daroPL_AntiSpam

[Extensions Robot]

Modification name: daroPL_AntiSpam
Author: daroPL
Modification description: MOD blocks spambot registrations on board via change name of confirm code field to unique hash. In addition, it changes size of confirm code field to random.
Modification version: 1.4.1
Tested on phpBB version: 3.0.7-pl1

Download file: daroPL_AntiSpam_1_4_1.zip
File size: 60.14 KiB

Modification overview page: View

The phpBB Team is not responsible nor required to provide support for this modification. By installing this MOD, you acknowledge that the phpBB Support Team or phpBB Extension Customisations Team may not be able to provide support.

-->Modification support<--

[Paul]

Modification validated/released

Notes:

[daroPL]

This post has been reserved for the MOD author.

[Traction]

I would love to use this with AeroBlue style. Please tell me what to edit/replace in styles/AeroBlue/template/ucp_register.html

Code: Select all

<!-- INCLUDE overall_header.html -->

<script type="text/javascript">
// <![CDATA[
	/**
	* Change language
	*/
	function change_language(lang_iso)
	{
		document.forms['register'].change_lang.value = lang_iso;
		document.forms['register'].submit.click();
	}

	var old_func = window.onload;

	function disable(disabl)
	{
		document.getElementById("submit").disabled = disabl;
	}

	function disable_and_handle()
	{
		if (old_func)
		{
			old_func();
		}
		disable(true);
	}

	<!-- IF S_TIME -->
		window.onload = disable_and_handle;
		setInterval("disable(false)", {S_TIME});
	<!-- ENDIF -->
// ]]>
</script>

<form name="register" method="post" action="{S_UCP_ACTION}">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td width="8" height="8"><img src="{T_THEME_PATH}/images/tl.gif" width="8" height="8" alt="" /></td>
    <td height="8" style="background:url('{T_THEME_PATH}/images/tm.gif');"></td>
    <td width="8" height="8"><img src="{T_THEME_PATH}/images/tr.gif" width="8" height="8" alt="" /></td>
  </tr>
  <tr>
    <td width="8" style="background:url('{T_THEME_PATH}/images/ml.gif');"></td>
    <td>
<table class="tablebg" width="100%" cellspacing="0">
<tr>
	<th colspan="2" valign="middle">{L_REGISTRATION}</th>
</tr>

<!-- IF ERROR -->
	<tr>
		<td class="row3" colspan="2" align="center"><span class="gensmall error">{ERROR}</span></td>
	</tr>
<!-- ENDIF -->

<!-- IF L_REG_COND -->
	<tr>
		<td class="row2" colspan="2"><span class="gensmall">{L_REG_COND}</span></td>
	</tr>
<!-- ENDIF -->
<!-- IF .profile_fields -->
	<tr>
		<td class="row2" colspan="2"><span class="gensmall">{L_ITEMS_REQUIRED}</span></td>
	</tr>
<!-- ENDIF -->

<tr>
	<td class="row1" width="38%"><b class="genmed">{L_USERNAME}: </b><br /><span class="gensmall">{L_USERNAME_EXPLAIN}</span></td>
	<td class="row2"><input class="post" type="text" name="username" size="25" value="{USERNAME}" /></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_EMAIL_ADDRESS}: </b></td>
	<td class="row2"><input class="post" type="text" name="email" size="25" maxlength="100" value="{EMAIL}" /></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_CONFIRM_EMAIL}: </b></td>
	<td class="row2"><input class="post" type="text" name="email_confirm" size="25" maxlength="100" value="{EMAIL_CONFIRM}" /></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_PASSWORD}: </b><br /><span class="gensmall">{L_PASSWORD_EXPLAIN}</span></td>
	<td class="row2"><input class="post" type="password" name="new_password" size="25" value="{PASSWORD}" /></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_CONFIRM_PASSWORD}: </b></td>
	<td class="row2"><input class="post" type="password" name="password_confirm" size="25" value="{PASSWORD_CONFIRM}" /></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_LANGUAGE}: </b></td>
	<td class="row2"><select name="lang" onchange="change_language(this.value); return false;">{S_LANG_OPTIONS}</select></td>
</tr>
<tr>
	<td class="row1"><b class="genmed">{L_TIMEZONE}: </b></td>
	<td class="row2"><select name="tz">{S_TZ_OPTIONS}</select></td>
</tr>
<!-- BEGIN profile_fields -->
	<tr>
		<td class="row1" width="35%">
			<b class="genmed">{profile_fields.LANG_NAME}: </b>
			<!-- IF profile_fields.S_REQUIRED --><b>*</b><!-- ENDIF -->
			<!-- IF profile_fields.LANG_EXPLAIN --><br /><span class="gensmall">{profile_fields.LANG_EXPLAIN}</span><!-- ENDIF -->
		</td>
		<td class="row2">{profile_fields.FIELD}<!-- IF profile_fields.ERROR --><br /><span class="gensmall error">{profile_fields.ERROR}</span><!-- ENDIF --></td>
	</tr>
<!-- END profile_fields -->

<!-- IF S_CONFIRM_CODE -->
	<tr>
		<th colspan="2" valign="middle">{L_CONFIRMATION}</th>
	</tr>
	<tr>
		<td class="row3" colspan="2"><span class="gensmall">{L_CONFIRM_EXPLAIN}</span></td>
	</tr>
	<tr>
		<td class="row1" colspan="2" align="center">{CONFIRM_IMG}</td>
	</tr>
	<tr>
		<td class="row1"><b class="genmed">{L_CONFIRM_CODE}: </b><br /><span class="gensmall">{L_CONFIRM_CODE_EXPLAIN}</span></td>
		<td class="row2"><input class="post" type="text" name="confirm_code" size="8" maxlength="8" /></td>
	</tr>
<!-- ENDIF -->

<!-- IF S_COPPA -->
	<tr>
		<th colspan="2" valign="middle">{L_COPPA_COMPLIANCE}</th>
	</tr>
	<tr>
		<td class="row3" colspan="2"><span class="gensmall">{L_COPPA_EXPLAIN}</span></td>
	</tr>
<!-- ENDIF -->

<tr>
	<td class="catb" colspan="2" align="center">{S_HIDDEN_FIELDS}<input class="btnmain" type="submit" name="submit" id="submit" value="{L_SUBMIT}" />&nbsp;&nbsp;<input class="btnlite" type="reset" value="{L_RESET}" name="reset" /></td>
</tr>
</table>
</td>
    <td width="8" style="background:url('{T_THEME_PATH}/images/mr.gif');"></td>
  </tr>
  <tr>
    <td width="8" height="8" align="right"><img src="{T_THEME_PATH}/images/bl.gif" width="8" height="8" alt="" /></td>
    <td height="8" style="background:url('{T_THEME_PATH}/images/bm.gif');"></td>
    <td width="8" height="8"><img src="{T_THEME_PATH}/images/br.gif" width="8" height="8" alt="" /></td>
  </tr>
</table>
{S_FORM_TOKEN}
</form>

<!-- INCLUDE overall_footer.html -->

[A_O_C]

Your style appears to be subsilver2-based. The subsilver2 instructions can be found in the "contrib" directory.

[Traction]

Your style appears to be subsilver2-based. The subsilver2 instructions can be found in the "contrib" directory.

OK, just installed everything and refreshed everything in ACP. I logged out and hit register. I honestly can't find anything different than the old way. What exactly is different? The CAPTCHA looks the same to me, and there are no additional questions.

[wolfman24]

Just read the first post, you won't see anything new, because it works internally. The name of the confirmation field is changed everytime the registration page is loaded. Also the size is changed. So bots won't recognize the filed as confirmation field and it should stop them registering at your page.

[Nesa]

Just installed this, will see how it works

[Nesa]

Works perfect thank you, 5 days of use - 0 bots registered

[crusi]

Hi daroPL,

i installed this MOD for a few weeks on my forum and since i have installed it the spambots are gone...
So that is really a great work from you.

But now i have two questions:

1. When i installed your MOD a few weeks ago only the version 1.03 was available here... No i can see that you made a new version 1.04... I took an look on the instructions (install.xml) but i can´t find any changes to the 1.03 version instructions... There are any updates on this MOD since the version 1.03?

2. I want to use this AntiSpam-Bot MOD on another page... Actual I use an "Guestbook" for phpbb3 from: (Link: http://www.deadzone-fr.com/guestbook.ht ... 8841f6cb74)
And if now guests want to make an guestbook entry they have to confirm an captcha. (The same like on the registration page)

The changes on the template files are clear an that should be no problem for me... But the other changes are a little bit strange...

Here is the Code:

Code: Select all

$mode 	= request_var('mode', '');
$id		= request_var('id', 0);
$error = $s_hidden_fields = '';
$solved_captcha = false;
$submit = (isset($_POST['submit_comment']) || isset($_POST['update_comment'])) ? true : false;
$s_hidden_fields = '';

if (!in_array($mode, array('reply', 'edit', 'quote', 'delete')))
{
	trigger_error('NO_POST_MODE');
}
$username	= request_var('username', '', true);
$email		= request_var('email', '');
$website	= request_var('website', '');

if (isset($_POST['submit_comment']) || isset($_POST['update_comment']))
{
	$salt		= request_var('salt_id', '');
	$message	= utf8_normalize_nfc(request_var($salt, '', true));
	$time 	 	= time();

	$data = array(
		'username'	=> $username,
		'email'		=> $email,
		'website'	=> $website
	);
	$data2 = array(
		'username'			=> array(
			array('string', $user->data['is_registered'], 1, $config['max_name_chars'])),
		'email'				=> array(
			array('string', $user->data['is_registered'], 6, 60),
			array('match', $user->data['is_registered'], '/^' . get_preg_expression('email') . '$/i')),
		'website'		=> array(
			array('string', true, 12, 255),
			array('match', true, '#^http[s]?://(.*?\.)*?[a-z0-9\-]+\.[a-z]{2,4}#i'))
	);

	$error = validate_data($data, $data2);

	if (utf8_clean_string($message) === '')
	{
		$error[] = $user->lang['TOO_FEW_CHARS'];
	}

	$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

	if ($config['enable_post_confirm'] && !$user->data['is_registered'] && $mode != 'edit')
	{
		$confirm_id		= request_var('confirm_id', '');
		$confirm_code	= request_var('confirm_code', '');

		$sql = 'SELECT code
			FROM ' . CONFIRM_TABLE . "
			WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "'
				AND session_id = '" . $db->sql_escape($user->session_id) . "'
				AND confirm_type = " . CONFIRM_POST;
		$result = $db->sql_query($sql);
		$confirm_row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if (empty($confirm_row['code']) || strcasecmp($confirm_row['code'], $confirm_code) !== 0)
		{
			$error[] = $user->lang['CONFIRM_CODE_WRONG'];
		}
		else
		{
			$solved_captcha = true;
		}
	}

	if ($error)
	{
		$template->assign_vars( array(
	   		'ERROR'	=> (sizeof($error)) ? implode('<br />', $error) : ''
	   	));
	}
	else
	{
		$poll = $uid = $bitfield = $flags = '';
		generate_text_for_storage($message, $uid, $bitfield, $flags, $config['allow_bbcode'], $config['allow_post_links'], $config['allow_smilies']);

		$data_edit = array(
			'post_text'			=> $message,
			'bbcode_uid'		=> $uid,
			'bbcode_bitfield'	=> $bitfield,
			'bbcode_flags'		=> $flags,
			'email'				=> $email,
			'website'			=> $website,
		);

		if (isset($_POST['submit_comment']))
		{
			$data_add = array(
				'post_username'	=> $username,
				'user_id'		=> $user->data['user_id'],
				'time'			=> $time,
				'ip'			=> $user->ip
			);

			$data_add = array_merge($data_edit, $data_add);

			$sql = 'INSERT INTO ' . GUESTBOOK_TABLE . ' ' . $db->sql_build_array('INSERT', $data_add);
			$db->sql_query($sql);
		}
		elseif (isset($_POST['update_comment']))
		{
			$sql = 'UPDATE ' . GUESTBOOK_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $data_edit) . ' WHERE id = ' . $id;
			$db->sql_query($sql);
		}

		$meta_info = append_sid($phpbb_root_path.'guestbook.'.$phpEx);
		meta_refresh(3, $meta_info);

		$message = ($mode == 'edit') ? 'POST_EDITED' : 'POST_STORED';
		$message = $user->lang[$message] . '<br /><br />' . sprintf($user->lang['RETURN_GB'], '<a href="' . $meta_info . '">', '</a>');
		trigger_error($message);
	}
}
else
{
	$message	= '';
	$username	= '';
	$mail		= '';
	$website	= '';

	$s_hidden_fields = build_hidden_fields(array(
		'mode'	=> $mode,
	));
}

if ($mode == 'quote' && (!$submit || $submit && $error))
{
	if (!$id)
	{
		trigger_error('NO_POST');
	}
	$sql = 'SELECT *
		FROM ' . GUESTBOOK_TABLE . '
		WHERE id = '.$id;
	$result = $db->sql_query($sql);
	$post_data = $db->sql_fetchrow($result);

	if (!class_exists('parse_message'))
	{
		include($phpbb_root_path . 'includes/message_parser.' . $phpEx);
		$message_parser = new parse_message();
	}
	$message_parser->message = &$post_data['post_text'];
	$message_parser->decode_message($post_data['bbcode_uid']);
	$s_comment['text'] = '[quote="' . $post_data['post_username'] . '"]' . censor_text(trim($message_parser->message)) . "[/quote]\n";

	$s_hidden_fields = build_hidden_fields(array(
		'id'	=> $id,
	));

}
elseif ($mode == 'edit')
{
	if (!$auth->acl_get('a_'))
	{
		trigger_error($user->lang['NO_ADMIN_FOR_EDIT']);
	}

	$sql = 'SELECT * FROM ' . GUESTBOOK_TABLE . '
		WHERE id = ' . intval($id);
	$result = $db->sql_query($sql);
	$post_data = $db->sql_fetchrow($result);

	$s_comment	= generate_text_for_edit($post_data['post_text'], $post_data['bbcode_uid'], $post_data['bbcode_bitfield']);

