Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons

Reply
 
Thread Tools
vbStopForumSpam - known spammer lookup for new registrations Details »»
vbStopForumSpam - known spammer lookup for new registrations
Version: 0.61, by pedigree pedigree is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.1 Rating:
Released: 04-17-2008 Last Update: 01-26-2010 Installs: 1986
DB Changes Uses Plugins Auto-Templates
Additional Files Translations Is in Beta Stage  
No support by the author.

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3


If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
2 благодарности(ей) от:
Nassou, rpgamersnet

Comments
  #872  
Old 01-31-2010, 07:15 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You dont have to disable IP checking, you can drop its threshold to 5 days or something like that.

How about posting the IP numbers youre seeing as polluted so that I can check them out.
Reply With Quote
  #873  
Old 01-31-2010, 07:19 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by imported_silkroad View Post

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!
Like paying someone to manually validate every entry? Right... we barely break into double digits each month in donations....

If someone finds their IP number on the database, they can remove it themselves.

So far, Ive seen no one come and say "this IP is listed and shouldnt be, its Sun" - give me the IP and I can look into it but anything past that and I dont have the time to start scanning CIDR networks for something that might not even be there. You had the time to contact Sun but not stopforumspam?

I am in the process of coding a reputation system for inclusion in the results but as I code the website in my spare time, its slow progress.
Reply With Quote
  #874  
Old 01-31-2010, 02:11 PM
imported_silkroad imported_silkroad is offline
 
Join Date: Dec 2003
Posts: 563
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
# whois 192.18.8.1

OrgName: Sun Microsystems, Inc
OrgID: SUN
Address: 4150 Network Circle
City: Santa Clara
StateProv: CA
PostalCode: 95054
Country: US
Quote:
Originally Posted by pedigree View Post
If someone finds their IP number on the database, they can remove it themselves.
You are entitled to your opinion. I am entitled to mine. You are not going to change
mine by arguing with me or acting as if you know more than people you disagree with. All you are going to accomplish is to alienate me because you disagree. So be it.

Quote:
Originally Posted by pedigree View Post
You had the time to contact Sun but not stopforumspam?
I don't like your combative tone. You can't accept a different view because you are so attached to your work. You act like it is perfectly acceptable for a professional at Sun to be locked out frustrated and that he must spend time to contact a crappy database because the database is so polluted. Nonsense, IMHO. You are free to have a less respectful opinion about your potential forum members

The only reason our admins (including me) got involved was because the user was kind enough to contact us (very unhappy and frustrated three times) and ask....

Why Is Your Site Blocking Us???

We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod.

False positive blocks are not acceptable to us.

The Stop Forum Spam db is polluted.
Reply With Quote
  #875  
Old 01-31-2010, 10:33 PM
skippybosco skippybosco is offline
 
Join Date: Sep 2007
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That IP address 192.18.8.1 is in the StopForum database only once so a frequency filter would have prevented this from registering for site admins that are more sensitive to the risk of a "false positive"

That being said, a quick Google search on 192.18.8.1 makes it very clear that IP address, while it may be registered to Sun MicroSystems, is not being used just for business purposes. Given the multiple users that appear to be posting from that IP address to various social forums, my guess was that it is a Proxy server or shell server.

Then I started looking into some of the posts:

Luzhou Guestbook Spam

Quote:
Originally Posted by tolqxkmuksg IP:192.18.8.1 2010-1-16 15:33:59
zL81L8 <a href="http://snmljcfzmtft.com/">snmljcfzmtft</a>, url=http://gzvucjsmhtut.com/]gzvucjsmhtut, =http://kuwbknfzbuwl.com/]kuwbknfzbuwl, nbyroolbkvfc.com
Korean University Forum Spam

Quote:
Originally Posted by (192.18.8.1) 2010-1-19 2:48:35 acomplia
comment6, zyprexa, viagra, phentermine blue, levitra, zyprexa 5mg, protonix pricing, buy lipitor, discount cigarette, advair diskus generic, cheap american cigarettes, exact replica watches,
Thailand Message Board Spam

