Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 4 Articles
Anti-Spam Methods and Resources
TheLastSuperman's Avatar
TheLastSuperman
Join Date: Sep 2008
Posts: 5,844

Hey vb.org members and coders! Not much to say except I have a beautiful wife, three fantastic kids

North Carolina
Show Printable Version Email this Page Subscription
TheLastSuperman TheLastSuperman is offline 01-05-2012, 11:00 PM

Spam can at times for many site Administrators become a never ending battle for months on end unless you implement ways to counter-act such... well perhaps we should call them "attacks" on your forum because they are truly unwarranted by everyone else other than the one responsible whether it be a human spammer or a spambot.

Now some of you are thinking well what are we up against? Over the years I've noticed that sites can have both automated script derived "Bots" and/or Human "Bots" as well. Some may be confused by the fact a "Bot" could be human but more times than most they simply bypass the registration if any semi-decent security exist and then place it on "auto-pilot" if I had to describe it. What every site owner should realize is just like security on websites evolving because of spam, spam in-turn also evolves because we have both sides striving to beat the previous version of the other in a sense. Why are there "Spambots" well that's simple, there's pretty much various reasons for them but overall it's to promote and "spam" their content or links and high traffic sites are the primary targets so if your forum is large you can bet your bottom dollar they are trying to get in or have already!

The focus of this article will be to provide some very useful information and methods to help you counteract the constant issue countless forum owners encounter with spam on their site. I would like to encourage everyone to post their methods and ideas on how to fight spam and I'll add each one to the original post just below thereby helping many make the changes required to give them a break for once!

____________________

*Please note that not all of these modifications or methods listed will work for you, some will work better than others, and some in combination will work best instead of just one being utilized. I'll also do my best to ensure that any combinations resulting in a conflict are identified in advance and marked w/ a *asterix therefor you should not implement two w/ a * at any given time.

Legend:
Blue *'s indicates these mods are similar in functionality and should not be used in conjunction with each other only one at a time.


Anti-Spam Modifications:
*Over the last few months (as of August 2013) many forum owners are seeing an increase in spam registrations and in some rare cases the registration page is being hit so hard it's almost like a denial of service attack in a sense. If this sounds familiar try this mod by one of our Moderators:

Be creative in your prevention methods! Here's a list of methods, utilities and modifications you could possibly benefit from with some helping cleanup if a spammer hits:
*Please note that Paul M recently added in a new modification prefix "Anti-Spam Options" so as new modifications are released, if the author chooses the prefix correctly you will start to notice more listed here for example: https://vborg.vbsupport.ru/forumdisp...i-Spam+Options



Methods:
Some vBulletin 3.x mods will work on vBulletin 4.x, here's a article by BirdofPrey5 that list quite a few compatible modifications.

Another Method I have come up with has proven to be quite effective for myself and a few others I work for. Here is a example of how to ban spammers using the hourly cleanup cron job or cleanup.php by adding in code similar to the below HOWEVER please note this method is based on custom profile fields and requires you to manually monitor spam to determine it's patterns and repeated entries that make no sense plainly labeling the users as spammers. This method does not remove posts or anything of that nature it only bans the spammer to prevent further activity.

The default profile fields in vBulletin are:
  1. Biography
  2. Location
  3. Interests
  4. Occupation

You have the ability to create new profile fields via AdminCP > User Profile Fields > User Profile Field Manager
Example: http://www.yoursite.com/forum/adminc....php?do=modify

