Anti-Spam Options - [GlowHost] Spam-O-Matic - Spam Firewall stops forum spam

If you install this mod, please mark this as "Installed."

VERSION 2.1.2 RELEASED 5/28/2013!


About Spam-O-Matic 2.x:
Spam-O-Matic 2.x (SOM) is a spam firewall for your vBulletin Forums version 4.x and later. It prevents known spammers from registering on your forums. If they can't register, they can't spam!

Languages Packs Available
English
German - Courtesy of Alex@bulletin (included in zip)
Romanian - Courtesy of Teascu Dorin's (included in zip)
Spanish - Courtesy of vbluis (included in zip)

How it Works
This data responsible for blocking user registrations comes from the stopforumspam.com (SFS) spammer database. After the user who is trying to register passes the built-in vBulletin registration checks which you have configured in your vBulletin settings, SOM then checks the SFS database to see if the IP, username, or email address that the user is trying to register with has been recently tagged as a known spam source on other forums around the Internet. Also can be configured to check the Akismet service for known comment spam.

This is without a doubt, one of the most important mods that you will be using on your forum.

Other Notable Stuff
It also does a ton of other cool stuff like moderating posts automatically if the post is found in the Akismet database, or if it contains words on your "Bad Words" keyword list which can be configured within the mod itself.

The mod WORKS with vBulletin's new Facebook integration.
This module works with all of the Facebook functions that are built into the vB4 series.
Similar mods do not handle Facebook integration completely.

This module has the ability to submit new spammer details to the StopForumSpam or Akismet databases automatically, all without any new templates or manual template modifications! :up:

This means other forums that are running Spam-O-Matic will not have the same spammer on their forums if you have (automatically) reported the spammer to the SFS database.

Just install the product in the product manager, upload a few files, configure the system and you are done. (Estimated time: 5-10 minutes)

What's new in 2.1.0:

• Fixed a problem with MySQL engine selection to make mod more compatible with different types of servers.
• When SOM "Newbies Group" is activated + vB's native option to "Verify Email address in Registration" is activated at the same time, "Users Awaiting Email Confirmation" must click the verification link to become a newbie.
• Added remove user, post, ban to user profile options in admincp under "Quick User Links"
• Added German Language Pack
• Optimized default settings to work with the needs of most forums
• Added a new coupon for GlowHost (available after you submit a spammer)
• Several other performance tuning options

Feature List:

• Optional Public Statistics. Show off to the world how many bad guys you have automatically prevented from posting junk on your forum.
• Auto-Moderation moderates posts that have links, bad words, and other configurable settings.
• Auto-Moderation ignores your RSS posts.
• Registration / Denial Logs available from Admincp > Statistics and Logs
• Optional "Newbies" Manager! After registration, newly registered users can be placed in a "Newbies" group which has more limited permissions as compared to your regular "Registered Users" group. Newbies will graduate to your Registered Users group based on your required post count settings.
• Auto-Submit Spammers from the moderation tools menu on each postbit.
• Remove Posts, threads, PMs, Calendar Events from your spammer in one easy wizard. No double logins needed.
• Shows other users who signed up with the same IP. (Sleeping Spammers)
• Optional Affiliate System
• ~50 customizable settings to fine-tune Spam-O-Matic to your exact needs.

A) StopForumSpam:
The StopForumSpam Module lets you:

• Check a registrant's IP address.
• Check a registrant's email address.
• Check a registrants Username.
• Disable or enable any of the above checks.
• Block and log, or, allow and log known spammers.
• All registration attempts are logged for your viewing pleasure.
• Several other performance tuning options

If a user (or bot) tries to register on your forum and they pass the built-in vBulletin registration system. (Human verification, email verification, etc), their registration details are then passed to the Spam-O-Matic firewall for further checking.

NOTE: You should use some sort of human verification checking in vBulletin's built-in options to limit the number of requests to the already heavily-loaded StopForumSpam database servers. This will also prevent additional load because SOM will not have to do anything if the bot/spammer fails preliminary registration validation which is built-into vBulletin itself.

It is completely invisible to humans who are registering that this process is taking place. Bots are stopped dead in their tracks.

If a spammer is able to sneak past the first line of defense, and manages to post, then there are secondary, tertiary, and, uh...4th level protections too!

B) Auto-Moderation:
Auto Moderation lets you:

• Define how many URLs a new member can post before being sent to moderation.
• Define keywords that will send a post to Auto-moderation (viagra, porn, more here)
• Define minimum post count to avoid Auto-moderation.
• Excludes admin and moderators from Auto-moderation.
• Completely disable Auto-moderation if you don't want it.

C) Akismet Service
Spammers that make it past the StopForumSpam and Auto-Moderation will be checked against the Akismet service. If they manage to make a post, and then are found on Akismet, they can be auto-moderated.

