Administrative and Maintenance Tools - vbStopForumSpam - known spammer lookup for new registrations

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3

If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

[pedigree]

Quote:

Originally Posted by skippybosco

Optional settings to check SPS on:

* Contacts

and for folks that were deemed good during registration, but were sleepers:

* Posts
* PMs

Ill see how I can add these options. If they were good during registration as a sleeping spammer, we would have to test their details again. This could be done the first time that they post or send a PM. I dont think that would be too hard to add. Ill look up the hooks at add that to the list of things to do.

Contacts being Contact Us I guess? Using the above method, I could do that. You would need to change the blocking text from "If you think this block is in error, use Contact Us" to "hmm, no change Charlie"

[skippybosco]

Sorry, I should have been more clear.

1) These would be enabled / disabled by admin preference

2) The notion would be that it would only check posts/pms for users that belong to specified user groups. This supports the notion of using promotions on your site to identify trusted users (ie. registered users versus trusted registered users (after 6 days and 3 posts or whatever your flavor is)

3) Contact, yes Contact Us. The understanding being that if you enable this you have prevented users from contacting you if they are incorrectly banned. Mitigation could include javascript, image based or some other obfuscated version of your email in the failure message)

[pedigree]

Quote:

Originally Posted by skippybosco

On a separate note, let's try to give this Mod some visibility!

I have nominated it for Mod of the Month, if you received benefit please do the same. Let's get it up for the masses in July and get Pedigree some recognition.

wow, Im flattered, thanks. That would be great even to be nominated for the vote.

[pedigree]

Quote:

Originally Posted by skippybosco

Sorry, I should have been more clear.
2) The notion would be that it would only check posts/pms for users that belong to specified user groups. This supports the notion of using promotions on your site to identify trusted users (ie. registered users versus trusted registered users (after 6 days and 3 posts or whatever your flavor is)

3) Contact, yes Contact Us. The understanding being that if you enable this you have prevented users from contacting you if they are incorrectly banned. Mitigation could include javascript, image based or some other obfuscated version of your email in the failure message)

2 - There is an option in 0.7 to put new users into a specific group. You could use that to apply filters against. Ill have to up the database cache time incase Russ at sfs.com gets hammered/DDoSed by large forums that leave users in a group like this. Maybe I could include a "cut off" period for users in this group, where it doesnt check them if registered over 30 days (or X) days ago.

What I could also do is add a cron job to pull the daily IP ban list and put that into the cache. They should catch a lot of spam without the necessary remote queries. Its a fine balance between protecting against spam and DDoSing the limited resources of a one-man free website

If Russ was to move the lot into DNS instead of XML/HTML, that would make things a lot easier as he would have DNS servers caching data

3 - I believe captcha can be enabled on the ContactUS page but as the loading would be much less on this page than people posting into forums, I dont think lookups would be a problem here.

[skippybosco]

Captchas can be enabled (as can custom questions on 3.7).. sadly It seems that I am dealing with human spammers (mix of china, india, russia and us based) <sigh>

[pedigree]

well, Ill add a IP based lookup for the Contact US page, pulled initially from the dialy cron job that pulls the IP lists and failing that, from a live lookup.

[kylek]

Voted as one way of thanks!!

[Thomas P]

Yes, voted, too - before the 1st reminder post

[pedigree]

Im flattered, I really am.

Update on 0.7rc.

The core caching / whitelist / lookup rewrite is complete with the following requests included
- GeoIP country banning (goodbye China - nothing personal but you spam too much)
- Much better caching support
- Better remote lookup support
- Statistics logging
- Locally cached cron import of the stopforumspam IP database

The core has been rewritten to allow easy integration into the Contact Us form and into post thread / message or PM so that you can configure it to check if details appear on the database for X days after registrations. This will allow a system admin to set, for example, a threshold of 30 days. If posting a PM or message within the first 30 after registrations, it will check the database if they appear as a spammer and will block it, with an optional PM notification to a mod/admin group.

Also included in the starter of the UI support, is full 3.6 and 3.7 integration, giving details of whois information, links to google searches, etc etc.

With the statistics module (that Ive started), youll get full graphs on a yearly period (older than a year gets auto pruned), with a daily, monthly and yearly totals/averages of
- Cache hits vs misses
- Country ban breakdowns
- Successful vs Banned vs Expired* registrations

*Expired is where there is a hit on the spam database but its older than the threshold set in the forum.

[BadgerDog]

Installed and testing ... :up:

Thanks ....

One thing that has me a little confused is the field for:

Quote:

The www.StopForumSpam.com API Key to submit spammers details with

Is this something I need to use this mod effectively and if so, how do I obtain a key?

Appreciate your efforts in trying to help us block spammers...

Regards,
Badger