Administrative and Maintenance Tools - vbStopForumSpam - known spammer lookup for new registrations

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3

If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

[pedigree]

Quote:

Originally Posted by skippybosco

My weekly praise to pedigree and the amazing work on this mod.

I'm not sure if this is helpful information as a secondary check or not as it seems that it may catch users with outdated browsers as well, but so far is a good canary for me.

Thanks for the numbers, gives me a warm fuzzy knowing that I might be p*ssing off at least one spammer. Maybe he might get so depressed at not being able to register and will just kill himself, fingers crossed

vBulletin works without javascript and this would block everyone using NoScript in Firefox (like myself, I wouldnt be without it). Ill put it in the bugtracker as a "maybe feature" for a future release though, maybe with a notice in the new user that says "Javascript is required for this registration" where isubmit button disabled by default, javascript used to enable it and with javascript used to make a form value. That would give fair warning to users with javascript disabled etc (personally, I HATE websites that refuse to work with javascript off and prefer not to use them)

[Thomas P]

Quote:

the 2.6 and 3.7 template changes sorted so that they rewrite templates on the fly, allowing mods to view all the data about the user, do whois/google searches

I hope you think about server load for Big Boards to only user the code where really needed

[pedigree]

Quote:

Originally Posted by Thomas P

I hope you think about server load for Big Boards to only user the code where really needed

Yup, certainly have. Currently (and I dont imagine its going to change much), it uses two hooks that are hit on each page, global_start and cache_templates.

global_start is used to test if the page is member.php and then inserts a menu item into the options_postbit, that is one or two conditional checks. Firstly, it checks if its running 3.6.x as 3.7.x doesnt have the options postbit menu (3.7 has user details page load as a profile block instead).

cache_templates is used to check if the page is showthread.php or misc.php and then tells vbulletin to insert the "left click username context menu" postbit or the new user detail templates into the cache. A lot of mods do this and it shouldnt impact performance at all.

Once in the cache, vbulletin and any accelerators, will take care of that. Template checks shouldnt be a hit at all, but thats the price to pay for auto template changes.

I dont have a large board to test it against but Im open to suggestions

[Thomas P]

Ok, thanks.

I can test it on our boards, you see the microtime in the footer.

[Wired1]

Quote:

Originally Posted by pedigree

StopforumSpam.com doesnt have the functionality to pull all the other details for spammers based on just one field. We cant get a list of IPs that SpammerX has logged in from.

You can from the search page. This one goes back to a better API being in place.

Quote:

When I get all the template code working, there will be options for mods to examine users, refresh SFS.com data and act on that. In order to run proactive scanning against all the users against all SFS.com data, would require more work both on my time (I have a baby due in 6 weeks) and in cron execution time. Unless you have the Ajax cron mod installed, running a job like that would kill so poor users session. Maybe in v1+ Ill be able to add an automated pull from SFS.com of their IP lists. Anything more would be a lot more code. I want to get the next version out, working before baby is born because after that, well, I wont have much more time until I go back to work.

Congratulations This could be done manually for the time being, and wouldn't kill anyone's session that way. The suggestion is meant to be run after the fact. I'm just seeing correlating spammer info in my logs, and want to help flesh out the spammer patterns

Quote:

Auto submit can be sorted and logs updated to reflect that, its not a big, as long as you have cURL installed. Without cURL, automated submission will be extremely difficult, something that can be done but something that Im not really wanting to code for.

Definitely wait for a better API from the site

Quote:

main goals for the next couple of weeks, is to get the core rewrite sorted, the 2.6 and 3.7 template changes sorted so that they rewrite templates on the fly, allowing mods to view all the data about the user, do whois/google searches, updating SFS.com data and submitting them manually, better loggind support and statistics reporting. Auto submitting user data to SFS.com might sneak in there but any companion, posting, PM etc will have to wait until all that is stable.

I spend 4-5 hours a day on a train to/from work so my time is a bit limited but Im trying to get it all sorted and out asap.

Take your time man, we all appreciate the work you're doing!

[pedigree]

yeah, parsing HTML that could change at any time, is a real horrible way to get reliable information

[Thomas P]

One question: Where can I see this part?

Quote:

5 - Edit Usergroup permissions (Optional) (AdminCP -> Usergroup -> Usergroup Manager -> (Group) -> vbStopForumSpam Permissions - Access / View / Submit
Here you can allow specific usergroups access to details in User Ooptions/ Whos Online etc

Is this on a user's profile page or...?
I edited the rights for my admin group to yes.

[pedigree]

You cant and you wont be able to do that until v0.7 and then it wont be with the XML postbits.

The code that I have now is displaying all this information but I need to complete more code before I release it.

[Thomas P]

ok, I see - no problem.

[skippybosco]

So interesting change of events, the past couple of days have been very quiet from a SPAM registration stand point. I have, however, started getting a few spam messages through the contact us form.

This leads me to the request of a modification:

Optional settings to check SPS on:

* Contacts

and for folks that were deemed good during registration, but were sleepers:

* Posts
* PMs