[01/12/06] Spam Words

[MichaelM2007]

Hey Joe! Fantastic mod! This mod was one of the reasons I switched to phpBB. I can't think of a better way to stop spam. Great work.

I've installed it, and it's working perfectly, but I was wondering if there is a way to increase the size of the error messages? And possibly to show their message as well on the error page? (So that they can copy and paste it into a new reply, and edit out the swear words)

The users of my forum are mostly very inexperienced with the internet, and the first time some of them received the error, they were completely lost. xD

[Joe Belmaati]

I was wondering if there is a way to increase the size of the error messages?

Yes, run this query in phpMyAdmin or whatever database tool you use:

Code: Select all

 ALTER TABLE `phpbb_spam_words_config` CHANGE `config_value` `config_value` TEXT NOT NULL;

As for echo'ing the error message, this is also possible but more of a comprehensive hack as lots would have to be re-written (due to bbcode and smilies parsing...)

[MichaelM2007]

Thanks for the reply.

The increased error message size worked perfectly, and it will do grand. Thanks.

[kuve]

Hello, i have installed this mod but i don't know how can i add new words to the filter. i do this:

1.- Go to the administration panel
2.- i click on Manage Words
3.- Then i click on add new word
4.- It show me this:

Spam words log

This is the spam words log. It contains a record of all offenses committed. Some posts may have been deleted or edited in the meantime.

But nothing to add words, what can i do?

[Joe Belmaati]

You click on Add New Word and you get the log...? 8O

[Notre]

The download link is not working for me... It says it's like missing from the database? Anyone know why?

[mmantei]

I've been having problems lately with messages that contain almost entirely special characters. When you look at the post it appears with text like this:

Ñàéò îáíîâëÿåòñÿ êàæäûé ÷àñ è íàïîëíÿåòñÿ òîëüêî ñàìûìè îòáîðíûìè

My forum is entirely in English and I can see no reason to allow posts with any of these special characters in them. I've tried adding some of the characters into the SPAMWORDS database by entering them like this *Ñ* but the posts are still allowed. Is there any way to block these posts?

Thanks,
M

[noth]

spammers are now flooding 'Occupation' and 'Interests' with http:// web addresses and this mod cannot fight that

[Billy2423]

censorblock-110a checks those fields

[helmut]

If posting fails due to a spam word in the signature, the user sees an error message, but no log entry is made. Admins should be aware of this lacuna in the spam word logging.

I think it would make sense if postings blocked due to signature were logged, too. Code might look like this:

Code: Select all

if (preg_match('#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['spam_word'], '#')) . ')\b#i', $userdata['user_sig']))
{
        $msg = "<span style=\"color: red; font-weight: bold\">(Signature) </span>" . $userdata['user_sig'] . " | " . $message;
        update_log($subject, $msg);
        
        $msg = sprintf($spam_config['error_message_sig'], $row['spam_word']);
        message_die(GENERAL_MESSAGE, $msg);
}

[Joe Belmaati]

spammers are now flooding 'Occupation' and 'Interests' with http:// web addresses and this mod cannot fight that

This MOD can be extended to check those fields. I think I hacked something together for someone back some 20 or so pages.

[helmut]

spammers are now flooding 'Occupation' and 'Interests' with http:// web addresses and this mod cannot fight that

This MOD can be extended to check those fields. I think I hacked something together for someone back some 20 or so pages.

Perhaps it's not 20 pages back but in my inbox: A while back you have sent me some code for preventing spam users from registering to the forum. I've applied this patch just two days ago and have little experience with it, but I guess it works well. Sure enough I have modified the error message shown if spam was detected. And logging is missing, so there's no feedback/control for the administrator. The good thing is that one spam word list must be administered, only.

Note:
Spam users often use specific mail domains, e.g. *@shalua.info which can be filtered by the normal ban filter, see ACP > User Admin > Ban Control > Ban one or more email addresses.

The mail:

Joe Belmaati wrote:
... this checks all userfields for urls and spamwords. If found an error message is thrown. ...

OPEN

includes/usercp_register

FIND

Code: Select all

$error = FALSE;
$error_msg = '';

BEFORE, ADD

Code: Select all

function spamcheck($param)
{
	global $db;
	
	if(@strpos(strtolower($param), '[url') !== false)
	{
		message_die(GENERAL_ERROR, 'No url allowed');
	}

	$sql = "SELECT * FROM " . SPAM_WORDS_TABLE;
	if (!($result = $db->sql_query($sql)))
	{
		message_die(GENERAL_ERROR, 'Could not get spam words from database', '', __LINE__, __FILE__, $sql);
	}

	$param = preg_replace("#\[.{12,16}\]#i", '', $param);
	$param = preg_replace('/\[url\]|\[\/url\]/si', '', $param);
	$param = preg_replace('#\[url=|\]|\[/url\]#si', '', $param);
	
	if ($row = $db->sql_fetchrow($result))
	{
		do
		{
			if (preg_match('#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['spam_word'], '#')) . ')\b#i', $param))
			{
				message_die(GENERAL_ERROR, 'Not allowed');
			}
		}
		while ($row = $db->sql_fetchrow($result));
	}
	
}

FIND

Code: Select all

//
// Did the user submit? In this case build a query to update the users profile in the DB
//

BEFORE, ADD

Code: Select all

if($mode == 'register')
{
	$check_fields = array($username, $email, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
	array_map('spamcheck', $check_fields);
}

[amanjsingh]

I have a lot of Spam already. I was wondering if there is a SQL query that could help me to remove those already present spam messages using these newly defined spam words using your MOD. Please help.

Thanks
AJ

[Nothing is easy]

spammers are now flooding 'Occupation' and 'Interests' with http:// web addresses and this mod cannot fight that

This MOD can be extended to check those fields. I think I hacked something together for someone back some 20 or so pages.

Perhaps it's not 20 pages back but in my inbox: A while back you have sent me some code for preventing spam users from registering to the forum. I've applied this patch just two days ago and have little experience with it, but I guess it works well. Sure enough I have modified the error message shown if spam was detected. And logging is missing, so there's no feedback/control for the administrator. The good thing is that one spam word list must be administered, only.

Note:
Spam users often use specific mail domains, e.g. *@shalua.info which can be filtered by the normal ban filter, see ACP > User Admin > Ban Control > Ban one or more email addresses.

The mail:

Joe Belmaati wrote:
... this checks all userfields for urls and spamwords. If found an error message is thrown. ...

OPEN

includes/usercp_register

FIND

Code: Select all

$error = FALSE;
$error_msg = '';

BEFORE, ADD

Code: Select all

function spamcheck($param)
{
	global $db;
	
	if(@strpos(strtolower($param), '[url') !== false)
	{
		message_die(GENERAL_ERROR, 'No url allowed');
	}

	$sql = "SELECT * FROM " . SPAM_WORDS_TABLE;
	if (!($result = $db->sql_query($sql)))
	{
		message_die(GENERAL_ERROR, 'Could not get spam words from database', '', __LINE__, __FILE__, $sql);
	}

	$param = preg_replace("#\[.{12,16}\]#i", '', $param);
	$param = preg_replace('/\[url\]|\[\/url\]/si', '', $param);
	$param = preg_replace('#\[url=|\]|\[/url\]#si', '', $param);
	
	if ($row = $db->sql_fetchrow($result))
	{
		do
		{
			if (preg_match('#\b(' . str_replace('\*', '\w*?', phpbb_preg_quote($row['spam_word'], '#')) . ')\b#i', $param))
			{
				message_die(GENERAL_ERROR, 'Not allowed');
			}
		}
		while ($row = $db->sql_fetchrow($result));
	}
	
}

FIND

Code: Select all

//
// Did the user submit? In this case build a query to update the users profile in the DB
//

BEFORE, ADD

Code: Select all

if($mode == 'register')
{
	$check_fields = array($username, $email, $icq, $aim, $msn, $yim, $website, $location, $occupation, $interests, $signature);
	array_map('spamcheck', $check_fields);
}

Hi Joe.
Quite some time agao I added the code for checking registration details and it has been fantastic. However, for a future version would you please consider a couple of enhancements.

1) An absolute ideal would be for an option when adding a word to the word list that allows you to choose if the word should be evaluated in a) Registration Details and b) Posting details.

A typical example is that some spammers register with Google as their web address (why I really don't know) but it would be great to ban that (and certain others) in registration but not in posting.

2) A log file of those prevented would be great too - especially including the email address they tried to use.



Finally I am still on an old version of Spam Words which was installed using Easymod. What is my easiest way to upgrade to the latest version?

[coulsontom]

i get this error message on the configuration page:

Code: Select all

phpBB : Critical Error 

Could not query config information

DEBUG MODE

SQL Error : 1146 Table 'lukeclar_phpb1.SPAM_WORDS_CONFIG_TABLE' doesn't exist

SELECT * FROM SPAM_WORDS_CONFIG_TABLE

Line : 44
File : admin_spamwords_config.php 

please help