings as $MyString)

    {

        if(strpos($MyTempItem, strtolower($MyString)) !== FALSE)

        {

            die($MyDieMessage);

        }

    }

}



// Cleanup

unset($MyDieMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString);

?>

Here comes Giovanni :banana:

good really OK splendid compliments is then I have read you from some part I do not remember where to here on the Sergio & Danny Ciaooooooooo Vbulletin.it by

I think the latest version has finally made it - no spam is passing through the filters :cool:

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01241 seconds Memory Usage 1,758KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: