Scheduled Task to Ban BugMeNot

Warning: Aparently this does not work with the latest vBulletin.

What is it?
One line summary: This "hack" allows you to ban publically shared accounts that come from a website called BugMeNot

More detailed summary: People visit BugMeNot to share accounts from websites that require registration. While this is great for websites such as the New York Times' site (which requires log-in to read articles), it is heavily annoying for forum communities as users will usually use these accounts to grab a bunch of attachments and will never actually contribute anything useful.

What does this script do?
I have written a scheduled task that will visit BugMeNot and retrieve a list of all shared accounts for your forum. All users on this list will then be banned. This is useful for two reasons:

1. You don't need to visit BugMeNot constantly to manually ban the accounts.
2. If you enabled attachments, you will be able to cut down on leeching.

What's new?
Version 1.3

• FIXED: Infinite loop due to BugMeNot changing account listing URL with 301 redirect.
• ADDED: Option for extra verboseness.

Version 1.2

• FIXED: Infinite loop when no accounts found due to BugMeNot now returning 404 response code.
• FIXED: allow_url_fopen php.ini setting is now no longer required to be enabled.
• FIXED: Rewritten BugMeNot parser to use custom-coded HTML downloader.

Version 1.1

• Almost a total rewrite incorporating most feedback.
• Will ban more than the first five accounts now.
• PHP4 compatibility now. Added a replacement function for array_combine(...)
• Added checking for safe_mode and allow_url_fopen

Version 1.0
Initial Release

System Requirements

• PHP >= 4.3.0, PHP >= 5.1.2 recommended.
• safe_mode off
• allow_url_fopen on

How do I install this?
Installation is very easy. The following may look like a lot, but they're all very simple steps. Here's what you have to do:

1. Download the script.
2. Edit the configuration variables in the file (see the next section)
3. Extract banbmn.php to your vBulletin "includes/cron/" directory.
4. Search the Admin CP menu for "Add New Scheduled Task" and click it.
5. Enter "Ban BugMeNot" in the "Title" field.
6. Change the hour field to the time your site is the least busy. (4am or something) - Leave all other date/time fields alone.
7. Enter the path ("./includes/cron/banbmn.php") to the script in the "Filename" field.
8. Click "Save"

Now run the task for the first time:

1. In the AdminCP menu, click "Scheduled Task Manager"
2. Next to the entry "Ban BugMeNot", click on "Run Now"
3. Wait for the task to finish; the more accounts on your forum are shared, the longer it takes.
4. Check your scheduled task log for details on what was done.

What can I configure?
Inside the script file is a configuration section where you can configure a variety of options that direct how the script will operate.

PHP Code:

// Usergroup to ban shared accounts to. This needs to be a "bannable group."
$banto = 8; 


This is the group all shared accounts will be banned into. You can find the Group ID with the "Usergroup Manager"

PHP Code:

// Ban reason
$banreason = 'How about you sign up for your own account instead of using a shared one?'; 


This is the reason shared accounts are banend with. People who try to use these accounts will see this message.

PHP Code:

// Custom Title (CT) for someone who is banned
$banct = 'Banned BugMeNot Account'; 


If you want to change the users title along with the ban, you can set the title in this variable. If you leave it blank the title will not be changed.

PHP Code:

// Do you want extra verboseness?
$beverbose = FALSE; 


This will make the script write many more messages into the scheduled task log. You can turn this on when testing the script, but you should turn it off once everything works.

PHP Code:

// Do you want even MORE verboseness? (This will log the returned HTML too!)
// (I added this mainly for me to test if BugMeNot is trying to break my hack again.)
$moreverbose = FALSE; 


Do not enable this. It will make your scheduled task log grow very large. The reason this exists as a setting at all is so you can try and find out why the script locks up. It will log the current loop iteration and the HTML code returned.

PHP Code:

// Check password too?
// Otherwise, a username will be banned regardless of the fact the password is wrong.
// You WANT to leave this set to TRUE unless you have a GOOD REASON not to.
$checkpass = TRUE; 


This setting controls if you want the password of an account to be verified as well. You should really leave this setting alone because if you disable it, anyone can add a valid username to the BugMeNot database (recall that BugMeNot is public and open to anyone) and it will be banned regardless of whether the login information is correct.

PHP Code:

// Don't ban moderators?
// Probably not a good idea seeing as their accounts were shared.. >>;;
$dontbanmods = FALSE; 


If you do not want to ban Administrators, Super Moderators, or Moderators, set this to TRUE. The default value of FALSE is fine, especially if you left password checking enabled.

PHP Code:

// URL to your forums. (The thing you enter on BugMeNot to see accounts for it!) Set
// to AUTO to use what you set in Admin CP.
$bburl = 'AUTO'; 


This is the URL that is checked on BugMeNot. The default value of 'AUTO' is fine.

