vbSpamBuster v0.2

Following the release of vB SpamBuster v0.1 earlier in the week I've added some of the improvements based on the discussion about it.

This version is a complete rewrite over v0.1 and adds the major features:

• Moves spam into the moderation queue rather than giving the user a "permission denied error"
• Has a highly configurable scoring system

As you can see the ruleset is fairly small at the moment I still think that it will catch a lot of spam posts. Any help/feedback from people running the system and either getting "false positives" or want to add any better rules to the default list please let me know.

Installation instructions

Download spambuster-libs.php and spambuster-rules.php.

You may wish to edit the define values at the top of the spambuster-libs.php file. Later on you might want to edit the rules in spambuster-rules.php too.

Upload spambuster-libs.php and spambuster-rules.php into your includes directory.

In both newthread.php and newreply.php find:

PHP Code:

require_once('./includes/functions_bigthree.php'); 


after it add:

PHP Code:

require_once('./includes/spambuster-libs.php'); 


In newthread.php find:

PHP Code:

verify_forum_password($foruminfo['forumid'], $foruminfo['password']); 


after it add:

PHP Code:

// do a spambuster test
sb_test($_POST['subject'],$_POST['message'].$_POST['WYSIWYG_HTML']); 


Now in newreply.php find:

PHP Code:

$threadid = intval($_REQUEST['threadid']); 


after it add:

PHP Code:

// do a spambuster test
sb_test($_POST['title'],$_POST['message'].$_POST['WYSIWYG_HTML']); 


As ever any feedback would be gratefully received.

[oldengine]

Quote:

Originally Posted by UK Jimbo

As time permits I'm going to be looking at:

• configuration via the admincp (with possible word list import/export)

Make sure that the list isn't just words. As you can see by my list of spam lines above, the rejection power is made by the combination of words into spam phrases.

My actual list is hilarious and lengthy, all taken from actual posts and emails.

[UK Jimbo]

Quote:

Originally Posted by oldengine

Make sure that the list isn't just words. As you can see by my list of spam lines above, the rejection power is made by the combination of words into spam phrases.

My actual list is hilarious and lengthy, all taken from actual posts and emails.

For "words" read "regular expressions". Is in the example code above it'll be using perl regular expressions which are very powerful when it comes to pattern matching.

[Snow]

Quote:

Originally Posted by UK Jimbo

Yup - but you can't do that with vBulletin out of the box can you?

Just drop the regular expression http:// into the config for this hack and hey presto you'd be able to do that.

Does this hack work on thread titles as well or is it just for spam in the post itself? The reason I ask is that I had installed (a while back) a different hack that prevented new users from posting urls in posts and signatures but as a result, spammers started posting the urls in the thread titles and their profiles. It was very common to see "visit my homepage from my profile to find out more".

[UK Jimbo]

Quote:

Originally Posted by Snow

Does this hack work on thread titles as well or is it just for spam in the post itself? The reason I ask is that I had installed (a while back) a different hack that prevented new users from posting urls in posts and signatures but as a result, spammers started posting the urls in the thread titles and their profiles. It was very common to see "visit my homepage from my profile to find out more".

Good point.

It'll be easy to include post/thread titles in the list of fields checked so I'll add that in. Good point about profiles. I'll look to see if this is possible but might make things a bit more tricky.

[Mink_]

To get that working in the ACP, I suggest you just make a new database table and call the values into an array with mysql_fetch_array().

Also, I suggest you use the similar_text() function and allow the user to configure what percent 2 words have to be for the replacement to happen. That can get rid of peoblems with people figuring out how to get around the hack by saying things like "Vist my wbsite."

[UK Jimbo]

I've made some progress with this today. It's now dropping threads into the moderation queue.

In the next few days I'll put another release up on here with all the changes I've made and will be reading the regular expressions out of a separate text file. After that's sorted the next release will concentrate on admincp integration.

Quote:

Originally Posted by Mink_

I suggest you use the similar_text() function and allow the user to configure what percent 2 words have to be for the replacement to happen.

I've never spotted that function before! I think I may support both regular expression and similar_text phrase lists. Watch this space.

[UK Jimbo]

Following some further thought and after having used spamassassin a fair bit in the past I think that I'm going to run with a similar rule based system.

A config file has a list of rules within it. Each rule has a score which is added to an overall score for the post should that rule match the post.

At the end of testing a post for "spaminess" the overall score of the post is compared to a configurable "threshold" score. If the score for a post is over the threshold then it's deemed to be spam.

This setup, coupled with perl regular expression and similar_text support should make for a fairly simple but highly configurable system.

After there's a stable release of this code I'd hope that a number of us could worth together to produce a decent standard list of patterns that people can use out of the box. I'm going to need some help with that stage as the forums I admin have fairly low amounts of spam compared to some other sites.

As an aside SpamBuster nipped 8 spam posts in the butt this morning on visordown.com

[UK Jimbo]

Following the release of vB SpamBuster v0.1 earlier in the week I've added some of the improvements based on the discussion about it.

This version is a complete rewrite over v0.1 and adds the major features:

• Moves spam into the moderation queue rather than giving the user a "permission denied error"
• Has a highly configurable scoring system

As you can see the ruleset is fairly small at the moment I still think that it will catch a lot of spam posts. Any help/feedback from people running the system and either getting "false positives" or want to add any better rules to the default list please let me know.

Installation instructions

Download spambuster-libs.php and spambuster-rules.php.

You may wish to edit the define values at the top of the spambuster-libs.php file. Later on you might want to edit the rules in spambuster-rules.php too.

Upload spambuster-libs.php and spambuster-rules.php into your includes directory.

In both newthread.php and newreply.php find:

PHP Code:

require_once('./includes/functions_bigthree.php'); 


after it add:

PHP Code:

require_once('./includes/spambuster-libs.php'); 


In newthread.php find:

PHP Code:

verify_forum_password($foruminfo['forumid'], $foruminfo['password']); 


after it add:

PHP Code:

// do a spambuster test
sb_test($_POST['subject'],$_POST['message'].$_POST['WYSIWYG_HTML']); 


Now in newreply.php find:

PHP Code:

$threadid = intval($_REQUEST['threadid']); 


after it add:

PHP Code:

// do a spambuster test
sb_test($_POST['title'],$_POST['message'].$_POST['WYSIWYG_HTML']); 


As ever any feedback would be gratefully received.

[UK Jimbo]

v0.02 released at https://vborg.vbsupport.ru/showthread.php?t=76756

[Polo]

I dont think you can Make a new thread when having a new version of a hack... I think you should use the same thread... i'm not sure, but I think I read that somewhere... anyways, let me go look around...