Administrative and Maintenance Tools - vbStopForumSpam - known spammer lookup for new registrations

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3

If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

[mmurtha]

Quote:

Originally Posted by pedigree

Im playing with the user information process again. So far, on the user info screen for each user, it lists

registrations from this users registeration / last activity subnet
posts from this users registeration / last activity subnet

etc etc - 9 cross references in total, with a list of the most recent 15 (but definable) for each, with a tick box beside each post / user account.

What I want from you is the actions that you would like to see available.

Im integrating the One touch Spam cleanup mod so one of the options will be that,

"Cleanup and ban"

With a radio box that will allow you to submit the data to our database.

So, what other options other than the "delete all pm, posts, threads and ban" would you like to see available?

Hey pedigree,

This sounds perfect for what I need.

Thanks for taking the time to upgrade the Mod.

[thbertram]

There are a several batches of registration attempts in the vbStopForumLogs where maybe as many as 20 registrations by the same username/IP are listed, and the log Message shows "Allowed Registration," yet no user account was set up. When these occur, I add them to the SFS database.

What should I make of this, if anything? ...and why was no account created (though I'm not complaining!)?

[pedigree]

Quote:

Originally Posted by thbertram

What should I make of this, if anything? ...and why was no account created (though I'm not complaining!)?

As covered elsewhere in the thread, this happens when it passes sfs tests and then passes control back to vB for its tests. The registration has failed vB checks/validty and the text really should read "passed SFS testing, passing back to vB for further tests" but thats just way too long.

0.7, its been changed to "Passed"

[mmurtha]

Oh, I always thought these entries were from bots who couldn't finish the signing up process. Perhaps they still are.

Hey pedigree,

I have a quick question if you don't mind. I have a bunch of pages building up. Is it wise to keep them or should I prun them?

My main concern is if I prune them, the same people will try to register again. Or won't that matter?

Thanks ...

[Barteh]

Quote:

Originally Posted by pedigree

So, what other options other than the "delete all pm, posts, threads and ban" would you like to see available?

I'd add signatures to that list!

And possibly some way to add all the failed registrations (cfr "vbStopForumSpam Logs") to the SFS DB in a less repetitive strain injury inducing way than copy name -> ctrl-tab -> paste -> ctrl-shift-tab -> copy ip -> ctrl-tab -> paste -> ctrl-shift-tab -> copy email -> ctrl-tab -> paste -> submit -> backspace -> ctrl-shift-tab -> rinse -> repeat. Assuming the IP check is done first, about 10% of registrations seem to come from IPs unknown to the SFS DB, would be nice if we can preemptively exclude those from other board's registration queues

[pedigree]

@mmurtha - purging logs wont impact anything else. They use minimal database space

@bartech - Ill see how easily I can add failed registrations to the database but as theyre failed, theyve already been caught and are, mostly complete, in the database. It should be as easy (from your point of view) of a tick box that will post back to the code Im writing for the user functions.

[thbertram]

Quote:

Originally Posted by pedigree

As covered elsewhere in the thread, this happens when it passes sfs tests and then passes control back to vB for its tests. The registration has failed vB checks/validty and the text really should read "passed SFS testing, passing back to vB for further tests" but thats just way too long.

0.7, its been changed to "Passed"

Sorry...hadn't read but a couple hundred of the posts and must have missed the one you're referring to. I thought that was might the case, but the IPs and emails were not on my banned lists. One did get through this morning, however, after 11 attempts.

[Wired1]

Quote:

Originally Posted by Barteh

I'd add signatures to that list!

Ditto signatures, as well as homepages. Basically clean the profile. Don't forget profile fields. They LOVE to place URLs in custom ones.

Quote:

Originally Posted by Barteh

And possibly some way to add all the failed registrations (cfr "vbStopForumSpam Logs") to the SFS DB in a less repetitive strain injury inducing way than copy name -> ctrl-tab -> paste -> ctrl-shift-tab -> copy ip -> ctrl-tab -> paste -> ctrl-shift-tab -> copy email -> ctrl-tab -> paste -> submit -> backspace -> ctrl-shift-tab -> rinse -> repeat. Assuming the IP check is done first, about 10% of registrations seem to come from IPs unknown to the SFS DB, would be nice if we can preemptively exclude those from other board's registration queues

Quote:

Originally Posted by pedigree

Ill see how easily I can add failed registrations to the database but as theyre failed, theyve already been caught and are, mostly complete, in the database. It should be as easy (from your point of view) of a tick box that will post back to the code Im writing for the user functions.

I'd add a button to the end of the row of the log that submits the data. I know I've submitted a lot based on the fact that they're attempting every 3 seconds for 5 min straight. NOT HUMAN! Doesn't hurt that I have another mod that doesn't let you hit the register button for 15 seconds. This way you know if they're hitting it quicker, they're automatic spammers.

[skippybosco]

Pedigree, at one time you had talked about the possibility of allowing a custom name for the signup link to circumvent (speed bump) script kiddies.. is that still on a wish list somewhere?

I also recall talk of an option to disable registration when javascript is not active.

[pedigree]

skippy

Yes, its on my list and it will work like this.

- the register page will maintain a database table with the last time a certain IP address accessed this page. Its an IP address rather than a vB allocated session as the session can be changed very easily with any POST to the page.
- if the register page has already been accessed within a configurable period of time, the page returns an error and no further processing is done. If a time out window is allocated, then a countdown counter is added to the submit button
- the "submit registration" input button is removed from the template and replaced with a javascript implementation of the removed code, ie document.write("<input>...."). The javascript also writes an encoded javascript code block, linking in a AES decrypt function and an encoded key/challenge pair. The script will decode the AES encrypted javascript that will write a random form field. If that form doesnt exist on the post, its a spambot as a non-javascript browser wont see the submit button but rather a "javascript required" message. This differs from other field scripts in that it will have to AES decode javascript and execute (or give this script individual consideration) in order to get the correct field data, where others are easier to process as the spambot can read field text directly out of a HTML page.