[ABD] phpBB spam hammer

Any abandoned MODs will be moved to this forum.

WARNING: MODs in this forum are not currently being supported or maintained by the original MOD author. Proceed at your own risk.
Forum rules
IMPORTANT: MOD Development Forum rules

WARNING: MODs in this forum are not currently being supported nor updated by the original MOD author. Proceed at your own risk.
Locked
Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 8:18 am

John T. Folden wrote: I was just looking at this and there's a mistake in the install instructions -

The instructions indicated for /language/en/acp/board.php is actually a variant (newer?) of the instructions for /includes/acp/acp_board.php.

Also, I think that it should be

Code: Select all

                        'legend3'                => 'LINKS_FILTER_OPTIONS',
in /includes/acp/acp_board.php
Thanks John, I had been rushing trying to sort Heredia out. I have corrected the install file,and uploaded it.
I have put the edit above 'legend3', as it makes it easier to search for the correct place to place the mod code, and doesn't seem to affect the code below it,despite being 'legend4'.

@Heredia21 I'm with John on this. We are trying to develop an anti spam mod, not customise your board for you, by correcting bugs in the unapproved mod you have installed. There is a conflict between that mod, and this. I would go further,and suggest it may be a security risk? When I was testing on your forum, I was clicking "preview", because I didn't want to start filling your board with rude spam words. That mod, has a bug, because it just posts what you want to preview anyway. When I pointed this out to you, you replied
It isnty quirky it is just a jquery quickreply. It posts whatever you post
everything slides up instead of reloading page. It is not previewing it is
posting. If you decide to refresh page itll look normal.
My point being that the mod shouldn't post something that you only want to preview.
May I respectfully suggest, that you ask for even more help with that mod from its author.
We will continue to develop this mod, and may have more idea of why it causes the conflict at a later date. Until then, let's not get side tracked customising it for anybody.

@John Thanks for the language file :D I can see this mod taking off. In fact, I'd go further, and predict it, or something like it, becomes a core part of phpbb? If that's the case, the ability to add language support will become essential.

Anyway, now for the fun part, I'm off to check my logs :lol: Childish of me I know, but I love the thought of the spammers jumping through all the hoops we set up for them, only to delete themselves at the last hurdle, and save us the bother :lol:
Go on ! it's not as steep as it looks.....

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 8:33 am

Anyway, now for the fun part, I'm off to check my logs :lol: Childish of me I know, but I love the thought of the spammers jumping through all the hoops we set up for them, only to delete themselves at the last hurdle, and save us the bother :lol:

I'm loving this part :) Are you running extreme? I have pages of profile disabled/deleted for profile abuse :) It's so much fun. And you can see the "real people" (????) try to remove links from the sig and get it to post. Maybe that is scripted because phpBB has a sig link limit in the core.

On my next update I will be sure to tease out all the text strings and make sure they are handled properly, right now some of the extreme messages are hard-coded instead of using the translate friendly version. THe logs are too, but that would be a real pain to move to the language module. Maybe there is a better way when it is time to go that far. I'll make sure all the user-side text is well handled prior to a 0.0.3.
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 8:46 am

I'm not seeing any bots hit my domain and start playing about?
I'm serious when I'm speculating that they have blacklisted my site as pointless to try and spam? It will be interesting to see if your spam attempts decrease as they realise there is no point on your site either?

I think we need one of the forum owners who have been begging for help combating spam in this thread?
Preventing Spam in phpBB 3.0.6 and Above

Anyway, let's get some testing done, which is already looking pretty hopeful, and we can dress it up and package it nicely once it's bomb proof :) After the coding you've done, sorting languages should only take five minutes or so ;) :lol:
Go on ! it's not as steep as it looks.....

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 9:02 am

I'm not seeing any bots hit my domain and start playing about?
Have you tested with guest, etc to make sure it logs? It will also tell you if it filters and approves someone. It reports all activity related to filtering, the only thing it doesn't report is when it rejects a 'regular' user for filtering (user beyond the limits you set).
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 9:07 am

Another extreme option is to count the URLs and delete accounts with > a defined limit. I mean, what normal user is posting more than 10 links? 50? This would get the (few) spambots I'm still seeing who don't try to do a profile first.
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 9:40 am

dangerousprototypes wrote:Another extreme option is to count the URLs and delete accounts with > a defined limit. I mean, what normal user is posting more than 10 links? 50? This would get the (few) spambots I'm still seeing who don't try to do a profile first.
Nice thought :) What legitimate new user posts with more than 1 link in a post?
Two maybe, or even three at a push, but more ?
Set to autodelete any new user that posts say 20+ links, would harvest some bots.
Go on ! it's not as steep as it looks.....

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 9:47 am

dangerousprototypes wrote: Have you tested with guest, etc to make sure it logs? It will also tell you if it filters and approves someone. It reports all activity related to filtering, the only thing it doesn't report is when it rejects a 'regular' user for filtering (user beyond the limits you set).
Just sent you a PM ;)
Go on ! it's not as steep as it looks.....

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 9:57 am

Capitanqueso posted this on the old thread:
capitanqueso wrote:Thanks for this mod certainly it will help shake off some Russian spammers
I translated to spanish language content
language/es/posting.php

Code: Select all

  'NO_LINK_FOR_YOU' => 'Tu cuenta no tiene permiso para postear links o referencias de dominio/página',
language/es/acp/board.php

Code: Select all

  'LINKS_AFTER_NUM_POSTS'            => 'Cantidad mínima de posts antes de postear links externos',
  'LINKS_AFTER_NUM_POSTS_EXPLAIN'    => 'Usuarios necesitarán este número de posts antes de que puedan usar el tag BBCode [URL] o postear urls a páginas externas y referencias de dominio.',
  'LINKS_AFTER_NUM_DAYS'            => 'Días mínimos desde su registro antes de postear links externos',
  'LINKS_AFTER_NUM_DAYS_EXPLAIN'    => 'Usuarios necesitarán haber estado registrados esta cantidad de días antes de que puedan usar el tag BBCode [URL] o postear urls a páginas externas y referencias de dominio.',
Go on ! it's not as steep as it looks.....

John T. Folden
Registered User
Posts: 188
Joined: Tue Sep 04, 2007 12:16 am

Re: [DEV] phpBB spam hammer

Post by John T. Folden » Thu Feb 24, 2011 10:34 am

I've got a "Link whitelist" issue... it's not really a 'bug" but more of a usability issue that was revealed when I was combing the log results.

As an example, I have the link http://domain.com in the whitelist. A new user/guest posts a message relating to that site but just puts domain.com in the post, without the http://, and the post is rejected. Might there be a way to catch this so that 'domain.com can be posted with or without http:// in front of it?
---

Another crazy idea, off the top of my head, that I thought I'd post to get everyone's thoughts on (and see how difficult it might be)...

I'm wondering if there might be another string, the browser agent string, that we could check against? Quite a number of bots present themselves as older browser versions. If we could block posting by including, say, MSIE5.5, Opera 8.0, Win95, etc... it would eliminate some of the dumb bots that are just leaving silly messages.

I realize this is well beyond links and word filters but for a 'spam hammer' it's yet another possible way to hit a nail. ;)
The Blue Whale Pub - SPN/SF/F TV Discussion Forum
ZOMBIE ALERT: The Walking Dead are coming to AMC!

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 11:04 am

To filter the www.ownsite.com without http:// the code does search and replace of http://, then does a second replace of just www.ownsite.com. That would get a bit complex to parse and handle the whitelist domains (check for http, remove if there, double search) in the code as it exists, I'd recommend adding www.ownsite.com as a separate whitelist for now :)

For advanced and well done user agent string denials, check out Bad Bahaviour, it does that without loading the forum and saves a ton of cycles. There is no drop-in phpBB3.0.8 mod, but the generic install is just a matter of adding a single line to your common.php file.
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

John T. Folden
Registered User
Posts: 188
Joined: Tue Sep 04, 2007 12:16 am

Re: [DEV] phpBB spam hammer

Post by John T. Folden » Thu Feb 24, 2011 11:35 am

dangerousprototypes wrote:To filter the http://www.ownsite.com without http:// the code does search and replace of http://, then does a second replace of just http://www.ownsite.com. That would get a bit complex to parse and handle the whitelist domains (check for http, remove if there, double search) in the code as it exists, I'd recommend adding http://www.ownsite.com as a separate whitelist for now :)
Actually, if I'm understanding what you are saying correctly, my first thought was to double up on the list and so I tried adding it in the white list twice as http://domain.com and just domain.com however, domain.com apparently gets trapped by the fact that .com is in the link search strings.
For advanced and well done user agent string denials, check out Bad Bahaviour, it does that without loading the forum and saves a ton of cycles. There is no drop-in phpBB3.0.8 mod, but the generic install is just a matter of adding a single line to your common.php file.
Thanks for the tip, I wasn't aware it could be used with phpbb and so never really looked at it. :)
The Blue Whale Pub - SPN/SF/F TV Discussion Forum
ZOMBIE ALERT: The Walking Dead are coming to AMC!

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 11:44 am

Here's an obvious real person. They probe and try to get around it, make a successful post and then try the sig right away. I'm guessing this is a botnet operator trying to get around the system, or maybe a real-life link spammer. They must know the profile leads to deletion because they probe it before and after the post but don't try to submit.

Code: Select all

Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:34 pm 	{Spam hammer: CHECKED SIGNATURE of 'brackle'. DETECTED: links, bad words, ERRORS: Antispam: You can't have off-site URLs in your sig until you post a few times. Click for help., Do you kiss your mom with that mouth? We don't want to read that! (games) Click for help. CONTENTS: [url=http://www.mmorpggames.org.uk]MMO RPG Games[/url]} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:33 pm 	{Spam hammer: CHECKED PROFILE of 'brackle'. DETECTED: profile disabled, ERRORS: Antispam: You can't have a profile yet. You need to post a few times first. Click for help.} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:33 pm 	{Spam hammer: CHECKED POST of 'brackle'. OK} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:30 pm 	{Spam hammer: CHECKED POST of 'brackle'. DETECTED: too few words, ERRORS: Antispam: Sorry, your first post needs to be just a little longer. Click for help. CONTENTS: Re: Looking for surface mount component assortmentsyes have found ebay to be very useful} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:27 pm 	{Spam hammer: CHECKED SIGNATURE of 'brackle'. DETECTED: links, bad words, ERRORS: Antispam: You can't have off-site URLs in your sig until you post a few times. Click for help., Do you kiss your mom with that mouth? We don't want to read that! (games) Click for help. CONTENTS: [url=http://www.mmorpggames.org.uk]MMO RPG Games, Online Gaming[/url]} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:26 pm 	{Spam hammer: CHECKED SIGNATURE of 'brackle'. DETECTED: links, bad words, ERRORS: Antispam: You can't have off-site URLs in your sig until you post a few times. Click for help., Do you kiss your mom with that mouth? We don't want to read that! (games) Click for help. CONTENTS: [url=http://www.mmorpggames.org.uk]MMO RPG Games, Online Gaming[/url] [url=http://www.handwarmer.org.uk]handwarmer, hand warmer[/url]} 	
Anonymous 	86.140.23.79 	Thu Feb 24, 2011 12:24 pm 	{Spam hammer: CHECKED PROFILE of 'brackle'. DETECTED: profile disabled, ERRORS: Antispam: You can't have a profile yet. You need to post a few times first. Click for help.}
Once they made the good post we noticed it right away and blasted the account. They worked for 10 minutes and we deleted them in 10 seconds, that is a much better balance of time vs effort than cleaning out all the previous automated spam :)
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 11:48 am

Thanks for the update, I'll take a look at that when I'm finishing up.
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

Philthy
Registered User
Posts: 210
Joined: Tue Dec 27, 2005 10:05 am
Location: Dawlish, Devon
Contact:

Re: [DEV] phpBB spam hammer

Post by Philthy » Thu Feb 24, 2011 12:50 pm

dangerousprototypes wrote: Once they made the good post we noticed it right away and blasted the account. They worked for 10 minutes and we deleted them in 10 seconds
Sweet isn't it :lol: It's about time the tables were turned on spammers.
I much prefer proactive, to reactive.
Go on ! it's not as steep as it looks.....

dangerousprototypes
Registered User
Posts: 91
Joined: Fri Feb 11, 2011 5:53 am
Contact:

Re: [DEV] phpBB spam hammer

Post by dangerousprototypes » Thu Feb 24, 2011 4:25 pm

I added extreme measures to the other parts too. Users with 0 posts are deleted if they:
* Submit a profile
* Submit a spammy signature
* Users with more than $extreme_links_delete links in a first post (default 10)
*Should not delete teh anon or ignore users

Code: Select all

private $extreme_links_delete=9;
Configure the max number of links in a first post. More than this and the user is deleted automatically. Users are returned to the post with an error so they can copy and paste the post for later if it was legit.

Not recommended, but still fun. Latest version is in SVN, wiki is updated.
Please do not PM or mail with questions. Ask in the forum where everyone can share the answer.

Locked

Return to “[3.0.x] Abandoned MODs”