Quote:
Originally Posted by ความคิดเห็นที่ 2010-01-18 16:13 from 192.18.8.1
zoloft, zyprexa, phentermine diet aid, pfizer viagra, acomplia, buy effexor, cialis, herbal replacement for plavix, klonopin, singulair, advair, rimonabant 180 pills, nexium cost, pill propecia,
Shopping Site Feedback Spam

Quote:
Originally Posted by exact replica watches 2010-01-18 10:56:20 (192.18.8.1)
reductil, buy zoloft, doxycycline online, who makes meridia in mexico, lipitor, cialis bloody nose, plavix, buy discount cialis, discount cigarette, singulair, accutane
...and the list goes on for pages.

And in case you're wondering *why* or *how* this could be happening to an IP address that is registered by Sun MicroSystems and whose employees confirm this?

That is because this is a shell server that was compromised in November 2009 and access to various "Premium Accounts" on it are being sold online to spammers, including the root account.

http://www.neararsan.org/karisik-pre...-t266276.html?

Quote:
root SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
darinjanke SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
darinjanke SUN-0E4C8F148DB 2009-05-26 16:47:26 192.18.8.1
hd226724 SUN-0E4C8F148DB 2009-05-26 16:47:25 192.18.8.1
....etc
This took roughly 2 minutes of investigation to find this using just Google

Quote:
Originally Posted by imported_skillroad
We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod. False positive blocks are not acceptable to us. The Stop Forum Spam db is polluted.
As I said in previous posts, there is a chance that someone maliciously or accidentally enters a legitimate IP address. There are existing tools to help reduce the risk of false positive on an Admin as well as more long term things such as the reputation system that Pedigree eluded to.

That being said, it is a community of Admins. It is give and take. For the thousands of spammers that don't make it on your site (and the time you save not having to clean up their mess) we ask that you add spammers that do make it back to the database. While there are other sources of the data (honeypots, etc) If Admins deinstalled the mod every time a spammer wasn't in the database the service would shut down and the spammers will have won (oh the humanity!).

The same is true for invalid IP addresses in the database (should there be any). If an admin identifies an erroneous IP, the hope is that they should report it back to Stop Forum Spam to help clean the database up for everyone. While we're working to make that an easier process (and automated validation, etc), again the time you save NOT having to clean up thousands of spammers should more than make up for the time it takes to report a false positive.
Reply With Quote
  #876  
Old 01-31-2010, 10:34 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do us both a favor, stop using the database and uninstall the mod because I certainly have better things to do that listen to you rant in whatever thread you decide to post in and I certainly dont have time to drop whatever Im doing to help fix your problem.

That IP looks like a real false positive, I mean, there is no way that a IP allocated to Sun could ever spam right? All those people that reported that box mustve been reporting it as part of some vindictive plan to undermine Sun.

I dont like your attitude, the way that you complain in most threads and the way that you think the world owes you attention. I hope you uninstall my mod and never visit this thread again. Im sure Im not the only one that would be happier not to see you around as well. Mod of the month, 2000+ installs, and Im sure that there are a lot of happy people, some that have PMed me asking (nicely) for help, whom Ive spent hours with. You however are better off without the support of the community that attempts to help others.

Next time, i suggest typing an IP into google. I mean, with your "15 years of anti-spam" experience.... I hope you dont charge by the hour...
Reply With Quote
  #877  
Old 01-31-2010, 11:30 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by imported_silkroad View Post
No, it was non of those scenarios.

I spoke directly to the Sun employee, who is very professional and very intelligent. They were actually kind enough to contact us and tell us of the problem.

I have a lot of experience with problems with abuse of user-generated blacklists for anti-spam, etc going back nearly 15 years.

The database used for this mod has serious problems.

I like your strategies above to reduce impact and will consider them before removing this mod, which is causing more problems than benefit as our other anti-spam plugins that do not use the Stop Forum Spam database are "pretty good" and do not lock out perfectly good registrations!

PS: There is no way we will spend time reporting problems to the Stop Forum Spam admins. This would take more time that deleting spammers!! The admins of Stop Forum Spam should validate better. Their system is really bad and does block good people consistently, we have seen this.

In addition, anyone can report an IP address and use this malicious to hurt others. It is unfair to put the validation on the end user or forums who have problems. The db should have a better validation algorithm, period!
and

Quote:
Originally Posted by imported_silkroad View Post
You are entitled to your opinion. I am entitled to mine. You are not going to change
mine by arguing with me or acting as if you know more than people you disagree with. All you are going to accomplish is to alienate me because you disagree. So be it.

# whois 192.18.8.1

OrgName: Sun Microsystems, Inc
OrgID: SUN
Address: 4150 Network Circle
City: Santa Clara
StateProv: CA
PostalCode: 95054
Country: US

I don't like your combative tone. You can't accept a different view because you are so attached to your work. You act like it is perfectly acceptable for a professional at Sun to be locked out frustrated and that he must spend time to contact a crappy database because the database is so polluted. Nonsense, IMHO. You are free to have a less respectful opinion about your potential forum members

The only reason our admins (including me) got involved was because the user was kind enough to contact us (very unhappy and frustrated three times) and ask....

Why Is Your Site Blocking Us???

We apologized and disabled IP checking. I doubt we will turn it on again, and may consider de-installing the mod.

False positive blocks are not acceptable to us.

The Stop Forum Spam db is polluted.


Im going to quote this, for future reference, should imported_silkroad decide to edit his post... =
Reply With Quote
  #878  
Old 02-01-2010, 09:38 AM
thbertram thbertram is offline
 
Join Date: Sep 2006
Location: Arkansas US
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pedigree, you can't win against these so-called "experts." Just because someone works at Sun doesn't make him some sort of god. The Sun IP address is being used for nefarious purposes and your plugin did EXACTLY WHAT IT'S SUPPOSED TO DO. This isn't a question of a different view, as Silkroad states... The facts speak for themselves.
Reply With Quote
  #879  
Old 02-01-2010, 10:27 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can only hold your hand out to offer help so many times before something with rabies goes in for a bite. Ive had to deal with many so called "self appointed experts" before in my full time job. Having to endure someone from IBM, charging $1700 a day, coming in to provide vendor support for IBM websphere and having to show them how to do things. They are everywhere

http://www.googleisyourfriend.net/
Reply With Quote
  #880  
Old 02-01-2010, 01:08 PM
imported_silkroad imported_silkroad is offline
 
Join Date: Dec 2003
Posts: 563
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by thbertram View Post
Pedigree, you can't win against these so-called "experts." Just because someone works at Sun doesn't make him some sort of god. The Sun IP address is being used for nefarious purposes and your plugin did EXACTLY WHAT IT'S SUPPOSED TO DO. This isn't a question of a different view, as Silkroad states... The facts speak for themselves.
You and Pedigree, et al are being childish.

We talked to the person directly and they are definitely a legitimate Sun employee.

Pedigree can "Google for two minutes" all day long and still not be accurate.

StopForumSpam blocks perfectly good people from registering.

Why do you argue that point like a child with Google in your hand?
Reply With Quote
  #881  
Old 02-01-2010, 01:10 PM
imported_silkroad imported_silkroad is offline
 
Join Date: Dec 2003
Posts: 563
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by pedigree View Post
Im going to quote this, for future reference, should imported_silkroad decide to edit his post... =
Why should I edit the post?

Your product blocks professionals at Sun.

Your "two minute Google analysis" proves nothing.

We spoke directly to the Sun Employee and he is not a spammer and your software blocked him.

Why argue this point?
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:06 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05643 seconds
  • Memory Usage 2,348KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (14)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (3)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (2)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete