[BETA] Anti-spam bots registration

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
M.O.B.
Registered User
Posts: 942
Joined: Tue Jan 04, 2005 1:07 am
Location: San Diego CA USA
Contact:

Post by M.O.B. »

keimo wrote: ahh thanks for that info man. I'm of the opinion that I don't want these asses even being able to get anywhere NEAR my forum again is a good thing so the autoban is something that appeals to me. I may stick the code in for a while then take it back out just to watch my ip ban's go up...

It's the little things in life that make it worthwhile ya' know :wink:

Please let us know how this works for you. Just to make sure the code is working great.
Image
User avatar
M.O.B.
Registered User
Posts: 942
Joined: Tue Jan 04, 2005 1:07 am
Location: San Diego CA USA
Contact:

Post by M.O.B. »

objectman wrote: The only common element in all my (tens of) spambot emails is the

Code: Select all

http://www.nwtools.com/default.asp?prog=express&host=
bit. Instead of IP addresses is it possible to ban an IP lookup like this one? Surely it would be a simple line of code?

I am not sure if I follow you, but you wish to not get the link of nwtools.com to be able to determine where the "spammer" IP is coming from? If you notice the spammer's IP address is always at the end of that URL link so you can click on it and be able to read more info on where that IP is from. It's the cream of the pie of how this mod works. If this is the case, I am not sure if you really want that. Please advice. I had trouble understanding your wishlist.
Image
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

Hmm, I am really liking your version of this mod(I made basically the same thing except it doesnt email you).

Are you planning on uploading this to the mods database? If you are, I would be willing to help make a second version(you could keep the lite version and the version with an adminCP) of this that has options in the AdminCP(like the email address to display, to turn it off or on, to ban IP's, to disable the website and or signature sections(and possibly more).

If you guys would like me to work on something like that with you I would be happy to. :D
RevJim
Registered User
Posts: 20
Joined: Mon May 15, 2006 9:27 pm

Post by RevJim »

objectman wrote: The only common element in all my (tens of) spambot emails is the

Code: Select all

http://www.nwtools.com/default.asp?prog=express&host=
bit. Instead of IP addresses is it possible to ban an IP lookup like this one? Surely it would be a simple line of code?[/code]


Hi objectman,

That nwtools.com link is NOT something the spammer is submitting. It's a link that this MOD creates and sends in the e-mail to make it easier to figure out who the spammer is (or might be). If you click it you will see a whole bunch of juicy information about the IP address that the spammer was using when he tried to register on your board. Don't worry, it's perfectly safe to click. :) In fact, there's a similar link in the standard phpBB administration panel -- click the IP address of a currently logged-in user on your board and you will go to the same site (although a slightly different version).

If you really don't want to see that link, you can delete this line of code from the MOD:

Code: Select all

$emailMessage  .= "IP Lookup = http://www.nwtools.com/default.asp?prog=express&host=" . $spammerIPAddress . "\n";
But there really is no need to delete it -- it's a perfectly harmless tool that you can use to research your spammers.

-RJ
User avatar
M.O.B.
Registered User
Posts: 942
Joined: Tue Jan 04, 2005 1:07 am
Location: San Diego CA USA
Contact:

Post by M.O.B. »

RevJim, Do you think it would be possible to switch nwtools.com to http://whois.domaintools.com ? I prefer using that IP checker. Unless you can school me why nwtools give better info? Thanks in advance.
Image
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

Would someone mind replying to my last post(you guys see it?)? :?
RevJim
Registered User
Posts: 20
Joined: Mon May 15, 2006 9:27 pm

Post by RevJim »

EXreaction wrote: Hmm, I am really liking your version of this mod(I made basically the same thing except it doesnt email you).

Are you planning on uploading this to the mods database? If you are, I would be willing to help make a second version(you could keep the lite version and the version with an adminCP) of this that has options in the AdminCP(like the email address to display, to turn it off or on, to ban IP's, to disable the website and or signature sections(and possibly more).

If you guys would like me to work on something like that with you I would be happy to. :D


EXreaction:

Sorry for the slow reply, I started typing it this morning and keep getting interrupted. :)

Yeah, my feeling is that the goal of pretty much any MOD should be to 1) get stable and 2) get promoted to "released" status through the mods DB. Since this is something of a community-built MOD I guess it's pretty much up to us (you, me, Andre, Raiden, and anyone else who has anything to contribute) to decide what needs to be done prior to submission.

Here's my list: (everyone is welcome to add more, or point out why my ideas stink) :)
  • 1. The e-mail subject line should start out with the IP address of the spammer, so you can easily sort your e-mails by IP address, and see which IP addresses are the most common (ie, the worst spammers). This is obviously a 1-minute change, I just haven't gotten around to it. ;)

    2. I like your idea of adding an administrative interface to the adminCP. Master on/off, send e-mail (yes/no), set e-mail address, include e-mail address in Die message (yes/no), and number of posts before users are allowed to edit their URL/sig fields should be in there.

    3. Ideally, there should probably be a checklist to pick which fields we're restricting. The current code just looks for URL/sig (because those are the fields that can contain hyperlinks to a website). However, since I've been running this code for a while, I've started to get bots that are putting URLs into other (non-hyperlinked) fields. There's no search engine benefit to this, I think they're just doing it for eyeball traffic. So the admin could just go check/uncheck fields that are accessible after the required number of posts.
I haven't written for the adminCP before, so feel free to take the first crack at it. :) It seems like a great idea to me.

-RJ
RevJim
Registered User
Posts: 20
Joined: Mon May 15, 2006 9:27 pm

Post by RevJim »

DJ Andre wrote: RevJim, Do you think it would be possible to switch nwtools.com to http://whois.domaintools.com ? I prefer using that IP checker. Unless you can school me why nwtools give better info? Thanks in advance.


The reason I went with nwtools.com is because the built-in phpBB administrator panel uses http://network-tools.com/. If you go to that URL there's a note at the top that says something like "newer, cooler beta tools are available at nwtools.com, and the current tools will stop being supported sooner or later" (yes, I'm paraphrasing here).

I don't know why the phpBB Gods chose networks-tools.com, but it kinda seems like the "official" code should stay with them unless we have a reason to switch. If you want to change your copy to use domaintools.com, here's the switch:

Code: Select all

$emailMessage  .= "IP Lookup = http://www.nwtools.com/default.asp?prog=express&host=" . $spammerIPAddress . "\n";
Changes to:

Code: Select all

$emailMessage  .= "IP Lookup = http://whois.domaintools.com/" . $spammerIPAddress . "\n";
-RJ
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

RevJim wrote: I haven't written for the adminCP before, so feel free to take the first crack at it. :) It seems like a great idea to me.

-RJ


I haven't really either(started modding the template once, but I never added MySQL tables). :oops:
But I am sure I could get it working great if I look at how other mods did it. 8)

I can look at getting the adminCP part started this weekend. I am a little busy now(the Vista Beta 2 just went public, so its my turn to play with it) but by this weekend either I will have Vista setup so I can start modding, or if I can't get sound drivers I will be back on XP. :)


BTW, do you have an IM? Like MSN or Yahoo? We could work together a bit then. 8)
RevJim
Registered User
Posts: 20
Joined: Mon May 15, 2006 9:27 pm

Post by RevJim »

EXreaction wrote: I haven't really either(started modding the template once, but I never added MySQL tables). :oops:
But I am sure I could get it working great if I look at how other mods did it. 8)

I can look at getting the adminCP part started this weekend. I am a little busy now(the Vista Beta 2 just went public, so its my turn to play with it) but by this weekend either I will have Vista setup so I can start modding, or if I can't get sound drivers I will be back on XP. :)


BTW, do you have an IM? Like MSN or Yahoo? We could work together a bit then. 8)


I'm on Skype and MSN. However, I only work 2-4 days a month, and this weekend I'm working. :) It'll take me a day or two to recover from doing actual work, so I'll be availabe next week some time... If you haven't figured it out by then drop me a PM and we'll get together to try and solve things. :)

BTW, if we're going to add an administrative control panel interface, maybe we should put an option in for the automatic IP bans? I don't think they are a good idea, but if they're optional, I shouldn't stand in anyone's way..... thoughts (anyone)?

-RJ
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom »

Adding an ACP interface is not difficult - check the MODs I've done (link to one in my signature) for a "template" for doing them, complete with language file changes. The only time it gets to be a bit more difficult is if you want to add a separate applet for doing it, rather than attaching to the existing admin_board.php script.

The important thing to remember is that any text displayed MUST be done through the language file interface, or your MOD isn't going to survive submission. No hard-coded English text allowed, except for certain hard errors that this sort of MOD shouldn't encounter. And template changes need to be as generic as possible (searching for template variables, for example, rather than whole lines), so that they can be installed in non-subSilver templates.

First candidates for an ACP interface: $cut_off, email Y/N.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer
Code3TJ
Registered User
Posts: 17
Joined: Mon Jan 26, 2004 9:31 pm
Contact:

Post by Code3TJ »

Personally, I like http://www.dnsstuff.com/ a bit better than network tools, but that's just my thing. Something else to possibly include (since a lot of the spammers seem to use it also) is the ICQ field.
User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction »

RevJim wrote: I'm on Skype and MSN. However, I only work 2-4 days a month, and this weekend I'm working. Smile It'll take me a day or two to recover from doing actual work, so I'll be availabe next week some time... If you haven't figured it out by then drop me a PM and we'll get together to try and solve things. Smile

BTW, if we're going to add an administrative control panel interface, maybe we should put an option in for the automatic IP bans? I don't think they are a good idea, but if they're optional, I shouldn't stand in anyone's way..... thoughts (anyone)?

-RJ


Ok, I will look for you this week(you can add me in msn, my profile has my address). :D

Code3TJ wrote: Personally, I like http://www.dnsstuff.com/ a bit better than network tools, but that's just my thing. Something else to possibly include (since a lot of the spammers seem to use it also) is the ICQ field.


Mabey the guys could have it send you both links in the email? That would be good, then you could pick which ever one you want. :)

Ya, mabey in the adminCP version we could have options to turn everything off except for the sections that are only needed for registering(username/password/email/captcha).
espicom wrote: Adding an ACP interface is not difficult - check the MODs I've done (link to one in my signature) for a "template" for doing them, complete with language file changes. The only time it gets to be a bit more difficult is if you want to add a separate applet for doing it, rather than attaching to the existing admin_board.php script.

The important thing to remember is that any text displayed MUST be done through the language file interface, or your MOD isn't going to survive submission. No hard-coded English text allowed, except for certain hard errors that this sort of MOD shouldn't encounter. And template changes need to be as generic as possible (searching for template variables, for example, rather than whole lines), so that they can be installed in non-subSilver templates.

First candidates for an ACP interface: $cut_off, email Y/N.
jimnms
Registered User
Posts: 6
Joined: Sat Jun 10, 2006 6:02 am

Post by jimnms »

I installed this last night on my forum. Afterwards I removed the bans on all email addresses that I had collected from previous spammer registrations.

I went to bed, and woke up early this morning like a kid on Christmas. I checked the email I forwarded the registrations to and was sad to see it was empty. I checked the forum and found 3 new spambot registrations. There was no signature or URL in the web page field though.

I tripple checked the install and it's all correct. I did was set the $cut_off value to "0" because I don't want to limit new users to not being able to fill out the website field after registering. Would that still allow the bots to register? I just changed it to "1" so I'll see tomorow if I have any mails.

Now, for a suggestion. What about just removing the whole "Profile Information" portion from the registration form, and only allowing that information to be filled out after the account has been activated?
User avatar
Remix_88
Registered User
Posts: 46
Joined: Wed Apr 23, 2003 12:52 pm
Location: Hampshire, UK

Post by Remix_88 »

RevJim wrote: 3. Ideally, there should probably be a checklist to pick which fields we're restricting. The current code just looks for URL/sig (because those are the fields that can contain hyperlinks to a website). However, since I've been running this code for a while, I've started to get bots that are putting URLs into other (non-hyperlinked) fields. There's no search engine benefit to this, I think they're just doing it for eyeball traffic. So the admin could just go check/uncheck fields that are accessible after the required number of posts.


If you are seeing SpamBots posting URL's in fields which are not intended to hold a URL why not validate those fields? If they hold content which looks like a URL stop/ban the attempted registration :-)

You will find code that you can derive this feature from in 'includes/functions_validate.php' in the 'validate_optional_fields' function.

Here is an extract by way of a simple example...

Code: Select all

// If the $feild_being_validated look like a URL halt the registration

if (!preg_match('#^http[s]?\\:\\/\\/[a-z0-9\-]+\.([a-z0-9\-]+\.)?[a-z]+#i', $field_being_validated))
{
  die('Bot registration attempt');		
}
Regards, Remix_88.
Post Reply

Return to “[2.0.x] MODs in Development”