The Akismet settings let you:

• Set the number of posts that Akismet will check from each user. After this number is exceeded, Akismet checking will be disabled for that user.
• Auto-Submit spammers that post on your boards back to the Akismet service so that other forums and blogs do not do not receive the same spam.
• Completely disable the Akismet service.

D) Newbies Manager
Should you decide to enable this option, you can create a new usergroup and then tell Spam-O-Matic about it. Once SOM knows about this usergroup, and once enabled, all new users will be part of the Newbies group. The idea here is that you make a Newbies group that has limited forum permissions. For example, no signatures, no BB code, no images, and etc. This group is created completely in the vB admincp. Spam-O-Matic simply makes it the graduation process to the normal Registered Users group, automatic.
Learn More and Discuss the Newbies Manager here.

Punitive Actions:
If you find a spammer has made it past your 4 front-lines of defense, and has managed to post on your forum, then you can help the community...

The spammer's details can be sent to the Stop Forum Spam and Akismet databases automatically, preventing them from registering or posting on other forums. When other forums do the same, the protection is reciprocated.

Simply moderate a post and choose the option to "Delete Posts As Spam..." an then choose the option to "Ban User." Banning the user sends their details to either Akismet, StopForumSpam, (or both) depending on how you set it up.

API Keys:
API Keys are not required for this system to stop spammers on your forums. But you should obtain them so that your forum can contribute to the real-time block lists.

A StopForumSpam API key is required if you want to contribute to the StopForumSpam blacklists by adding your spammers to their database. By submitting spammers you help keep other forums and blogs clean.

An Akismet API key is required if you want to enable any Akismet auto-moderation features in this module. Akismet API key is not required for all Auto-Moderation functions.

You can obtain a Stop Forum Spam API key which is free from stopforumspam.com.

Get your StopForumSpam API Key Here

You can obtain an Akismet API key from Akismet.com.
Akismet offers free and paid API keys so choose your version based on your situation.

Get your Akismet API Key Here

Why it is better than the other anti-spam solutions on vBulletin.org:

• Works with all of vBulletin 4 functions including Facebook automatic registration.
• Report spammers that you find to the Stop Forum Spam Database.
• Report spammers that you find to the Akismet Database.
• Built-in Auto-moderation.
• Auto-moderation rules based on post count.
• Auto-moderation rules based keywords.
• Auto-moderation rules based Akismet results.
• Enable or disable any actions that you do not want.
• Customizable "Registration Rejected" message.
• Consolidates 4 popular methods of spam prevention into one product.
• No Manual Template Modifications!
• Lots of community support!

======================
Compatibility:
vBulletin 4.0.x

Server Requirements:
Curl or allow_url_fopen must be compiled/enabled into PHP. Ask your web host to enable curl or allow_url_fopen if it is not already available on your server's PHP configuration. (Or just host with GlowHost.com, where it already is

=====================
Donations:

If you like this mod, sure, you can donate!

Donations can be all sorts of things:
1) The "Give Thanks" option in your settings is an optional link back to GlowHost Web Hosting.
2) Tell your friends and others about this mod.
3) If you are in need of web hosting, please consider ordering it from the hosting and development professionals at GlowHost.com who were able to develop this mod to you.
4) Help others who are having trouble with this mod by posting tips and suggestions in this forum thread.
5) Cash! Use the "Support Developer" option on the top right of this page.

When you choose to donate, you are contributing to the product development, bug fixes and new releases for SOM and are helping to feed our hungry developers and their families! In other words, your donations helps to cover the time and money spent to develop this system.

The entire team at GlowHost thanks you for your help and support!

We hope you enjoy the mod! :up:

=====================
Installation:

1) Download the attached file
2) Mark As Installed
3) SOM 2.x does not support updates from the v1.x series.
When upgrading to version 2.x, please, be sure to remove any other existing version of SOM 1.x from the product manager before installing v2.x series. Also make sure to remove /forum/includes/xml/bitfield_glowhostspamomatic.xml from version 1 if you had it installed.

4) Extract the zip file, and view the readme file for the rest of the instructions.

=====================

Original concept credits go to the authors of vBStopForumSpam, MonkeyStop.

[Gold Phan7om]

Thanks for the update! Now bots cant get in again

[sas forum]

installed v 1.2.2 and did not receive the errors when posting that I had mentioned above. Thanks for the update and good job on the mod. It was killing me to disable this since we have had zero spam registrations since installing this.

[cfish]

Thanks for the quick update. v1.2.2 now running with vB4.0.6 and no obvious problems.

However, will check and report back.

[GlowHost.com]

My understanding is that all the show-stopper bugs are fixed and from feedback, this should be running on all 4.x including the recently released vBulletin 4.0.6 as well as long as you are running the latest Spam-O-Matic version 1.2.2 as of this writing.

I am going to stop development on the 1.2 series unless any other show-stoppers pop up.

I am adding a section in the first post below the FAQ for consideration of additional features to make life easier. For now though this mod should keep the spammers off of your boards fairly well barring those of you that find conflicts with other mods.

[cfish]

Could I add the following to the additional features list:

Ability to work with renamed admincp and modcp folders

Since this product is essentially a security aid, it should encourage (or at least enable) admins to add as much security to their site installations as possible and the renaming of those two folders is supported in vB as standard and is a sensible security precaution.

I have always renamed those folders but I have set them back to default just so that this product will run (yes, it's that useful). I don't mind admitting that I now feel a little vulnerable.

Although I'm no expert, I don't think this would be difficult to implement and it would make the product more robust i.e. it wouldn't fail to work if an admin has used the vB renaming feature.

Summary statistics

The log formatting in 1.2.2 is a big improvement but for those of us with busy boards it would be useful to have a summary of successful registrations and rejected registrations on a per day/week/month basis so that we can get an idea of spammer activity.

Excellent mod - should be core to vB.

[GlowHost.com]

I have added a bit about admin and modcp directories to the known issues (also asking for feedback in that section) since I have not tested myself if this works or not and so far, you are only the first to report it.

I will move it to suggestions list as soon as we have more feedback on it. I don't want to spend a lot of time on it if its isolated to you or others do not need it. Lets see what people think and go from there.

[sas forum]

Not sure if you are looking for a list of people that changed their admincp and modcp directory names, but I am one. If I am not mistaken, I think it was suggested in the installation instructions for VB, so I did it. Renaming them to the original names is probably an easy process....I am guessing just editing the lines in the config file??



On a different note, I installed the newest version of this mod last night on my 4.05 VB Forum and it fixed the problem when a user went to post a new thread and got an error. This morning I received a bunch of emails telling me of vb database errors, Here is some info and I am guessing it has something to do with this mod since it was listed in a few of the errors and all the errors have to do with addmember. I have not received these errors for the past few hours, so I am not sure if this was isolated to just this morning.

----------------

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "hfmjgs382", "0", "username");;

Followed by:

Invalid SQL:
SELECT DATEDIFF(NOW(), "2010-08-16 06:00:03") AS DAYS;

----------------

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "xmjbry", "0", "username");;

Followed by:

Invalid SQL:
SELECT DATEDIFF(NOW(), "2010-08-13 22:15:58") AS DAYS;

----------------

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "n42k21@yahoo.com", "0", "email");;

----------------

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "n42k21@yahoo.com", "0", "email");;

----------------

Invalid SQL:
INSERT HIGH_PRIORITY IGNORE INTO glowhostspamomatic_remotecache(`date`, `data`, `is_spambot`, `field`) VALUES (now(), "csuboh", "0", "username");;

----------------


I am not trying to sharpshoot this mod, I think it is great and an asset to us and our members. I just don't know if others may be receiving this error and wanted to bring it to your attention.

Thanks.

[GlowHost.com]

Quote:

Originally Posted by sas forum

Not sure if you are looking for a list of people that changed their admincp and modcp directory names, but I am one.

The main thing I am looking for is users who have:

1) A fresh, working vBulletin
2) Have decided to change modcp and admincp directories to something other than the default.
3) DO NOT RUN, OR HAVE NOT INSTALLED ANY OTHER ADDONS
4) Have installed the latest Spam-O-Matic.
5) Only have errors when Spam-O-Matic is enabled.

I am trying to confirm that as another poster has said that this mod simply does not work because of renaming these directoryies.

As for your SQL errors, have they gone away on their own?
Have to tried to completely uninstall and re-install this mod?
Also perhaps your database is corrupt? Have you tried to repair the affected tables?

In any of these cases a full uninstall and re-install should correct it, unless others have the same issue but its the first I have heard.

[cfish]

Changing the names of the control panel folders is a recommended security precaution, see tip number 8 in this article for another opinion on this.

As for testing, I can confirm that only some of the functions are broken when the folders are renamed, in general the processing of registrations continues unaffected but the mod and admin functions do not work.

[GlowHost.com]

I can't really comment on the security issue, other than the following:

Everyone has their own opinion of what security "should be." There is almost always a trade-off for functionality vs. security and users have to decide where that line is on their own. Keeping the scripts up to date, maintaining an adequate server-side firewall, and strong passwords are generally good enough.

As a suggestion, ff you want to maintain functionality of this mod, other mods, make your upgrades easier for mods and the forum scripts themselves, and add another level of security by simply password protecting admincp and modcp using your web servers http_auth functions. Then keep modcp and admincp where they belong.

Now your crackers have to first guess your web authorization and secondly they have to get past your script authorization. It's unlikely.

Your bug comments are good to know cfish. In this case, hopefully you can wait until 2.x to get past these issues. Hopefully the trade off in reduced spam is worth it. In 2.x we will be removing those functions and making it one stop shopping from the postbit to delete, soft delete, ban etc so the need for admin or mod panels will be bypassed completely and productivity will be increased by just doing the dirty work on the front-end of the forum not the back.