PHP Code:

// Can the script sleep a bit?
// Tnabling this will make it seem less like a bot to the BugMeNot admins. DO NOT TURN
// THIS ON FOR LOADED SITES!
$dosleep = FALSE; 


This determines if the script will wait between accessing URLs on BugMeNot. If you have a large forum do not turn this on. If you have a low-traffic forum (less than 300 members), you can turn this on to make it less likely that BugMeNot bans you.

PHP Code:

// How long can it sleep?
// 3 - 5 seconds are good values. Anything bigger is dangerous and anything smaller useless.
$sleepmax = 3; 


This determines how long the script waits between accessing URLs. The default value is fine.

Support & Beta Version Infos
Support: I am a fairly busy server administrator but I will try my best in supporting this script. The only thing I ask for is for people to click install.

Beta Version Infos: I could only do limited testing. Reports on how it works (positive and negative) would be nice. Also, please don't be "pissed off" immediately if the script does not work for you. Tell me that it is broken and I will fix it as soon as possible!

[Kihon Kata]

Thanks for getting on this. Wil re-install soon

[Aurous]

Quote:

Originally Posted by Zabadab

As promissed, an update.

FIXED: array_combine() not available in PHP < 5.
FIXED: Only the first five accounts banned.

Note that I've rewritten the BugMeNot parser. It works for me, but I'd really like feedback on how it works for others. :classic:

Works great now. Thanks for the updates.

Another thing I noticed:
If you run the script a couple of times in short time span. The log shows "BugMeNot returned no shared accounts for your forum, ...". Where as if I go to the site and check directly, I still get a list of logins. If I keep clicking on "No" manually the list disappears and it returns no shared accounts for your site and doesnt show any result even if you close the window, clear cookies and search on BMN again. Now I tried visiting the site again from a different computer and the list shows up. I am not sure how the site works, but if they are storing sessions for a particular IP, then I wonder when they expire. It will be good to have this info in order for the script to be effective after running once.

Also, I was wondering if there are other identical sites on the net. I'm sure there must be a few around.

[Zabadab]

Quote:

Originally Posted by Aurous

Works great now. Thanks for the updates.

Another thing I noticed:
If you run the script a couple of times in short time span. The log shows "BugMeNot returned no shared accounts for your forum, ...". Where as if I go to the site and check directly, I still get a list of logins. If I keep clicking on "No" manually the list disappears and it returns no shared accounts for your site and doesnt show any result even if you close the window, clear cookies and search on BMN again. Now I tried visiting the site again from a different computer and the list shows up. I am not sure how the site works, but if they are storing sessions for a particular IP, then I wonder when they expire. It will be good to have this info in order for the script to be effective after running once.

Also, I was wondering if there are other identical sites on the net. I'm sure there must be a few around.

Yes, BugMeNot stores what accounts it returned for your IP and which of those did not work. Why it does this is a mystery to me but I like it quite a lot as it saves my hack from testing already tested accounts over and over. I doubt they save this information for longer than a week though.

In related news: BugMeNot aparently found out about this script and is now trying to stay ahead of me by changing their system every other day. :tired:

I've released version 1.2 which fixes the following:
FIXED: Infinite loop when no accounts found due to BugMeNot now returning 404 response code.
FIXED: allow_url_fopen php.ini setting is now no longer required to be enabled.
FIXED: Rewritten BugMeNot parser to use custom-coded HTML downloader.

I just have to keep trying to stay ahead of them now and hope they don't reinvent themselves every week...

[Aurous]

Quote:

In related news: BugMeNot aparently found out about this script and is now trying to stay ahead of me by changing their system every other day.

Well that was expected from them. I just hope you keep your script up-to-date for all of us.

Thanks a lot for a quick update on this hack.

[Dr.Viggy]

installed just now after getting my first bugmenot user. thanks for this

*clicks install

[Bernd Glasstett]

It doesn't work here. That's the error:
Database error in vBulletin 3.6.7:

Invalid SQL:
SELECT userid, liftdate FROM userban WHERE userid = T;

MySQL Error : Unknown column 'T' in 'where clause'
Error Number : 1054
Date : Thursday, August 16th 2007 @ 12:55:22 AM
Script : http://www.comicforum.de/admincp/cro...cron&cronid=22
Referrer : http://www.comicforum.de/admincp/cro...hp?do=modifyIP Address : 84.159.234.179
Username : Bernd Glasstetter
Classname : vB_Database

Running on vB 3.6.7 on PHP 5 and MySQL 5. Would love to use it...

[Zabadab]

*shrugs*

I no longer use vBulletin, sorry. It does say what version this is for:
> vB Version: 3.5.4

Edit: if anyone wants to continue developing this, go ahead. I place this in the public domain.

[Mecho]

damn . i need this hack alot .. bugmenot start to share new accounts and i dunno what shall i do to stop them !!

any idea plz ????

Hate bugmenot

[Primal Rage]

<a href="http://www.bugmenot.com/report.php" target="_blank">http://www.bugmenot.com/report.php</a>

[Mecho]

thanks man ... blocked their ...