Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > vBulletin 3.6 > vBulletin 3.6 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
vbStopForumSpam - known spammer lookup for new registrations Details »»
vbStopForumSpam - known spammer lookup for new registrations
Version: 0.61, by pedigree pedigree is offline
Developer Last Online: Nov 2013 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 3.6.1 Rating:
Released: 04-17-2008 Last Update: 01-26-2010 Installs: 1986
DB Changes Uses Plugins Auto-Templates
Additional Files Translations Is in Beta Stage  
No support by the author.

vbStopForumSpam

This provides access to a RBL type system for forum admins, listing known spam IP / email / usernames. The RBL database is provided by www.stopforumspam.com. You do NOT need an API key from the website in order to access the database. only to submit data if you should wish to do so.

At the point of user registration, the mod checks if the IP number / provided username / email addresses appear on a block list and can block the registration.

Whilst this isnt the most perfect way to stop all forum spam, its another step that spammers have to overcome.

VB4 here https://vborg.vbsupport.ru/showthrea...hreadid=230921
Its the same code, it works in 3.54 to 4.0


What it does

It checks with a remote database of known forum spammers. Their IP number, email address and forum username are tested and based on your configuration, you can reject / log / accept user registrations based on what you get back.

This version doesnt have
- whitelisting or the ability to submit users to the database but it will within the next week.
- automatic user deletion / post / PM purging. There are good tools out there already, this does something else.

Instructions are included in the installation.txt file - PLEASE read it first and dont forget to actually upload the files in the upload folder, otherwise it WILL kill your registration progress and you wont see the log file options in admincp. You do not need to download the product-vbstopforumspam-3.54.xml file unless you are using a vBulletin version older than 3.6.0

Changes to vB
- 3 new database tables
- 2 database table alternations
- No new templates.
- 2 Hook (register_addmember_process & register_addmember_complete)

Ive tested it but had feedback that it works with versions as old as 3.6.2... Support should go back to older versions, as long as they have hook support for register_addmember_process / register_addmember_complete

Known to work - tested by me
- vBulletin 3.6.8 on Apache 2.2 / PHP 5.1.2 on Linux using cUrl
- vBulletin 3.7 Gold on Apache 2.0 / PHP 4.4.3 on Windows without cUrl (template changes wont work on 3.7 - thats in the next version with auto template changes)

For code to submit spammers to the database, check this post for code changes
https://vborg.vbsupport.ru/showpost....&postcount=288

Reported in the thread to work
- 3.6.1, 3.6.2, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.74, 3.80, 3.81, 3.82, 3.83, 3.8.4, 4.0beta3


If you have 3.54, then you can use the product-vbstopforumspam-3.54.xml file attached instead of the one in the ZIP file, which will allow older vBulletin versions to access this mods' features. I personally havent tested this version, its a user contribution, thanks to Darrell Mobley, that changes the way the XML works when imported into older versions.

Installers should remember to refresh their ACP navigation window when they first install it so they can see the new log file menu item.

REQUIRES MySQL 4.1.1+

Future versions
- Automatic integration into vBulletin to add users to the stopForumSpam.com database from a form
- Whitelisting of username / IP / email addresses
- AJAX integration to allow for lookups from within the users profile
- Decreased remote query count from three per user to one per user.

Versions / Changes

0.1 Initial Release

0.2 pedigrees special brew birthday release.
- Small security update. If you have 0.1 installed, download 0.2 and replace your existing functions_vbsfs.php with the one in the archive. It just tests to see if its running inside the VB framework before anything else. This is what happens when you code at 2am after drinking wine

0.3
- stopped it processing valid registrations twice
- moved all non-function code into the plugin. Not a big one as 0.2 basically did that
- fixed a typo in the log pruner that stopped it working (404)
- removed unused fields from the database for people with mysql that doesnt support varchar > 255 (ie mySQL4). If you have 0.2 installed and dont need to prune your logs just yet, you dont really need to install this version but can instead wait for 1.0 unless of a massive security update.

0.4
- logs registrations that arent/wouldnt be blocked
- fixed XML errors when username has a space it in
- tightened up the cache so that it doesnt test a username against an email name to give a bypass result (for when a username is an email address that isnt banned where the email address is)
- fixed some basic logic errors in the PHP

0.6
- Should work on PHP 4.4 now - rewrote the XML with PHP4 in mind (tested on Apache2.0/PHP 4.4.3)
- Fixed a caching system where data wasnt being updated correctly which could cause a remote query when one wasnt needed
- Possible false negative situation when a spammer was blocked due to SFS.com being down who then visited again when it was up but within the cache expiry time
- Remote query failure when the result page isnt XML should work a bit better now. It does a very basic test for valid XML results.
- Fixed log purging (again) and it should actually work properly now.
- No longer requires PHP5
- The log viewer now links to a user profile when registration is allowed.

v0.61 - Removed a template change that was invalid vBulletin code. The package you download will still say its 0.60 however

NB : When upgrading from any version to 0.6, you must remove and then add the plugin due to changes in one of the database tables

You need to have an API key from www.stopforumspam.com in order to submit data, its free and easy to get... You DONT need an API key in order to use this mod however, only to submit spammer data.

Issues are
- The usergroup permissions / view details etc DONT work. I jumped the gun and put the permissions controls in there before I put the code in. Please delete the includes/xml/bitfield_vbstopforumspam.xml file and rebuild your postbit

Installation
- Follow the instructions in the zip file, that includes upload the correct folders
- ONLY download the 3.54 xml file if youre using a vbulletin version prior to 3.6.0. use this file to install the mod instead of the xml file in the zip file.

Please click Installed

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
2 благодарности(ей) от:
Nassou, rpgamersnet

Comments
  #162  
Old 07-15-2008, 09:38 AM
ski diva ski diva is offline
 
Join Date: Jun 2006
Posts: 208
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Am I doing something wrong? I can't find "vbStopForumSpam Permissions - Access / View / Submit " for any group in the Usergroup Manager, as directed in the installation process:

Quote:
Edit Usergroup permissions (Optional) (AdminCP -> Usergroup -> Usergroup Manager -> (Group) -> vbStopForumSpam Permissions - Access / View / Submit
Here you can allow specific usergroups access to details in User Ooptions/ Whos Online etc
Am I just not seeing it, or did I do something incorrectly?
Reply With Quote
  #163  
Old 07-16-2008, 08:02 AM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ski diva View Post
Am I doing something wrong? I can't find "vbStopForumSpam Permissions - Access / View / Submit " for any group in the Usergroup Manager, as directed in the installation process:



Am I just not seeing it, or did I do something incorrectly?
Nope, youre doing it right, I just jumped the gun and put those in there but never coded the security behind it so it doesnt work. Sorry, I need to remove these from the package as theyve been removed in 0.7 and replaced with another security method
Reply With Quote
  #164  
Old 07-16-2008, 11:31 AM
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Location: Toronto
Posts: 1,789
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi ...

I seem to get quite a few of these:

Quote:
[REMOTEERR] Unverfied but allowed by policy
Does ths mean that the host was down when these people registered?

BTW, any ETA on v.7?

Thanks....

Regards,
Badger
Reply With Quote
  #165  
Old 07-16-2008, 01:42 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Badger - yes

0.7 is coming along slowly, not as fast as I liked but baby was born yesterday so Im going to have a lot of spare time on my hands over the next couple of weeks.

I might split the stats engine off from this version and release it as 0.8. It will still log all the details to the stats tables, just reporting will be left out.
Reply With Quote
  #166  
Old 07-18-2008, 09:24 PM
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Location: Toronto
Posts: 1,789
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by pedigree View Post
0.7 is coming along slowly, not as fast as I liked but baby was born yesterday so Im going to have a lot of spare time on my hands over the next couple of weeks.
Congratulations !!!!!!! :up:

I didn't realize that was going on in the background.

Family is far more important then this stuff....

Take it from a 60+ guy, enjoy this terrific time in your life and create some great memories...

Regards,
Badger
Reply With Quote
  #167  
Old 07-26-2008, 12:52 AM
StepOnFrog StepOnFrog is offline
 
Join Date: Apr 2006
Location: The Pub
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by BadgerDog View Post
Ok, I just had a legitimate new member try to register and he got the spammer rejection message (our very first)....

It didn't like his IP address, indicating it has been used by someone to spam forums in the past. Here?s the information from the log:



What's very odd is that the actual IP address he was using when he tried to log on our site was IP Address: 195.93.21.8, which differs from the one he was rejected for?

Is something broken here?

By the way, I changed the username and email address for pivacy purposes.

Regards,
Badger


This MOD *looks* good, but the *most* important thing that users should be aware of is the possibility that a spammer's IP Address on one day (say Sunday 20th July, 2008) may be completely different from the one presented the day after (Monday 21st July, 2008).

IP addresses are dynamic, especially nowadays that BroadBand has hit off in such a huge way; simple thoughts... how many IP addresses are there, and how many people are there usin the internet, not to mention legitimate businesses? Just check your IP somewhere, switch off you system for a few minutes and restart... then recheck you IP. I'll bet both my hairy ones on the liklihood that your IP will have changed... more so in busy periods.! :erm:

Ergo, don't bother blocking IP Addresses, becuase it's very likely that you'll be blocking legitimate customers.! Really, the way to prevent spamming, is at registration, as this MOD does, but perhaps this MOD should add usernames and email addresses to a list when the Image Verification is failed and session cookie is different on reregistration.... :up:
  • If IV is failed and session cookie/date & time the same as last registration - possibly a legitmate user has input image code wrong, so add user to spammer list, but moderate posts when actually registered.
  • if IV is failed and session cookie/date & time is different from last attempt - likely to be a spammer returning... spambot sends registration info, but fails, and human equivalent returns to register (complete the job), so the session cookie and date/time will have changed for the same username.

The reason for this style of prevention: I've had a few spammers (or possibly the same one) returning to register after the SpamBot had failed only days earlier. :erm:

These threads explain it all in a lot more detail....
https://vborg.vbsupport.ru/showthread.php?t=184030
https://vborg.vbsupport.ru/showthread.php?t=185707
Reply With Quote
  #168  
Old 07-26-2008, 01:44 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Like I said, this mod isnt a perfect method of stopping spam. Ive addressed the changing IP issues but if you look at spamhaus / spamcop, are you seriously trying to tell me that this systems are inherently flawed? They stop billions of spams every day. Sure there is colateral damage.... Im guessing from the spambot registrations on my board, in the four figures now, there mightve been 1 false positive and thats what the Contact Us page is for.

Most of my spammers are caught on the email and username fields. If you look at the mod, you can disable checking on the IP number. As spambots dont register a new email address for every forum they try to register on, its a really good field for testing.

This mod gives you control of your forum, it doesnt push policy on anyone. If I want to stop an IP used for spamming within the 24 hours then *I* can. If you dont like the idea that you might block some poor innocent person who had the same IP as some spammer 6 hours after spammer changed IP, then dont test on IP number. From what Ive seen from my logs (and skippy, wired1 etc) is that it blocks a lot of persistent static/near static IP addresses. I think that youll be hard pushed to find a user of this mod complaining that its blocking innocent people on a mass scale but if you do, then why dont you code another mod?

Session cookies so change, restart your browser, its gone. You cant rely on session cookies as spambot engines do cookies. Im working on the mod each day and new features will be added all the time. Maybe Ill take some more time to add your suggested cookie theory... Its adds more control, which is what this mod is about

IP address count is about (256^4) - (2^25 + 2^16 + 2^20) give or take some for subnet broadcast addresses. 10/8 192.168/16 172.16/12 and 224/8 multicast
Reply With Quote
  #169  
Old 07-26-2008, 04:57 PM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I really like this mod, although the amount of spammers has actually gone up. Maybe the spammers read stopforumspam.com as well and find my board.

The AE detector does find spam bots for me. I did not expect that some spam bots actually can be discovered with cookies. So please do add cookie tracking.
Reply With Quote
  #170  
Old 07-26-2008, 06:49 PM
pedigree pedigree is offline
 
Join Date: Jul 2005
Posts: 370
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

alfa ill do something like AE detector where the registration process sets a non-vb cookie. all cookie tracking can be extremely easily bypassed by a bot with little coding on the part of the scum writer. With more and more people using spambot posters and more and more boards being spidered/discovered and added to the lists, its bound to happen

what I might do is test a mod addition to rename register.php with another named file with hitting register.php resulting in a temp ban from that ip perhaps.

Ive got some code kind of working, on the list of things to do, where the register form has encoded javascript, where is adds random fields to the input form. If they arent there with the post back, it knows its a spammer (as you cant submit the form without javascript enabled) - i know, i know, forcing javascript is a royal facist thing to do but its another way to hinder spambots.
Reply With Quote
  #171  
Old 07-27-2008, 12:15 AM
Alfa1's Avatar
Alfa1 Alfa1 is offline
 
Join Date: Dec 2005
Location: Netherlands
Posts: 3,537
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Asides from IP's and cookies, would it be possible to ID spammers based upon mac address or other things?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:46 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06756 seconds
  • Memory Usage 2,340KB
  • Queries Executed 25 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (2)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete