Kill spam registrations promoting websites

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
forum_clean
Registered User
Posts: 4
Joined: Thu Oct 21, 2004 6:08 pm

Kill spam registrations promoting websites

Post by forum_clean »

If, like mine, your forum seems to be plagued by idiots registering with a false email address just so they can advertise their websites within their profiles - here is a simple way of stopping them.

They are able to fake any IP address so blocking IP addresses won't work (I tried that!). It has really, really annoyed me. Why should these parasites use our hard work in setting up our forums to advertise their seedy little websites?

There is an excellent, sophisticated solution here http://www.phpbb.com/phpBB/viewtopic.php?t=232413 but if you want a simple, quick fix - do this...

One of the files in PHPBB is called usercp_register.php and this is found in the "includes" folder within your forum. FTP to your forum and download this file and open it in an editor - notepad, Dreamweaver, Frontpage etc.

Find the bit that begins:

Code: Select all

$sql = "INSERT INTO " . USERS_TABLE............ 

The significant bit is the "INSERT INTO" as this is the part of the code that adds a new registrant into your forum database.

Immediately before the line that has the "INSERT INTO" add the following code:

Code: Select all

$urlbits = parse_url($website);
if (strstr($urlbits['host'] ,'.ru') 
|| strstr($urlbits['host'] ,'jewelry')
|| strstr($urlbits['host'] ,'e-pathto')
|| strstr($urlbits['host'] ,'getvaran')
|| strstr($urlbits['host'] ,'ebintel')
|| strstr($urlbits['host'] ,'godaddy')
|| strstr($urlbits['host'] ,'gogo')
|| strstr($urlbits['host'] ,'chopoy')
|| strstr($urlbits['host'] ,'peir')
|| strstr($urlbits['host'] ,'top')
|| strstr($urlbits['host'] ,'sex')
|| strstr($urlbits['host'] ,'money')
|| strstr($urlbits['host'] ,'click')
|| strstr($urlbits['host'] ,'cash')
|| strstr($urlbits['host'] ,'blond')
)
 {
 exit("Drop dead ...");
 }

This is what it does....

$urlbits = parse_url($website);
This bit simply splits their website URL into its component parts and stores their domain name in $urlbits['host']

The next line tests to see if their domain name contains ".ru" (a good one to block as this is common to many of these horrible web sites).

The || at the beginning of each subsequent line simply means OR so what it is saying is IF the domain name contains ".ru" OR 'jewelry' OR 'e-pathto' etc etc then they can't get any further, they just get a blank screen that says "Drop dead ...". Obviously, you can change this "Drop dead ..." phrase to whatever you want!

All the other words are ones that I use (look at the recent registrants in your forum and you will see what I mean).

If you find that someone registers in your forum and has some other new web site simply duplicate one of the lines like :

|| strstr($urlbits['host'] ,'chopoy')

and change the word - in this case 'chopoy' - to whatever word you want that appears in their domain name.

Then, all you need to do is save the file and put it back (FTP) on your server, into the "includes" folder, so that it replaces the original.

The way I look at it is that these parasites can only have a finite number of websites between them. So adding a new line to this code every now and then is no real hardship. It blocks them from registering so they can't promote their websites and gain a higher Google page rank by having all our forums linking to them.

Finally, for goodness sake, delete all these parasites that have registered in your forum!!
:wink:

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Post by Techie-Micheal »

Not bad. :) The only problem I see with that though is that the spammers will get more names and keep going.
Proven Offensive Security Expertise. OSCP - GXPN

forum_clean
Registered User
Posts: 4
Joined: Thu Oct 21, 2004 6:08 pm

Post by forum_clean »

True, but - since implementing this code I have had far fewer spammers attempting to register (I have made other modifications which records ATTEMPTED registrations along with their spoofed IP address)

Maybe their robots realise that their registration has failed and give up trying....?

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Things come and go in waves... but since I implemented the code (as posted in the link above) I have had zero spammer bot registrations. The key is that the only reason they want to join is to get their website listed. If you don't allow "regular" users to enter a website during registration, and one comes in anyway, then you know it's a bot.

Hmmm, didn't think about writing to a log. I am going to do that. Right now I don't know if I'm not getting spammed because I'm not getting spammed ;-) or because the code is working.

I like your quick fix, but as Techie says you'll have to keep up with the typical spammer websites. Plus you could potentially be preventing a regular user from entering a legitimate site that happens to be in Russia, or include the word "jewelry". In my code I allow a user to enter a website only after a set number of posts. But they are free to enter any sort of web site.

BTW, thanks for mentioning my Beta MOD topic... I had seen people viewing it, but nobody has (as of yet) commented on it, so I didn't know if it was attracting any interest. 8)
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

Sphen
Registered User
Posts: 524
Joined: Wed May 19, 2004 5:06 pm
Location: Land of the Beaver
Contact:

Post by Sphen »

This looks like a great fix. The only thing that I think could make it better would be to standardize it into a real MOD, and, for ease of use, allow users to add new words to the list via the ACP. Thus, stopping spammers is as easy as typing in a few words in the ACP. Otherwise, though, it looks great. :D
I think, therefore I am, I think...
My previous posts are under the name "UberSphen"

Volion
Registered User
Posts: 94
Joined: Sun Nov 09, 2003 5:25 pm
Contact:

Post by Volion »

Great Fix, works good :wink:
Image
Proud supporter of phpBB-RPG.com.

nostrebor
Registered User
Posts: 23
Joined: Mon Aug 23, 2004 3:32 pm
Location: Hockeytown
Contact:

Re: Kill spam registrations promoting websites

Post by nostrebor »

forum_clean wrote: || strstr($urlbits['host'] ,'godaddy')


Hang on - I host through godaddy. Would this delete/remove my website in my profile? Or any other legitimate website registered through godaddy?
Jodi

User avatar
Draegonis
Former Team Member
Posts: 3950
Joined: Mon Apr 22, 2002 3:12 pm
Location: Kµlt øƒ Ø
Contact:

Post by Draegonis »

If you have a godaddy domain, then yes - though it will not filter out sites that are hosted on godaddy but have their own domain.
This is fairly easy to customise also, so if you do want a particular string to show up on your site, just delete that line. Similarly, you can add lines with filters of your own.

nostrebor
Registered User
Posts: 23
Joined: Mon Aug 23, 2004 3:32 pm
Location: Hockeytown
Contact:

so i'm clear

Post by nostrebor »

Hi Draegonis,
Just so I'm clear (having a duh moment), my website which is
homeschoolingonashoestring-dotcom will not be deleted just because it is hosted on godaddy. But if some spammer joins and adds a website ex: badword-godaddy_dotcom, then it will kill that?
Thanks :)
Jodi

User avatar
Draegonis
Former Team Member
Posts: 3950
Joined: Mon Apr 22, 2002 3:12 pm
Location: Kµlt øƒ Ø
Contact:

Post by Draegonis »

Correct. :)
The code filters the URL itself, not who hosts it.

nostrebor
Registered User
Posts: 23
Joined: Mon Aug 23, 2004 3:32 pm
Location: Hockeytown
Contact:

what a beautiful thing

Post by nostrebor »

Bruce,
That change is a beautiful thing! Since like Halloween I've been getting a lot of nut jobs registering so I ended up changing my approval from user enabled to admin enabled. But that takes more time to remove each case. This way, it's quicker! :D
I'm still leaving the admin enabled on for a few more weeks so I can add to the filter.
Thanks again,
Jodi

Ice794
Registered User
Posts: 184
Joined: Thu Oct 09, 2003 4:45 pm
Location: 127.0.0.1
Contact:

Post by Ice794 »

I don't get any spammers at the moment, but I'm a small community at the moment. But it will probably become a problem in the future. I'll keep these Mods in mind, cheers.

Another way to block bots is to use a picture registration method. Make the user enter a code which is displayed in a not too clear image. I'm sure you know what I'm on about. I can't really describe it.

Another way would be to prune usres. Delete non-active members. I wouldn't mind people putting their URL's as part of their profile if they were posting in the community and are a valued member. It's when they sign up, put their URL in their profile and not post; that's what I object to.

Another thought I've had for the past few months but not mentioned or acted on it is to develop a code where user accounts are automatically terminated if their post average drops below so many posts per day. For example, if Hitman24 fell below 0.50 Posts Per Day then his account would be terminated and he'd have to sign up again.

This could also be done with the CashMOD. A user earns so many points for posting. A certain number of points are deducted from the users' account every 24 hours. If that users' account gets to 0 points then their account is terminated.

What are your views.

Icé :cool:

mskonfa
Registered User
Posts: 11
Joined: Thu Oct 14, 2004 4:35 am

Post by mskonfa »

Is there anyway to just eliminate that field in the profile?

nostrebor
Registered User
Posts: 23
Joined: Mon Aug 23, 2004 3:32 pm
Location: Hockeytown
Contact:

Post by nostrebor »

Ice794 wrote: Another way to block bots is to use a picture registration method. Make the user enter a code which is displayed in a not too clear image. I'm sure you know what I'm on about. I can't really describe it.

Another way would be to prune usres. Delete non-active members. I wouldn't mind people putting their URL's as part of their profile if they were posting in the community and are a valued member. It's when they sign up, put their URL in their profile and not post; that's what I object to.

Hi Ice',
That picture registration would be the visual confirmation. Which I just finished doing--almost. I did all the files exactly, read and re-read, but now in my Admin Panel, there's the line Enable account activation and directly underneath that it is blank but there are two radio boxes (yes and no) which my assumption would be where the file says it should say Under General -> Configuration you will find a new option "Enable Visual Confirmation", - mine is blank - no wording. I double checked my lang_admin.php and lang_main.php and the visual is in there. What the hey?

Also I do have a lot of non-active members. My 'group' was originally on yahoo groups and I lost some people because they just weren't able to change from yahoo to forums (I used Invision for a little bit before phpbb2). Now it seems most of them aren't posting. I've been trying to figure out how to send new posts in an RSS/XML feed but I haven't gotten that far yet. I think that some of the members are slow to change, not liking when it's something new and some forgetting when their inbox doesn't fill up.
Jodi

Edit to add: The visual confirmation is not working for me :o . I'm looking around the posts to see what's wrong but if anyone knows, please tell me. Thanks!

Edit to add: I got it! It works great! :D There were some files which I had to manually update (plus all the templates) and then upload the usercp_confirm. It's cool. Sure hope this 'sword in hand' helps fight a lot of the spam!

Ice794
Registered User
Posts: 184
Joined: Thu Oct 09, 2003 4:45 pm
Location: 127.0.0.1
Contact:

Post by Ice794 »

Yeah, a lot of people don't like changing. I find if you offer a load of features then people get intrigued and change that little bit faster. Some people just don't like change, simple.

I'm going to put the visual confirmation on my boards probably within the next couple of months. Spamming isn't really a problem at the moment.

Good look in your 'fight against spam' :)

Icé :cool:

Locked

Return to “2.0.x Discussion”