Contacts Spam Filter

This little product/plugin disallows automatic sending of spam through the Contact Us page.

Notes to version 1.1.0.0

Due to an almost personal battle against some spammers - intended as: high spam update rate, specially in the weekends when both me and spammers have nothing to do - I added an option to check the allowed number of hyperlinks in the message body, which makes this spam filter a little more intelligent.

The default number of allowed links is set to 12, which appears to be the lower limit from the latest research.

For customizing the message and the number of allowed hyperlinks, an option interface was added, which appears right below the vBulletin Options list - Site Name / URL / Contact Details, as 'Contact Us' Spam Filter Settings.

Version History
1.1.0.2 Additional recognition strings (repetitive 'http://')
1.1.0.1 FIX: Hyperlinks count bug.
1.1.0.0 Additional recognition strings; check of allowed number of hyperlinks in the message body; options interface

1.0.1.10 Additional recognition string
1.0.1.9 Additional recognition string (not published)
1.0.1.8 Additional recognition string (not published)
1.0.1.7 Additional recognition string
1.0.1.6 Additional recognition string (not published)
1.0.1.5 Additional recognition string (not published)
1.0.1.4 Additional recognition string
1.0.1.3 Additional recognition string
1.0.1.2 Additional recognition string
1.0.1.1 Full vBulletin integration, updateable
1.0.0.0 Basic Spam Filter

[Arjan]

How can I get this code to work with 3.0.x?
It looks good, but so far I did not see a good way to get it to work with the older version.

[y2ksw]

Quote:

Originally Posted by Arjan

How can I get this code to work with 3.0.x?
It looks good, but so far I did not see a good way to get it to work with the older version.

In fact there isn't a good way to do this inside 3.0.x, since it would need code changes, I cannot even provide, sorry :knockedout:

[Arjan]

Well I got it working.
in the send message.php I added the code in two parts:

This part went into the E-mail permissions piece. Just before the initialisation of the error array.
Since (as I understood) this blocks mail sent from outside the page, I left the Die message in it. Don't make them wise

Look for:

Code:

// initialize errors array
$errors = array();

Above it add:

Code:

//ANTI SPAM PART 1
$AntiSpamMessage1 = 'Spam filter: Please send your message through the appropriate message form.'; 
$AntiSpamMessage2 = 'Spam filter: Your message has not been accepted since it has some SPAM like properties.'; 

// Make sure the form was sent from a browser 
if(!$_SERVER['HTTP_USER_AGENT']) 
{ 
    die($AntiSpamMessage1); 
} 

// Make sure the form was POSTed 
if(!$_SERVER['REQUEST_METHOD'] == 'POST') 
{  
    die($AntiSpamMessage1); 
}

//END ANTI SPAM PART 1

Then the rest goes a bit lower in the page.
In the section
// ############################### do contact webmaster ###############################

Look for:

Code:

	// if it's all good... send the email
	if (empty($errors))

Just above it add:

Code:

    //ANTI SPAM PART 2
    // Allow only the sendmessage script 
    $MyReferrer = strtolower($_SERVER['HTTP_REFERER']); 
    $MyURL = strtolower($vboptions['bburl'] . '/' . $vboptions['contactuslink']); 
    if($MyReferrer != $MyURL) 
    {  
		eval('$errors[] = "' . $AntiSpamMessage1 . '";');
    }  
	
    // Check for strings in the message body. 
    // This string is found in automated browsers (all yet) at the bottom. 
    // For completeness we parse all post variables for this string. 
    // Prepared for more recognition strings. 
    $MyStrings = array( 
        '9c53d2119880d95e96e1a71e3a6c8340',              // the start
        'dc64615b0a1e1bd3cb2689bf82248b5c',              // 2006-06-27
        'f4dd026ac39b9e2fa576404ae93f215c',              // 2006-06-30
        '849b90dee61199d2ed871b18e1575cb5',              // 2006-07-06
        '05980283d7fb0e8cc54b17a2b2a0ab96',              // 2006-07-10
        '70fcdb09b8b18b50874603a6c99fcbcb',              // 2006-07-15
        'bd0e28eaccfa349da99ddd3880835725',              // 2006-07-16
        '71b0d16f90c6ef289fb9e0b08b44fd7c',              // 2006-07-16
        'df487ef8b49cead02c1a5d00a04288ce',              // 2006-07-21
        '6d02afe3993f73507d90e3f877d8eed8',              // 2006-07-23
        '5064a72d6d1acabba6a21f655481a5b5',              // 2006-07-24
        '33766d282efd27c3468309e546e247c5',              // 2006-07-29
        'c9551bfed82d85381e7fd1deb6fef0af'               // 2006-07-30
        ); 

    // Loop through each POST item and check for the headers 
    foreach($_POST as $MyKey => $MyPostItem) 
    { 
        $MyTempItem = strtolower($MyPostItem); 
        foreach($MyStrings as $MyString) 
        { 
            if(strpos($MyTempItem, strtolower($MyString)) !== FALSE) 
            { 
		      eval('$errors[] = "' . $AntiSpamMessage2 . '";');
            } 
        } 
    } 

    // Cleanup 
    unset($MyDieMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString); 
	
    //END ANTI SPAM PART 2

This second part, uses the standard errors option, so it is showed in a nice way to the user. Just in case valid users do not pass the test (though I doubt).

[y2ksw]

Quote:

Originally Posted by Arjan

(...) I left the Die message in it. Don't make them wise

Right. In fact I would rather show a blank page, which means all and nothing in the same time

[Arjan]

True word.... I noticed

And the'' be kind show the user what is wrong' is also not a good idea.
Updating the errorstring and showing the form again invites the spammer (spambot) to retry. My server got huge pageloads in the last couple of hours (5 times more) with a normal, even a bit low, amount of visitors. Which resulted in an overloaded CPU.

I saw I forgot two pieces of code. And with the just Die version you will get this for the second part:

Code:

    //ANTI SPAM PART 2
    // Allow only the sendmessage script 
    $MyReferrer = strtolower($_SERVER['HTTP_REFERER']); 
    $MyURL = strtolower($vboptions['bburl'] . '/' . $vboptions['contactuslink']); 
    if($MyReferrer != $MyURL) 
    {  
		//eval('$errors[] = "' . $AntiSpamMessage1 . '";');
        die($AntiSpamMessage); 
    }  

    // Filter header injections
    $MyHeaders = array(
        "content-type:", 
        "mime-version:", 
        "content-transfer-encoding:", 
        "bcc:", 
        "cc:"
        );


    // Check for the number of hrefs in settings.
    // This makes it pretty secure against future spam versions.
    $MyPostItem = strtolower($_POST['message']);
    $MyTempItem = explode('href=', $MyPostItem);
    if(count($MyTempItem) >= 2)
    {
        die($AntiSpamMessage);
    }


    // Loop through each POST item and check for the headers
    foreach($_POST as $MyKey => $MyPostItem)
    {
        $MyTempItem = strtolower($MyPostItem);
        foreach($MyHeaders as $MyHeader)
        {
            if(strpos($MyTempItem, $MyHeader) !== FALSE)
            {
                die($AntiSpamMessage);
            }
        }
    }
	
    // Check for strings in the message body. 
    // This string is found in automated browsers (all yet) at the bottom. 
    // For completeness we parse all post variables for this string. 
    // Prepared for more recognition strings. 
    $MyStrings = array( 
        '9c53d2119880d95e96e1a71e3a6c8340',              // the start
        'dc64615b0a1e1bd3cb2689bf82248b5c',              // 2006-06-27
        'f4dd026ac39b9e2fa576404ae93f215c',              // 2006-06-30
        '849b90dee61199d2ed871b18e1575cb5',              // 2006-07-06
        '05980283d7fb0e8cc54b17a2b2a0ab96',              // 2006-07-10
        '70fcdb09b8b18b50874603a6c99fcbcb',              // 2006-07-15
        'bd0e28eaccfa349da99ddd3880835725',              // 2006-07-16
        '71b0d16f90c6ef289fb9e0b08b44fd7c',              // 2006-07-16
        'df487ef8b49cead02c1a5d00a04288ce',              // 2006-07-21
        '6d02afe3993f73507d90e3f877d8eed8',              // 2006-07-23
        '5064a72d6d1acabba6a21f655481a5b5',              // 2006-07-24
        '33766d282efd27c3468309e546e247c5',              // 2006-07-29
        'c9551bfed82d85381e7fd1deb6fef0af'               // 2006-07-30
        ); 

    // Loop through each POST item and check for the headers 
    foreach($_POST as $MyKey => $MyPostItem) 
    { 
        $MyTempItem = strtolower($MyPostItem); 
        foreach($MyStrings as $MyString) 
        { 
            if(strpos($MyTempItem, strtolower($MyString)) !== FALSE) 
            { 
		      //eval('$errors[] = "' . $AntiSpamMessage2 . '";');
              die($AntiSpamMessage); 
            } 
        } 
    } 

    // Cleanup 
    unset($AntiSpamMessage, $MyReferrer, $MyURL, $MyHeaders, $MyKey, $MyPostItem, $MyTempItem, $MyHeader, $MyStrings, $MyString); 
	
    //END ANTI SPAM PART 2

[y2ksw]

Thanks for adding your code modifications for 3.0.x

[mambo9]

Hey peeps!

Great thought on this hack, we have just started to recieve loads of thoose nice rolex watch ads through there lol.

I installed via the pluggin system, set the max hyperlinks too 3.

But, logged in as admin, i now cant test the system it seems? It always renders me the Spam Filter: msg!

Any ideas ?

[y2ksw]

Quote:

Originally Posted by mambo9

Hey peeps!

Great thought on this hack, we have just started to recieve loads of thoose nice rolex watch ads through there lol.

I installed via the pluggin system, set the max hyperlinks too 3.

But, logged in as admin, i now cant test the system it seems? It always renders me the Spam Filter: msg!

Any ideas ?

Fixed & tested on both vBulletin v. 3.5.4 and 3.6.0

[adwade]

Quote:

Originally Posted by y2ksw

Fixed & tested on both vBulletin v. 3.5.4 and 3.6.0

So happy to have tripped across this -and- the fact it's v3.6 compatible! Will be installing tomorrow on my day off!

[y2ksw]

You are welcome