Anti-Spam Options - [GlowHost] Spam-O-Matic - Spam Firewall stops forum spam

If you install this mod, please mark this as "Installed."

VERSION 2.1.2 RELEASED 5/28/2013!


About Spam-O-Matic 2.x:
Spam-O-Matic 2.x (SOM) is a spam firewall for your vBulletin Forums version 4.x and later. It prevents known spammers from registering on your forums. If they can't register, they can't spam!

Languages Packs Available
English
German - Courtesy of Alex@bulletin (included in zip)
Romanian - Courtesy of Teascu Dorin's (included in zip)
Spanish - Courtesy of vbluis (included in zip)

How it Works
This data responsible for blocking user registrations comes from the stopforumspam.com (SFS) spammer database. After the user who is trying to register passes the built-in vBulletin registration checks which you have configured in your vBulletin settings, SOM then checks the SFS database to see if the IP, username, or email address that the user is trying to register with has been recently tagged as a known spam source on other forums around the Internet. Also can be configured to check the Akismet service for known comment spam.

This is without a doubt, one of the most important mods that you will be using on your forum.

Other Notable Stuff
It also does a ton of other cool stuff like moderating posts automatically if the post is found in the Akismet database, or if it contains words on your "Bad Words" keyword list which can be configured within the mod itself.

The mod WORKS with vBulletin's new Facebook integration.
This module works with all of the Facebook functions that are built into the vB4 series.
Similar mods do not handle Facebook integration completely.

This module has the ability to submit new spammer details to the StopForumSpam or Akismet databases automatically, all without any new templates or manual template modifications! :up:

This means other forums that are running Spam-O-Matic will not have the same spammer on their forums if you have (automatically) reported the spammer to the SFS database.

Just install the product in the product manager, upload a few files, configure the system and you are done. (Estimated time: 5-10 minutes)

What's new in 2.1.0:

• Fixed a problem with MySQL engine selection to make mod more compatible with different types of servers.
• When SOM "Newbies Group" is activated + vB's native option to "Verify Email address in Registration" is activated at the same time, "Users Awaiting Email Confirmation" must click the verification link to become a newbie.
• Added remove user, post, ban to user profile options in admincp under "Quick User Links"
• Added German Language Pack
• Optimized default settings to work with the needs of most forums
• Added a new coupon for GlowHost (available after you submit a spammer)
• Several other performance tuning options

Feature List:

• Optional Public Statistics. Show off to the world how many bad guys you have automatically prevented from posting junk on your forum.
• Auto-Moderation moderates posts that have links, bad words, and other configurable settings.
• Auto-Moderation ignores your RSS posts.
• Registration / Denial Logs available from Admincp > Statistics and Logs
• Optional "Newbies" Manager! After registration, newly registered users can be placed in a "Newbies" group which has more limited permissions as compared to your regular "Registered Users" group. Newbies will graduate to your Registered Users group based on your required post count settings.
• Auto-Submit Spammers from the moderation tools menu on each postbit.
• Remove Posts, threads, PMs, Calendar Events from your spammer in one easy wizard. No double logins needed.
• Shows other users who signed up with the same IP. (Sleeping Spammers)
• Optional Affiliate System
• ~50 customizable settings to fine-tune Spam-O-Matic to your exact needs.

A) StopForumSpam:
The StopForumSpam Module lets you:

• Check a registrant's IP address.
• Check a registrant's email address.
• Check a registrants Username.
• Disable or enable any of the above checks.
• Block and log, or, allow and log known spammers.
• All registration attempts are logged for your viewing pleasure.
• Several other performance tuning options

If a user (or bot) tries to register on your forum and they pass the built-in vBulletin registration system. (Human verification, email verification, etc), their registration details are then passed to the Spam-O-Matic firewall for further checking.

NOTE: You should use some sort of human verification checking in vBulletin's built-in options to limit the number of requests to the already heavily-loaded StopForumSpam database servers. This will also prevent additional load because SOM will not have to do anything if the bot/spammer fails preliminary registration validation which is built-into vBulletin itself.

It is completely invisible to humans who are registering that this process is taking place. Bots are stopped dead in their tracks.

If a spammer is able to sneak past the first line of defense, and manages to post, then there are secondary, tertiary, and, uh...4th level protections too!

B) Auto-Moderation:
Auto Moderation lets you:

• Define how many URLs a new member can post before being sent to moderation.
• Define keywords that will send a post to Auto-moderation (viagra, porn, more here)
• Define minimum post count to avoid Auto-moderation.
• Excludes admin and moderators from Auto-moderation.
• Completely disable Auto-moderation if you don't want it.

C) Akismet Service
Spammers that make it past the StopForumSpam and Auto-Moderation will be checked against the Akismet service. If they manage to make a post, and then are found on Akismet, they can be auto-moderated.

The Akismet settings let you:

• Set the number of posts that Akismet will check from each user. After this number is exceeded, Akismet checking will be disabled for that user.
• Auto-Submit spammers that post on your boards back to the Akismet service so that other forums and blogs do not do not receive the same spam.
• Completely disable the Akismet service.

D) Newbies Manager
Should you decide to enable this option, you can create a new usergroup and then tell Spam-O-Matic about it. Once SOM knows about this usergroup, and once enabled, all new users will be part of the Newbies group. The idea here is that you make a Newbies group that has limited forum permissions. For example, no signatures, no BB code, no images, and etc. This group is created completely in the vB admincp. Spam-O-Matic simply makes it the graduation process to the normal Registered Users group, automatic.
Learn More and Discuss the Newbies Manager here.

Punitive Actions:
If you find a spammer has made it past your 4 front-lines of defense, and has managed to post on your forum, then you can help the community...

The spammer's details can be sent to the Stop Forum Spam and Akismet databases automatically, preventing them from registering or posting on other forums. When other forums do the same, the protection is reciprocated.

Simply moderate a post and choose the option to "Delete Posts As Spam..." an then choose the option to "Ban User." Banning the user sends their details to either Akismet, StopForumSpam, (or both) depending on how you set it up.

API Keys:
API Keys are not required for this system to stop spammers on your forums. But you should obtain them so that your forum can contribute to the real-time block lists.

A StopForumSpam API key is required if you want to contribute to the StopForumSpam blacklists by adding your spammers to their database. By submitting spammers you help keep other forums and blogs clean.

An Akismet API key is required if you want to enable any Akismet auto-moderation features in this module. Akismet API key is not required for all Auto-Moderation functions.

You can obtain a Stop Forum Spam API key which is free from stopforumspam.com.

Get your StopForumSpam API Key Here

You can obtain an Akismet API key from Akismet.com.
Akismet offers free and paid API keys so choose your version based on your situation.

Get your Akismet API Key Here

Why it is better than the other anti-spam solutions on vBulletin.org:

• Works with all of vBulletin 4 functions including Facebook automatic registration.
• Report spammers that you find to the Stop Forum Spam Database.
• Report spammers that you find to the Akismet Database.
• Built-in Auto-moderation.
• Auto-moderation rules based on post count.
• Auto-moderation rules based keywords.
• Auto-moderation rules based Akismet results.
• Enable or disable any actions that you do not want.
• Customizable "Registration Rejected" message.
• Consolidates 4 popular methods of spam prevention into one product.
• No Manual Template Modifications!
• Lots of community support!

======================
Compatibility:
vBulletin 4.0.x

Server Requirements:
Curl or allow_url_fopen must be compiled/enabled into PHP. Ask your web host to enable curl or allow_url_fopen if it is not already available on your server's PHP configuration. (Or just host with GlowHost.com, where it already is

=====================
Donations:

If you like this mod, sure, you can donate!

Donations can be all sorts of things:
1) The "Give Thanks" option in your settings is an optional link back to GlowHost Web Hosting.
2) Tell your friends and others about this mod.
3) If you are in need of web hosting, please consider ordering it from the hosting and development professionals at GlowHost.com who were able to develop this mod to you.
4) Help others who are having trouble with this mod by posting tips and suggestions in this forum thread.
5) Cash! Use the "Support Developer" option on the top right of this page.

When you choose to donate, you are contributing to the product development, bug fixes and new releases for SOM and are helping to feed our hungry developers and their families! In other words, your donations helps to cover the time and money spent to develop this system.

The entire team at GlowHost thanks you for your help and support!

We hope you enjoy the mod! :up:

=====================
Installation:

1) Download the attached file
2) Mark As Installed
3) SOM 2.x does not support updates from the v1.x series.
When upgrading to version 2.x, please, be sure to remove any other existing version of SOM 1.x from the product manager before installing v2.x series. Also make sure to remove /forum/includes/xml/bitfield_glowhostspamomatic.xml from version 1 if you had it installed.

4) Extract the zip file, and view the readme file for the rest of the instructions.

=====================

Original concept credits go to the authors of vBStopForumSpam, MonkeyStop.

[Pers]

Thank you for the offer, Force. At this point I've tried the edit to the config.php file and can confirm that Glowhost is no longer active. The two users are not banned (at least not in the database), there are no IP bans (I've never banned an IP although I do ban ranges of IPs in a .htacess file -- and yes, I checked that too) and I looked in the datastore table to confirm that my IP is not banned there, either.

When I attempt to access the control panel I get a "welcome, thanks for logging in" message and then the login page reloads. I had a friend (several minutes ago) try to access the same page with the Admin name and password from an entirely different IP address with the same result.

At this stage I'm thinking that the issue is not Glowhost related and I'm going to do a upgrade of the software and hope the issue is resolved that way. I'm otherwise out of ideas.

Thanks to all that offered suggestions. Many thanks, in fact.

[ForceHSS]

Did you install anything else apart from this plugin before this problem. Also, when you updated to 4.2.2 did you put the fix into your config as this can cause problems if not done the best thing you can do is disable all plugins via config use notepad++ to edit the config

To do that, open your includes/config.php file and below <?php add the following.

PHP Code:

define('DISABLE_HOOKS', true); 


So it looks like this:

PHP Code:

<?php
define('DISABLE_HOOKS', true);
/*=================================================  =====================*\
|| ##################################################  ################## ||
|| # vBulletin 4.2.2

Use an editor like notepad++ to edit any files, don't use Notepad or Wordpad.
After you have done this update to 4.2.3 as the fixes are in this version it would be good if you could login to the admincp to turn the board off first, but if you can make a post to tell your members what is going to happen

[Pers]

No, I hadn't added any plugins prior to this issue arising. And yes, I did add that define line in my config.php file to disable all plugins, so hopefully all will go well (crosses fingers).

[kh99]

If you still have no luck,you might try uploading tools.php to the admincp folder and then do "Update the forum and usergroup cache".

[oneobgyn]

Presently I am running vBulletin 4.2.2 for my forum and am a strong advocate for the use of Spam O Matic which has reduced our moderator work load in eliminating spammers. Frankly we cannot be without it

We are now considering a conversion to vBulletin 5 and were made aware that plug ins will not transfer across in the conversion. We were also made aware that the present version of Spam O Matic will not function on vBulletin 5. Is this true and if so can anyone tell me if there will be a version of Spam O Matic which functions on VB5

TIA

[Max Taxable]

Quote:

Originally Posted by oneobgyn

Presently I am running vBulletin 4.2.2 for my forum and am a strong advocate for the use of Spam O Matic which has reduced our moderator work load in eliminating spammers. Frankly we cannot be without it

We are now considering a conversion to vBulletin 5 and were made aware that plug ins will not transfer across in the conversion. We were also made aware that the present version of Spam O Matic will not function on vBulletin 5. Is this true and if so can anyone tell me if there will be a version of Spam O Matic which functions on VB5

TIA

The bolded represents the biggest mistake you can ever make. Surely you must have some really compelling reason.

And no, any vB addon that uses hooks won't work in v5, and nobody's interested in coding anything for that platform.

Which by the way I would never use or recommend SoM. It is too invasive, and blocks far too many legitimate people - admins included.

[Pers]

I resolved my problem by deleting my entire site, replacing my database with a several week-old backup (our site isn't real busy so losing a few posts isn't really a big deal), and reinstalling 4.2.2 and then updating to patch level 4.

The problem persisted and turned out to be based on a poorly structured ModSecurity rule implemented as a security issue by our host. So, bottom line, I was chasing my tail. GlowHost wasn't the source of the problem at all.

Hope this helps someone else; my problem is solved (until another undisclosed edit to Modsecurity raises its ugly head at my expense, LOL).

[mykkal]

Hey evryone. Is anyone using this with vb 4.2.x? i'm using 4.2.3 with php 5.5

[bzcomputers]

Quote:

Originally Posted by mykkal

Hey evryone. Is anyone using this with vb 4.2.x? i'm using 4.2.3 with php 5.5

Yes, it'll work fine.

[T2VSonya]

I need a little help with setting this up with Cloudflare.

Their instructions have be going into class_core.php and editing the following lines:

take the following steps.
-------------------
Open includes/class_core.php
Find function fetch_ip() { return $_SERVER['REMOTE_ADDR']; }
and replace with function
fetch_ip() { if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { return $_SERVER['HTTP_CF_CONNECTING_IP']; } return $_SERVER['REMOTE_ADDR']; }

Find
function fetch_alt_ip() { $alt_ip = $_SERVER['REMOTE_ADDR'];

if (isset($_SERVER['HTTP_CLIENT_IP'])) { $alt_ip = $_SERVER['HTTP_CLIENT_IP']; }

And replace with

function fetch_alt_ip() { $alt_ip = $_SERVER['REMOTE_ADDR'];

if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) { $alt_ip = $_SERVER['HTTP_CF_CONNECTING_IP']; } else if (isset($_SERVER['HTTP_CLIENT_IP'])) { $alt_ip = $_SERVER['HTTP_CLIENT_IP']; }
--------------------

I can do the first step fine, but the second one is formatted differently by this mod. I have:
==============
function fetch_alt_ip()
{
$alt_ip = $_SERVER['REMOTE_ADDR'];

if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$altip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$altip = $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset($_SERVER['HTTP_FROM']))
{
$altip = $_SERVER['HTTP_FROM'];
}
else
{
$altip = false;
}

if ($altip AND $this->filter_ip($altip))
{
$alt_ip = $altip;
}

return $alt_ip;
}
===========

What do I need to change in there and how should it be formatted to get this mod to work with Cloudflare?

Thanks!