Using what a spambot enters into the few default fields can be used against them however it's not nearly as effective as utilizing more custom fields to help determine a pattern and fight against it! Here are descriptions of the default and other (custom) fields in the query shown so you can see how I'm going about this:
  • user.username = The members username on the forum.
  • userfield.field1 = Biography
  • userfield.field2 = Location
  • userfield.field3 = Interest
  • userfield.field4 = Occupation
  • userfield.field5 = A Custom field where you required them to enter in let's use "Youtube Profile URL" as our example here and you used it in some creative way to show a image/link to their Youtube profile below their avatars in posts and profile or other etc etc.
  • userfield.field6 = A Custom field where you required them to enter in let's use "Facebook Profile URL" as our example here and you used it in some creative way to show a image/link to their Facebook profile below their avatars in posts and profile or other etc etc.
  • userfield.field7 = A Custom field where you required them to enter in let's use "Twitter Profile URL" as our example here and you used it in some creative way to show a image/link to their Twitter profile below their avatars in posts and profile or other etc etc.
  • userfield.field8 = A Custom field where you required them to enter in let's use "LinkedIn Profile URL" as our example here and you used it in some creative way to show a image/link to their LinkedIn profile below their avatars in posts and profile or other etc etc.

The key thing to note here is the fact you need to study new registrations and develop your own ways to identify the spammers using default and custom profile fields before a method like this will work effectively.

*Please Note: This can affect your users in such a way it might be a complete disaster to sort it all therefor I recommend that novice forum owners not familiar with how this all works (sql queries in particular) to setup a test site and use that to test your changes on, you can easily clone your existing site and place it in a /testvb folder on your server (You need to .htaccess protect it per the license agreement) this way you don't slip up and cause a issue on your LIVE/Production site.

PHP Code:
// Spam Management - Move all spammers based on profile fields to usergroup 8 i.e. Banned Users
$vbulletin->db->query_write("UPDATE " TABLE_PREFIX "user AS user
LEFT JOIN " 
TABLE_PREFIX "userfield AS userfield
ON user.userid = userfield.userid
SET usergroupid = '8'
WHERE userfield.field7 LIKE user.username
AND userfield.field8 LIKE '%12345%'
AND userfield.field3 != ''
AND userfield.field5 != ''
AND userfield.field7 != ''
AND userfield.field3 LIKE userfield.field5
AND userfield.field5 LIKE userfield.field7
"
); 

Now we interpret the above query as:

Update the user table and join the user table with the userfield table (these tables are separate, we join so we can compare and execute what we want to do) and set the users usergroupid to 8 (which is the Banned usergroup by default) where their Twitter Profile URL matches their Username
AND (where) their LinkedIn Profile URL contains something like 12345 in any part of the field (why we use the %'s on each end so it reads the field and if for example they entered in 123456 it catches that because it contains 12345 - Also you may want to note that no one's LinkedIn profile is going to be 123456 i.e. http://www.linkedin.com/in/123456 well minus the one silly man who did just that "Erik Hammerquist" )
AND (where) their Interests is not empty
AND (where) their Youtube Profile URL is not empty
AND (where) their Twitter Profile URL is not empty
AND (where) their Interests is like thier Youtube Profile URL
AND (where) their Youtube Profile URL is like their Twitter Profile URL

Logic and common sense tell you that, if you made the custom profile fields and use them in certain ways... that http://www.linkedin.com/in/123456 or http://www.facebook.com/123456 (even though that will redirect to http://www.facebook.com/ohmycarling the user in question would never enter in /123456 he/she would enter in /ohmycarling see my point?) and when you notice the word Man or Woman in the code shown below, well did you know the most common mistake a bot script makes is to fill in "Man" or "Woman" into the Biography field? I see it all the time and not even language differences cause someone to enter that in - Think about it!

Now when we get into the != parts near the bottom this is required because when you close it out your comparing two fields using a like and if they were both empty it could cause issues because without the != if both are empty it will move them and possibly identify a normal user as a spammer and we certainly don't want to ban a innocent now do we? Certainly not so in other words be careful when creating your own query!

