[2.0.13] disable spambots

The cleanup is complete. This forum is now read only.
Post Reply

Rating:

Excellent!
17
47%
Very Good
3
8%
Good
8
22%
Fair
2
6%
Poor
6
17%
 
Total votes: 36

Extensions Robot
Extensions Robot
Extensions Robot
Posts: 29220
Joined: Sat Aug 16, 2003 7:36 am

[2.0.13] disable spambots

Post by Extensions Robot »

MOD Name: disable spambots
Author: magenta
MOD Description: This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate
comment form (stopping simple random-submission bots), that
the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit). If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.

Since implementing this mod, my forum has only gotten two spams posted to it, and both were manually posted by a human. Countless thousands of spams were blocked.

For added security, you should change the "nana" and "foofoo" text inserted in the first "BEFORE, ADD" step so that spambots can't simply spoof the form values as well.



MOD Version: 1.1.4 (Updated 04/01/05)

Download File: disable-spambots-1.1.4.mod
mods overview page: View
File Size: 5279 Bytes

Security Score: 0
Last edited by Extensions Robot on Mon Apr 30, 2007 12:30 am, edited 1 time in total.
(this is a non-active account manager for the phpBB Extension Customisations Team)
wGEric
Former Team Member
Posts: 8805
Joined: Sun Oct 13, 2002 3:01 am
Location: Friday
Name: Eric Faerber
Contact:

Post by wGEric »

MOD Validated/Released

Notes:
This MOD helps prevent spam bots from posting by checking an auth key and seeing how long it took to write the message. If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.
safeTsurfa
I've Been Banned!
Posts: 1959
Joined: Sat May 08, 2004 10:21 am
Location: United Kingdom
Contact:

Post by safeTsurfa »

If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.

So when/if that happens, what next? What are the mechanics for preview-state posting, is it seen as something by the board/database, or is it dropped harmlessly? This kind of reminds me of the "lost clusters" on a hard drive... they eventually add up to problems.
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

The user then can resubmit from the preview. Basically, if a legitimate user manages to trigger the spambot protection (it's possible, but unlikely) then it acts as if they pressed "preview" instead.

The actual mechanism is it looks to make sure that the user agent, IP address, and forum/topic/comment (depending on the sort of post) are the same through all steps in the process. (Obviously there's a few cases where a legitimate user's IP address can change, which is why the request is turned into a preview so that they can try again, and in these cases the user will probably just think "Hm, I must have accidentally clicked preview. Oh well.")

It's still possible for a spambot to spoof the request, but it needs to actually scrape the page of the post it's replying to and wait 5 seconds before posting, which puts a severe damper on their operations. A spambot which doesn't do this won't realize that the submit didn't happen and so the spambot authors will take a while to catch up to this (unlike an IP address banlist which just tells the spambot to switch to a different open proxy or whatever).

If it becomes necessary in the future, there's a few other things which can be added in order to trip them up a bit more. Unfortunately, spam protection is always a losing battle. :( But, ever since I wrote this mod I haven't gotten a single comment spam, while my forum was being spammed pretty heavily before.
clarkfromrainbow
Registered User
Posts: 2
Joined: Fri Aug 27, 2004 11:03 am
Contact:

Post by clarkfromrainbow »

Small remark; this is made unecesary if you disallow anonymous users from posting.

In posting.php

Search for :

$userdata = session_pagestart($user_ip, PAGE_POSTING);
init_userprefs($userdata);

---add after ---

if ($userdata['user_id'] == ANONYMOUS)
{
redirect(append_sid('login.'.$phpEx));
}
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Uh, you can disable anonymous users from posting by just setting the forum permissions to require login.

Also, the entire point to this mod was that I <em>didn't</em> want to disable anon posts - that's the easiest way to drive away potential commenters.
akslee
Registered User
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver
Contact:

Post by akslee »

I don't understand the part where the author said :

For added security, you should change the "nana" and "foofoo"
text inserted in the first "BEFORE, ADD" step so that
spambots can't simply spoof the form values as well.

So what should I write instead?

When I deployed this code, I get an DEBUG error message.
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?
akslee
Registered User
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver
Contact:

Post by akslee »

strange, it is now disappeared. :roll:

I think my p2p upload was at max, and it interfered with the forum posting when I submitted.

Now that I turned the p2p off, it is working fine. Oh well. Thanks for such a quick reponse. This is my fastest experience from a mod author to respond that quick. :D
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

No problem. :)
Dochas
Registered User
Posts: 10
Joined: Thu Oct 21, 2004 11:38 pm

Post by Dochas »

Forgive the newbie question - is this EasyMOD compatible?

Thanks,
Dochas
magenta wrote: Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?
akslee
Registered User
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver
Contact:

Post by akslee »

No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
Dochas
Registered User
Posts: 10
Joined: Thu Oct 21, 2004 11:38 pm

Post by Dochas »

Thanks akslee.

Dochas
akslee wrote: No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.
The Founder
Registered User
Posts: 24
Joined: Thu May 06, 2004 6:46 pm

Issue with the mod

Post by The Founder »

I had this mod running perfectly (so I thought) for a day.. and I noticed the amount of posting went down.. I found out that many of the users were getting that "preview page" it was actually pretty dramatic... a full 30% or so of the users were getting it...

The idea is great.... because if I get one more "http://www.INSERT WHATEVER PORN SITE HERE.com" registration I would go crazy...

but it was a full 30% of the forum.... the funny thing is I never got an error.. not even once...
User avatar
magenta
Registered User
Posts: 81
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle
Contact:

Post by magenta »

Hm, odd. The only time that it should kick in for a legitimate user is if their IP address changes between loading the post page and pressing "submit."

Try changing

Code: Select all

$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
to

Code: Select all

$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $authkey);  
and see if that helps; that'll take the user's IP address out of the equation.
Post Reply

Return to “[2.0.x] MOD Database Cleanup”