Administrative and Maintenance Tools - vbStopForumSpam - known spammer lookup for new registrations

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3

If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

[pedigree]

Quote:

Originally Posted by skippybosco

Duplicates in the logs is explained a couple of posts up.

Not being linked, if your configuration is anything like mine, is a result of multiple checks during registration (in my case StopForumSpam and RBL).. You will see a "Registration successful" if it made it past StopForumSpam, but if RBL caught it then there is no link.

So basically, if the user does not exit then there should not be a link to the user (easy concept I just made sound REALLY complicated I think.. heh.. )

Skippy has it. There is no link in the logs as no user account was created.

Duplicate logs for each user isnt really a duplicate. If you have a "log but allow" policy or a user that is registering is beyond the cut off date allowed (ie listed on sfs.com website with a lastseen of X days ago, where X is bigger than the configuration in your forum), then it logs this and continues with registering / adding the user, where it logs a new user registration.

Successful registration is there as a request from people, so that they can click through to users even if they generated no warning, a "one stop" portal page if for no better description. I will add an option to disable that in the next version if you like

[pedigree]

Quote:

Originally Posted by abrecher

Looking at the logs....

25 out of 36 signups have duplicate log entries.

Half of the entries that were successful do not have a link to their user entry in the admin cp

And these users exist? The registration check has two parts (as it uses two differnt vb hooks).

The first part does all the work, queries the server and logs if it finds a spammer, blocked or allowed.

The second part does one thing, it logs succesfully created users and attempts to join that user with its username logged in step 1 by the means on a unique token in the logs. If a new user is created and you can see it in the user options and there is no link in the logs to that user for a log entry, then there is a bug that I will have to address.

[pedigree]

Quote:

Originally Posted by Wired1

Hey pedigree, the log only shows their username as a link if they've completed the registration process, correct?

It should be that way, yes. but Im going to go back to the code and figure out if thats not the case all the time.

For those finding users registering, please verify their userid and if there is a link in the logs to the usercp for them. If you find a valid user and no link to the user cp, please PM me with the exact version of vBulletin and a copy/paste of the log entries.

[abrecher]

I've been using this mod for a few days now, it's really doing a great job thus far. I'd highly suggest adding an option to allow the flagged registration to go through but have them go into a special usergroup we set up.

[pedigree]

abrecher - Ill add that to v0.7,which is coming along nicely.

Its got GUI integration now (both in 3.7 and 3.6 in the same package), just need to add permission controls to that and recode the backend record / caching as Ive rewritten a lot of it to cut down on the number of remote calls and to allow for further changes if and when theyre made. Youll be able to submit details to the remote website from the GUI, once I get a response from the guy who runs stopforumspam.com

Ive just looked at the source for 3.7, specifically this

// assign user to usergroup 3 if email needs verification
if ($vbulletin->options['verifyemail'])
{
$newusergroupid = 3;
}
else if ($vbulletin->options['moderatenewmembers'] OR $vbulletin->GPC['coppauser'])
{
$newusergroupid = 4;
}
else
{
$newusergroupid = 2;
}

There is the ability to change the user group after this but we could run into a problem. The default "new user" group is 2 but as you see, if there is COPPA or VerifyEmail set, a new user goes into a different group. Moving a user out of VerifyEmail to another group, will (but Ill have to double check) bypass email verification testing. Still, I guess if youre moving new users into a group, theyre not going to have any posting ability as part of the permissions of the special group.

Ill add it, disabled by default, with an explaination of the ramifications of a different default group, blocking admin/mod/supermod groups in the code (because otherwise, that would be bad)

[netfly]

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

[Wired1]

Quote:

Originally Posted by netfly

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

Please read the post right before yours.

[abrecher]

This plugin stops approximately 15-35 spammers from signing up to my forums DAILY! I'd HIGHLY recommend it to anybody with a busy forum. I'm using it without any issues on VB 3.7.1 . Thanks again to pedigree!!

[pedigree]

Youre welcome and thanks for the feedback, its always nice to hear from people that appreciate the effort involved. If you think v0.6 is good, wait until v0.7

[pedigree]

Quote:

Originally Posted by netfly

Thanks a lot for this mod!!! It's a great idea.

When will we able to add spammers to the stopforumspam from vbulletin?

The only real thing stopping it being included right now is that the guy who runs stopforumspam.com doesnt have an API system for submitting data yet. What I am doing in v0.7 is using cURL to submit data to his online HTML form. Its not ideal for a couple of reasons

- If he changes the form code, its values or does referring checking, it breaks all the template code. The results have to be parsed out of HTML code, rather than the current read API where the results are in a known XML format
- If you dont have cURL installed on your webserver, then you have to use a local form in your template, which exposes your API key to anyone you grant vbStopForumSpam access to. This would then allow them to use your key to create false records on the stopforumspam server (if they wanted to be malicious)

Its not me delaying the ability to submit data, its just waiting on the finalised API from russ (who seems to be a very very busy guy)