If we are banning the user, let's go ahead and update their user title as well, this query compliments the one above:

PHP Code:
$vbulletin->db->query_write("UPDATE " TABLE_PREFIX "user AS user
LEFT JOIN " 
TABLE_PREFIX "userfield AS userfield
ON user.userid = userfield.userid
SET usertitle = 'Banned'
WHERE userfield.field7 LIKE user.username
AND userfield.field8 LIKE '%12345%'
AND userfield.field3 != ''
AND userfield.field5 != ''
AND userfield.field7 != ''
AND userfield.field3 LIKE userfield.field5
AND userfield.field5 LIKE userfield.field7
"
); 
Where can you add these codes? Ensure your scheduled tasks are enabled then edit the file cleanup.php which is located in the /includes/cron/ folder and add your version of the query just below:

PHP Code:
// ########################################################################
// ######################### START MAIN SCRIPT ############################
// ######################################################################## 
Save the file and upload, when the scheduled task next runs if any accounts match your custom query they will be moved into the banned usergroup.

**To Test a query beforehand you can use SELECT for example here is a query to show you the results BEFORE actually running a query:

Code:
SELECT *
FROM vb_user AS user
LEFT JOIN vb_userfield AS userfield
ON user.userid = userfield.userid
SET usergroupid = '8'
WHERE userfield.field7 LIKE user.username
AND userfield.field8 LIKE '%12345%'
AND userfield.field3 != ''
AND userfield.field5 != ''
AND userfield.field7 != ''
AND userfield.field3 LIKE userfield.field5
AND userfield.field5 LIKE userfield.field7;
*Prefix added, remove if you are not using one

WARNING: TEST ALL QUERIES BEFORE YOU EXECUTE THEM! Do not perform any query on your database without doing a database backup and without knowing how to use it if required!

Here are some links provided by Lynne to help you perform a backup:

Now let's see another example...
You try to see how I used the logic here:

PHP Code:
$vbulletin->db->query_write("UPDATE " TABLE_PREFIX "user AS user
LEFT JOIN " 
TABLE_PREFIX "userfield AS userfield
ON user.userid = userfield.userid
SET usergroupid = '8'
WHERE userfield.field1 = 'Man' OR userfield.field1 = 'Woman' 
AND userfield.field6 = userfield.field7
AND userfield.field3 = userfield.field7
AND userfield.field8 = '123456'
AND userfield.field3 != ''
AND userfield.field6 != ''
AND userfield.field7 != ''
"
); 

The query for usertitle update:

PHP Code:
$vbulletin->db->query_write("UPDATE " TABLE_PREFIX "user AS user
LEFT JOIN " 
TABLE_PREFIX "userfield AS userfield
ON user.userid = userfield.userid
SET usertitle = 'Banned'
WHERE userfield.field1 = 'Man' OR userfield.field1 = 'Woman' 
AND userfield.field6 = userfield.field7
AND userfield.field3 = userfield.field7
AND userfield.field8 = '123456'
AND userfield.field3 != ''
AND userfield.field6 != ''
AND userfield.field7 != ''
"
); 

Session Table Issues?

Here's a quick method if you happen to notice a sudden increase of the number online when nothing has warranted such behavior. Monitor your session table to see possible spammers online however a query like this is only effective if the bot logs in multiple times in which you will see different ip addresses (possibly hundreds) all as the same logged in user (OR the same IP address for countless users) and accessing different locations as well (some even show as logging in again). With it added to your cleanup.php cron job it will interrupt their actions on the fly and upon refreshing your session table you'll notice quite a few less entries.

PHP Code:
$vbulletin->db->query_write("
DELETE FROM " 
TABLE_PREFIX "session 
WHERE userid = '15065'
"
); 
To delete the users session based on IP use:
PHP Code:
$vbulletin->db->query_write("
DELETE FROM " 
TABLE_PREFIX "session 
WHERE host = '127.0.0.1'
"
); 
^ Replace the 127.0.0.1 with the problematic users IP address.

*Yes you can truncate the session table HOWEVER that is not advised, if you do truncate then it simply kicks EVERYONE off the site all at once and they must relogin and also navigate back to the page they were on prior.

**If you have any issues using queries that you develop it may be due to using a table prefix in your database (recommended actually) so the perfect example of what to add in is right above us i.e. " . TABLE_PREFIX . " should be pasted before any Table names in the queries otherwise you will receive a error and here is a example:

PHP Code:
$vbulletin->db->query_write("UPDATE " TABLE_PREFIX "user 
As you can note, the code " . TABLE_PREFIX . " goes directly in front of the table name without spaces which then converts into the prefix you have listed in the config.php file!

