Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vbStopForumSpam - known spammer lookup for new registrations Details »»
vbStopForumSpam - known spammer lookup for new registrations
Version: 0.61, by pedigree pedigree is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.1 Rating:
Released: 04-17-2008 Last Update: 01-26-2010 Installs: 1986
DB Changes Uses Plugins Auto-Templates
Additional Files Translations Is in Beta Stage  
No support by the author.

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3


If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
2 благодарности(ей) от:
Nassou, rpgamersnet

Comments
  #152  
Old 07-03-2008, 02:07 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Alfa1 View Post
It seems to work very well on vb 3.7.1 PL2

So well, that I am being flooding by emails from this hack. How do I turn them off?
Good to hear about 3.7PL2.

Are the emails coming from the "Contact Us" page? If so, then two ways really

1. Edit the phrase and remove the "Contact Us if you think this is wrong" incase they didnt think of doing that

2. Disable the "Contact Us" page in vBulletin options.

Are the registrations all spammers? Maybe you could PM me a copy/paste of your logs so that I can verify theyre spammers and not the plugin gone mad.

Edit : This mod doesnt send emails
Reply With Quote
  #153  
Old 07-03-2008, 02:20 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

.. oh, the next version will do spambot filtering on the Contact Us page as well
Reply With Quote
  #154  
Old 07-05-2008, 11:15 PM
Jazzi Jazzi is offline
 
Join Date: Feb 2008
Location: UK
Posts: 15
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This looks awesome - and *exactly* what I need at the moment! My forum gets around 55,000 unique visitors and 250,000 pageviews a day - and it's being ruined by spammers! I'll post back in a few days to let you know the results (it's already caught one and I only installed it 60 seconds ago!).

Thanks pedigree!
Reply With Quote
  #155  
Old 07-08-2008, 05:11 PM
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Location: Toronto
Posts: 1,789
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, I just had a legitimate new member try to register and he got the spammer rejection message (our very first)....

It didn't like his IP address, indicating it has been used by someone to spam forums in the past. Here?s the information from the log:

Quote:
========================================
Username 2008-07-08 12:55:38 xxxxxxx@xxx.com 195.93.21.36
Result on field ip - 195.93.21.36 - Spammer and rejected by policy
========================================
What's very odd is that the actual IP address he was using when he tried to log on our site was IP Address: 195.93.21.8, which differs from the one he was rejected for?

Is something broken here?

By the way, I changed the username and email address for pivacy purposes.

Regards,
Badger
Reply With Quote
  #156  
Old 07-08-2008, 06:03 PM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Checking that IP on the stopforumspam.com website, it's linked to an AOL.com email address. AOL also owns that IP range. Most likely someone was spamming from a computer w/ AOL as the ISP. AOL frequently cycles IP addresses around, so that's how they got that IP.
Reply With Quote
  #157  
Old 07-08-2008, 09:47 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

AOL operate transparent proxy servers that filter/monitor and record all HTML data passing from their networks, for many reasons, data mining, advertising etc... It being on the same 24 subnet is a bit strange bit who knows what AOL think.

ISPs that transparently redirect/filter and cache HTTP traffic are always going to be a problem when filtering on IP numbers. I thought about filtering on the HTTP_FORWARDED_FOR headers fromthe caches but that would easily allow a spammer to inject headers and therefore bypass filtering.

All I can suggest is create him an account and mail him the password or decrease the age expiry to under 30 days, that will treat the record at sfs.com as too old and will ignore it.... Or even better, tell him to get his ISP to turn off proxying. A friend owns an ISP and with bandwidth being so cheap compared to the overhead of running caching servers, given the low hits, he turned them all off.
Reply With Quote
  #158  
Old 07-08-2008, 10:03 PM
skippybosco skippybosco is offline
 
Join Date: Sep 2007
Posts: 117
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This raises the question of one of the missing features of the site regarding modding up an IP, email or username. Right now you can flag something bad, but can never rectify that (unless you flagged it and manually remove it from your list of spammers)..

Obviously a concept like this is prime for fraud if not done correctly.

Anyone have any suggestions on how we may implement a "whitelist" feature without inviting automated bots to pollute the database?
Reply With Quote
  #159  
Old 07-09-2008, 09:46 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think those questions are best raised on the stopfrorumspam.com website. I did kind of foresee that and thats why I put a "lastseen" expiry in the mod. By default, from memory, its 90 days. 0.7 has whitelisting features for username/email and IP addresses/subnets as well as the said expiry.

Expiry being that a postive spambot result from stopforumspam.com with a lastseen thats older than the threshold set in your options, will result in a negative spambot result. This kind of works around some of the issues.
Reply With Quote
  #160  
Old 07-09-2008, 09:56 AM
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Location: Toronto
Posts: 1,789
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by pedigree View Post
All I can suggest is create him an account and mail him the password.

That's how I handled this individual...

Thanks ...

Regards,
Badger
Reply With Quote
  #161  
Old 07-09-2008, 11:15 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No solution is ever going to be perfect
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:57 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05535 seconds
  • Memory Usage 2,332KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (2)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete