Anti-Spam Options - [GlowHost] Spam-O-Matic - Spam Firewall stops forum spam

If you install this mod, please mark this as "Installed."

VERSION 2.1.2 RELEASED 5/28/2013!


About Spam-O-Matic 2.x:
Spam-O-Matic 2.x (SOM) is a spam firewall for your vBulletin Forums version 4.x and later. It prevents known spammers from registering on your forums. If they can't register, they can't spam!

Languages Packs Available
English
German - Courtesy of Alex@bulletin (included in zip)
Romanian - Courtesy of Teascu Dorin's (included in zip)
Spanish - Courtesy of vbluis (included in zip)

How it Works
This data responsible for blocking user registrations comes from the stopforumspam.com (SFS) spammer database. After the user who is trying to register passes the built-in vBulletin registration checks which you have configured in your vBulletin settings, SOM then checks the SFS database to see if the IP, username, or email address that the user is trying to register with has been recently tagged as a known spam source on other forums around the Internet. Also can be configured to check the Akismet service for known comment spam.

This is without a doubt, one of the most important mods that you will be using on your forum.

Other Notable Stuff
It also does a ton of other cool stuff like moderating posts automatically if the post is found in the Akismet database, or if it contains words on your "Bad Words" keyword list which can be configured within the mod itself.

The mod WORKS with vBulletin's new Facebook integration.
This module works with all of the Facebook functions that are built into the vB4 series.
Similar mods do not handle Facebook integration completely.

This module has the ability to submit new spammer details to the StopForumSpam or Akismet databases automatically, all without any new templates or manual template modifications! :up:

This means other forums that are running Spam-O-Matic will not have the same spammer on their forums if you have (automatically) reported the spammer to the SFS database.

Just install the product in the product manager, upload a few files, configure the system and you are done. (Estimated time: 5-10 minutes)

What's new in 2.1.0:

• Fixed a problem with MySQL engine selection to make mod more compatible with different types of servers.
• When SOM "Newbies Group" is activated + vB's native option to "Verify Email address in Registration" is activated at the same time, "Users Awaiting Email Confirmation" must click the verification link to become a newbie.
• Added remove user, post, ban to user profile options in admincp under "Quick User Links"
• Added German Language Pack
• Optimized default settings to work with the needs of most forums
• Added a new coupon for GlowHost (available after you submit a spammer)
• Several other performance tuning options

Feature List:

• Optional Public Statistics. Show off to the world how many bad guys you have automatically prevented from posting junk on your forum.
• Auto-Moderation moderates posts that have links, bad words, and other configurable settings.
• Auto-Moderation ignores your RSS posts.
• Registration / Denial Logs available from Admincp > Statistics and Logs
• Optional "Newbies" Manager! After registration, newly registered users can be placed in a "Newbies" group which has more limited permissions as compared to your regular "Registered Users" group. Newbies will graduate to your Registered Users group based on your required post count settings.
• Auto-Submit Spammers from the moderation tools menu on each postbit.
• Remove Posts, threads, PMs, Calendar Events from your spammer in one easy wizard. No double logins needed.
• Shows other users who signed up with the same IP. (Sleeping Spammers)
• Optional Affiliate System
• ~50 customizable settings to fine-tune Spam-O-Matic to your exact needs.

A) StopForumSpam:
The StopForumSpam Module lets you:

• Check a registrant's IP address.
• Check a registrant's email address.
• Check a registrants Username.
• Disable or enable any of the above checks.
• Block and log, or, allow and log known spammers.
• All registration attempts are logged for your viewing pleasure.
• Several other performance tuning options

If a user (or bot) tries to register on your forum and they pass the built-in vBulletin registration system. (Human verification, email verification, etc), their registration details are then passed to the Spam-O-Matic firewall for further checking.

NOTE: You should use some sort of human verification checking in vBulletin's built-in options to limit the number of requests to the already heavily-loaded StopForumSpam database servers. This will also prevent additional load because SOM will not have to do anything if the bot/spammer fails preliminary registration validation which is built-into vBulletin itself.

It is completely invisible to humans who are registering that this process is taking place. Bots are stopped dead in their tracks.

If a spammer is able to sneak past the first line of defense, and manages to post, then there are secondary, tertiary, and, uh...4th level protections too!

B) Auto-Moderation:
Auto Moderation lets you:

• Define how many URLs a new member can post before being sent to moderation.
• Define keywords that will send a post to Auto-moderation (viagra, porn, more here)
• Define minimum post count to avoid Auto-moderation.
• Excludes admin and moderators from Auto-moderation.
• Completely disable Auto-moderation if you don't want it.

C) Akismet Service
Spammers that make it past the StopForumSpam and Auto-Moderation will be checked against the Akismet service. If they manage to make a post, and then are found on Akismet, they can be auto-moderated.

The Akismet settings let you:

• Set the number of posts that Akismet will check from each user. After this number is exceeded, Akismet checking will be disabled for that user.
• Auto-Submit spammers that post on your boards back to the Akismet service so that other forums and blogs do not do not receive the same spam.
• Completely disable the Akismet service.

D) Newbies Manager
Should you decide to enable this option, you can create a new usergroup and then tell Spam-O-Matic about it. Once SOM knows about this usergroup, and once enabled, all new users will be part of the Newbies group. The idea here is that you make a Newbies group that has limited forum permissions. For example, no signatures, no BB code, no images, and etc. This group is created completely in the vB admincp. Spam-O-Matic simply makes it the graduation process to the normal Registered Users group, automatic.
Learn More and Discuss the Newbies Manager here.

Punitive Actions:
If you find a spammer has made it past your 4 front-lines of defense, and has managed to post on your forum, then you can help the community...

The spammer's details can be sent to the Stop Forum Spam and Akismet databases automatically, preventing them from registering or posting on other forums. When other forums do the same, the protection is reciprocated.

Simply moderate a post and choose the option to "Delete Posts As Spam..." an then choose the option to "Ban User." Banning the user sends their details to either Akismet, StopForumSpam, (or both) depending on how you set it up.

API Keys:
API Keys are not required for this system to stop spammers on your forums. But you should obtain them so that your forum can contribute to the real-time block lists.

A StopForumSpam API key is required if you want to contribute to the StopForumSpam blacklists by adding your spammers to their database. By submitting spammers you help keep other forums and blogs clean.

An Akismet API key is required if you want to enable any Akismet auto-moderation features in this module. Akismet API key is not required for all Auto-Moderation functions.

You can obtain a Stop Forum Spam API key which is free from stopforumspam.com.

Get your StopForumSpam API Key Here

You can obtain an Akismet API key from Akismet.com.
Akismet offers free and paid API keys so choose your version based on your situation.

Get your Akismet API Key Here

Why it is better than the other anti-spam solutions on vBulletin.org:

• Works with all of vBulletin 4 functions including Facebook automatic registration.
• Report spammers that you find to the Stop Forum Spam Database.
• Report spammers that you find to the Akismet Database.
• Built-in Auto-moderation.
• Auto-moderation rules based on post count.
• Auto-moderation rules based keywords.
• Auto-moderation rules based Akismet results.
• Enable or disable any actions that you do not want.
• Customizable "Registration Rejected" message.
• Consolidates 4 popular methods of spam prevention into one product.
• No Manual Template Modifications!
• Lots of community support!

======================
Compatibility:
vBulletin 4.0.x

Server Requirements:
Curl or allow_url_fopen must be compiled/enabled into PHP. Ask your web host to enable curl or allow_url_fopen if it is not already available on your server's PHP configuration. (Or just host with GlowHost.com, where it already is

=====================
Donations:

If you like this mod, sure, you can donate!

Donations can be all sorts of things:
1) The "Give Thanks" option in your settings is an optional link back to GlowHost Web Hosting.
2) Tell your friends and others about this mod.
3) If you are in need of web hosting, please consider ordering it from the hosting and development professionals at GlowHost.com who were able to develop this mod to you.
4) Help others who are having trouble with this mod by posting tips and suggestions in this forum thread.
5) Cash! Use the "Support Developer" option on the top right of this page.

When you choose to donate, you are contributing to the product development, bug fixes and new releases for SOM and are helping to feed our hungry developers and their families! In other words, your donations helps to cover the time and money spent to develop this system.

The entire team at GlowHost thanks you for your help and support!

We hope you enjoy the mod! :up:

=====================
Installation:

1) Download the attached file
2) Mark As Installed
3) SOM 2.x does not support updates from the v1.x series.
When upgrading to version 2.x, please, be sure to remove any other existing version of SOM 1.x from the product manager before installing v2.x series. Also make sure to remove /forum/includes/xml/bitfield_glowhostspamomatic.xml from version 1 if you had it installed.

4) Extract the zip file, and view the readme file for the rest of the instructions.

=====================

Original concept credits go to the authors of vBStopForumSpam, MonkeyStop.

[RichieBoy67]

Quote:

Originally Posted by garyb12001

I had this installed on my forum and it was exploited (filestore72.info redirect). Just an FYI, especially since it no longer appears to be a supported plugin.

I doubt this mod was the vulnerability. Once someone gains access to your file system they can exploit any file they want.

[garyb12001]

Quote:

Originally Posted by RichieBoy67

I doubt it was the vulnerability. Once someone gains access to your file system they can exploit any file they want.

My bad - you were correct. Somehow, they got access to my AdminCP (which I renamed from default long ago) and were injecting PHP redirect code into the plugins. I have ensured there are no rogue admin accounts and all passwords have been reset and further secured my AdminCP with .htaccess and voila, the redirects have stopped. :up:

Thankfully, the VPS my board sits on was not compromised in any way.

[RichieBoy67]

Quote:

Originally Posted by garyb12001

My bad - you were correct. Somehow, they got access to my AdminCP (which I renamed from default long ago) and were injecting PHP redirect code into the plugins. I have ensured there are no rogue admin accounts and all passwords have been reset and further secured my AdminCP with .htaccess and voila, the redirects have stopped. :up:

Thankfully, my VPS was not compromised in any way.

If you have the filestore hack you will have to do more than that. You will need to check and clean your files and your database.

A good place to start is in the diagnostics within your admincp and look for debase64 added to any of those files.. Mark has a guide on this if you search.

Better to start a new thread though or post in an existing thread about this hack if you need too so we do not go off topic here.

GlowHost is secure. I have been using it for many years on many sites and never had a security issue with it. :up:

[garyb12001]

Quote:

Originally Posted by RichieBoy67

If you have the filestore hack you will have to do more than that. You will nbeed to check and clean your files and your database.

A good place to start is in the diagnostics within your admincp and look for debase64 added to any of those files.. Mark has a guide on this if you search.

Better to start a new thread though or post in an existing thread about this hack if you need too so we do not go off topic here.

GlowHost is secure. I have been using it for many years on many sites and never had a security issue with it. :up:

Thanks, I found that old thread and did all of that as a follow-up to boot. :up:

[curriertech]

I realize this hasn't been updated in a while and this is probably not worth bringing up but...

For the last few weeks I've had some very persistent spammers causing me headaches. Firstly they're starting off using new email addresses (all gmail) and clean IP addresses from SFS's perspective. They register, then put spam info into their profile fields, such as name. I do the easy cleanup immediately and their data is submitted to SFS as expected. The issue is that since this appears to be automated, they simply register again immediately using the same IP and email, and I have to manually cleanup registrations from the same email/ip multiple times.

I believe this is because of the caching function of GSOM. If only the bad query results (i.e. this name/email/ip is listed in the db), rather than all query results, then this wouldn't be a problem. And, doing it this way wouldn't add unnecessary burden to SFS's servers because valid users aren't constantly trying to register. Caching clean results isn't necessary.

I'm going to comb through the code myself to see if I can cobble something together but I'm not a dev so I don't have high hopes for success.

[RichieBoy67]

Quote:

Originally Posted by curriertech

I realize this hasn't been updated in a while and this is probably not worth bringing up but...

For the last few weeks I've had some very persistent spammers causing me headaches. Firstly they're starting off using new email addresses (all gmail) and clean IP addresses from SFS's perspective. They register, then put spam info into their profile fields, such as name. I do the easy cleanup immediately and their data is submitted to SFS as expected. The issue is that since this appears to be automated, they simply register again immediately using the same IP and email, and I have to manually cleanup registrations from the same email/ip multiple times.

I believe this is because of the caching function of GSOM. If only the bad query results (i.e. this name/email/ip is listed in the db), rather than all query results, then this wouldn't be a problem. And, doing it this way wouldn't add unnecessary burden to SFS's servers because valid users aren't constantly trying to register. Caching clean results isn't necessary.

I'm going to comb through the code myself to see if I can cobble something together but I'm not a dev so I don't have high hopes for success.

You should install the New Racaptcha plug in.. https://vborg.vbsupport.ru/misc.php?..._new_recaptcha

[curriertech]

Quote:

Originally Posted by RichieBoy67

You should install the New Racaptcha plug in.. https://vborg.vbsupport.ru/misc.php?..._new_recaptcha

That was the first thing I did but it didn't help, not even a little bit.

[rcull]

I have been running a couple of modifications which can help make a few dollars with the Glowhost Spam-O-Matic plug in.

Here it is Click Here.

[fsrmw_tudd]

Is an extented data privacy statement necessary when this mod is installed?
Like for sending user IPs and email adresses to Akismet and StopForumSpam?

[Venlaw]

Quote:

Originally Posted by garyb12001

I had this installed on my forum and it was exploited (filestore72.info redirect). Just an FYI, especially since it no longer appears to be a supported plugin.

Hmm funny you say this. I'm dealing with the same issue right now. Slowly enabling addons one at a time and looking for updates. I haven't enabled this yet and no redirects so far.