In the other queries shown that you can run via phpmyadmin directly you will need to modify them to add in the prefix so for example if you have a table prefix vb_ then it would resemble this:

PHP Code:
UPDATE vb_user AS user
LEFT JOIN vb_userfield 
AS userfield
ON user
.userid userfield.userid
SET usergroupid 
'8'
WHERE userfield.field7 LIKE user.username
AND userfield.field8 LIKE '%12345%'
AND userfield.field3 != ''
AND userfield.field5 != ''
AND userfield.field7 != ''
AND userfield.field3 LIKE userfield.field5
AND userfield.field5 LIKE userfield.field7
_________________________________________________

Contributions to this article from these valued community members:
  • Lynne
  • Your name here - Make a contribution!
Attached Images
File Type: png ProfileFieldAnti-SpamUser.png (154.1 KB, 0 views)
File Type: png ProfileFieldAnti-SpamUserfields.png (157.4 KB, 0 views)
File Type: png ProfileFieldQuery.png (132.7 KB, 0 views)
Reply With Quote
  #2  
Old 01-17-2012, 02:30 PM
AFemaleProdigy's Avatar
AFemaleProdigy AFemaleProdigy is offline
 
Join Date: Mar 2006
Location: Murrells Inlet, SC
Posts: 216
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Good article! I personally have used Glowhost, SpamDecimator, Multiple Account Detection, and One Touch. All of them had great results for me. Of course, they all work with different versions of vB so I have never been able to use them simultaniously. They are all great mods that work very well. I never had any problems with any of them.
Reply With Quote
  #3  
Old 01-17-2012, 06:03 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by AFemaleProdigy View Post
Good article! I personally have used Glowhost, SpamDecimator, Multiple Account Detection, and One Touch. All of them had great results for me. Of course, they all work with different versions of vB so I have never been able to use them simultaniously. They are all great mods that work very well. I never had any problems with any of them.
Thanks and remember that some 3.x mods will work just fine on 4.x, here's a article by BirdofBrey5 that list quite a few - https://vborg.vbsupport.ru/showthread.php?t=269719
Reply With Quote
  #4  
Old 01-31-2012, 09:35 AM
abdobasha2004's Avatar
abdobasha2004 abdobasha2004 is offline
 
Join Date: Aug 2008
Posts: 541
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

what can I say
just a great article that was very helpful for me
I really have much spam, and I am surprised about the ability of spamers to overpass captcha and other anti spam techniques !
Reply With Quote
  #5  
Old 03-29-2013, 05:41 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Added in query to remove session based on IP Address per - https://vborg.vbsupport.ru/showthread.php?t=296639 just in case he reviews this article .
Reply With Quote
  #6  
Old 03-30-2013, 03:46 AM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pretty nice list but it would be a bit more interesting if you reviewed each one, rating them 1-5 and letting us know about the pros & cons of each anti spam mod.
Reply With Quote
  #7  
Old 04-03-2013, 06:51 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by final kaoss View Post
Pretty nice list but it would be a bit more interesting if you reviewed each one, rating them 1-5 and letting us know about the pros & cons of each anti spam mod.
Well that would seem better however each site is different in the type of spam received, I may in fact find time to do that however it's still simply based on my opinion and experience using said modifications. I've found over the years that some mods work well on most sites then on others not well at all so you must truly cater to your site. I will say that the three primary ones in the first list marked w/ *'s (indicating they should not be used together) are some of the most used on vBulletin sites, others have been released since the time of this articles writing as well, I'll include them in the list when I have a few spare minutes.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:07 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04475 seconds
  • Memory Usage 2,345KB
  • Queries Executed 21 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_code
  • (9)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (8)post_thanks_box_bit
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (7)post_thanks_postbit_info
  • (6)postbit
  • (3)postbit_attachment
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete