Anti-Spam Options - vbStopForumSpam

vbStopForumSpam

Mod of the month winner October 2009.... That cant be bad :up:

Apologies in advance, this is a copy of the 3.6/3.7/3.8 mod that has been verified to work in 4.0 (its so that I dont get a billion PMs asking if it works in 4.0)

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp.

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3, 4.0 Gold, 4.2pl1,2

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

There is a small mod, coded by Wired1 that will allow you to submit spammer details to the database from the admin control panel, here https://vborg.vbsupport.ru/showpost....&postcount=289 This relies 100% on javascript being enabled and makes no tests that it is enabled.

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes the file upload the correct folders.

Please click Installed

The original thread is at https://vborg.vbsupport.ru/showthread.php?t=176481 where there is a wealth of knowledge about the mod, please ask questions in there.

[blake247]

WOW...excellent mod!

[djbaxter]

Accidentally posted in the 3.6 thread. Reposting here:

Suggestion/Question:
At present, it seems the name search is not on exact match - at least, if I enter a name as a manual search it's not (e.g., dan will be flagged as matches to daniel, dan123, rodan, etc.).

It should either be eliminated as a potential criterion or made so that only exact matches will work to ban a registration, as it is for email addresses and IP addresses.

Quote:

Originally Posted by TommyC

This script doesn't use a "search" it checks for a yes or no.

For example, dan would show up as a yes via this page:
http://www.stopforumspam.com/api?username=dan

You misunderstand me.

The point is how "dan" is checked - and against what. Would you get a "yes" if the member was dan because it matched with daniel, dan2010,123dan, etc.?

Try a manual search: http://www.stopforumspam.com/search?q=dan

My hypothetical member "dan" isn't any of those 500 listed but seems to be considered a match. It should not return a "yes" unless it finds a "dan" in the spam list, not a "jordan" or anything else.

[Claygp]

This mod blocks WAY too many legit people. I had to remove it. Not good.

[skippybosco]

@Claygp: Have you verified that their IP/Email/Username are in fact part of the SFS database? Have you reported the "Legit People" to SFS so they can be investigated and potentially removed from the dB?

As I've seen the "I have to disable this mod" statement a few times in the last few weeks, it is probably worth reiterating that you do not have to block users that are caught by SFS. Instead have those users put into a more restrictive usergroup which either has their posts validated via Akismet or has it's posts manually validated by your site moderators. You can then set an automatic promotion strategy (based on time, # posts, etc) to move them to a less restrictive usergroup.

This gives you the best of both worlds... even in the rare case there is a false positive, your users can still register and post, while at the same time having peace of mind that content is being vetted before it is being presented to your users.

[abbasbsp]

Database error will appear when a user registration so that members do not gain.
This mod should just delete.

[djbaxter]

Quote:

Originally Posted by djbaxter

This part echoes the concern I expressed earlier. There is a simple resolution: Check the email address and the IP address and skip the name check. Spammers rotate the names they use anyway, so it's not really helpful and may be harmful.

Try this:

Find in includes/functions_vbsfs.php:

PHP Code:

    // todo handle the null error results.
    $result = checkSFSSpam($username, 'username');
    if ($result !== VBSFS_NO_TEST) {        
        sfsActions('username', $username, $username, $email,$ip, $result);     
                } 


Comment out those lines, i.e., change to:

PHP Code:

    // todo handle the null error results.
    // $result = checkSFSSpam($username, 'username');
    // if ($result !== VBSFS_NO_TEST) {        
    //     sfsActions('username', $username, $username, $email,$ip, $result); 
    // } 


[Bob_R]

Quote:

Originally Posted by djbaxter

Try this:

Find in includes/functions_vbsfs.php:

PHP Code:

    // todo handle the null error results.
    $result = checkSFSSpam($username, 'username');
    if ($result !== VBSFS_NO_TEST) {        
        sfsActions('username', $username, $username, $email,$ip, $result);     
                } 


Comment out those lines, i.e., change to:

PHP Code:

    // todo handle the null error results.
    // $result = checkSFSSpam($username, 'username');
    // if ($result !== VBSFS_NO_TEST) {        
    //     sfsActions('username', $username, $username, $email,$ip, $result); 
    // } 


I'm trying this. But, I'll put it back if people start slipping through the cracks. But, like you mentioned different names are used.

Someone mentioned earlier in this thread that something has changed since vb3 with this "name" stuff.

[migowebdesign]

Yes, it was me who described the change since vb3.

But now all the crackers fill out the name in my board. So they recognized the change
But why do you comment the username section? There is an extra option in the settings of this hack

[Michael Tsai]

Intalled and diabled, well......

[djbaxter]

Quote:

Originally Posted by migowebdesign

Yes, it was me who described the change since vb3.

But now all the crackers fill out the name in my board. So they recognized the change
But why do you comment the username section? There is an extra option in the settings of this hack

D'oh!

You're absolutley correct. If I'd checked there, I could have saved myself some work.