	$s_hidden_fields = build_hidden_fields(array(
		'mode'	=> $mode,
		'id'	=> $id,
	));
}
elseif($mode == 'delete')
{
	if (!$auth->acl_get('a_'))
	{
		trigger_error($user->lang['NO_ADMIN_FOR_EDIT']);
	}
	
	if (confirm_box(true))
	{
		$requete = 'DELETE FROM ' . GUESTBOOK_TABLE . '
			WHERE id = '.$id;
		$db->sql_query($requete);

		$meta_info = append_sid("{$phpbb_root_path}guestbook.$phpEx");
		meta_refresh(3, $meta_info);

		$message = $user->lang['POST_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_GB'], '<a href="' . $meta_info . '">', '</a>');
		trigger_error($message);
	}
	else
	{
		$s_hidden_fields = build_hidden_fields(array(
			'mode'	=> $mode,
			'id'	=> $id,
		));

		confirm_box(false, 'DELETE_POST', $s_hidden_fields);
	}
}

if (!$user->data['is_registered'] && $solved_captcha === false)
{
	// Show confirm image
	$sql = 'DELETE FROM ' . CONFIRM_TABLE . "
		WHERE session_id = '" . $db->sql_escape($user->session_id) . "'
			AND confirm_type = " . CONFIRM_POST;
	$db->sql_query($sql);

	// Generate code
	$code = gen_rand_string(mt_rand(5, 8));
	$confirm_id = md5(unique_id($user->ip));
	$seed = hexdec(substr(unique_id(), 4, 10));

	// compute $seed % 0x7fffffff
	$seed -= 0x7fffffff * floor($seed / 0x7fffffff);

	$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
		'confirm_id'	=> (string) $confirm_id,
		'session_id'	=> (string) $user->session_id,
		'confirm_type'	=> (int) CONFIRM_POST,
		'code'			=> (string) $code,
		'seed'			=> (int) $seed)
	);
	$db->sql_query($sql);

	$template->assign_vars(array(
		'S_CONFIRM_CODE'			=> true,
		'CONFIRM_ID'				=> $confirm_id,
		'CONFIRM_IMAGE'				=> '<img src="' . append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=confirm&id=' . $confirm_id . '&type=' . CONFIRM_POST) . '" alt="" title="" />',
		'L_POST_CONFIRM_EXPLAIN'	=> sprintf($user->lang['POST_CONFIRM_EXPLAIN'], '<a href="mailto:' . htmlspecialchars($config['board_contact']) . '">', '</a>'),
	));
}
if ($solved_captcha !== false)
{
	$s_hidden_fields = build_hidden_fields(array(
		'confirm_id'		=> request_var('confirm_id', ''),
		'confirm_code'		=> request_var('confirm_code', ''))
	);
}

// On récupère la config pour l'affichage des options
$bbcode_status	= ($config['allow_bbcode'] || $auth->acl_get('a_')) ? true : false;
$smilies_status	= ($bbcode_status && $config['allow_smilies'] || $auth->acl_get('a_')) ? true : false;
$img_status		= ($bbcode_status || $auth->acl_get('a_')) ? true : false;
$url_status		= ($config['allow_post_links']) ? true : false;

$salt			= unique_id();
$s_hidden_fields .= build_hidden_fields(array(
	'salt_id'		=> $salt,
));
	
$user->add_lang('posting');
include($phpbb_root_path . 'includes/functions_posting.' . $phpEx);
generate_smilies('inline', 1);

$template->assign_vars( array(
	'S_POSTING'			=> true,
	'S_GUEST'			=> (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['user_id'] == ANONYMOUS)) ? true : false,

	'BBCODE_STATUS'		=> ($bbcode_status) ? sprintf($user->lang['BBCODE_IS_ON'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>') : sprintf($user->lang['BBCODE_IS_OFF'], '<a href="' . append_sid("{$phpbb_root_path}faq.$phpEx", 'mode=bbcode') . '">', '</a>'),
	'IMG_STATUS'		=> ($img_status) ? $user->lang['IMAGES_ARE_ON'] : $user->lang['IMAGES_ARE_OFF'],
	'SMILIES_STATUS'	=> ($smilies_status) ? $user->lang['SMILIES_ARE_ON'] : $user->lang['SMILIES_ARE_OFF'],
	'URL_STATUS'		=> ($bbcode_status && $url_status) ? $user->lang['URL_IS_ON'] : $user->lang['URL_IS_OFF'],

	'S_SALT'			=> $salt,
	'S_COMMENT' 		=> isset($s_comment['text']) ? $s_comment['text'] : $message,
	'S_BBCODE_ALLOWED' 	=> $bbcode_status,
	'S_SMILIES_ALLOWED' => $smilies_status,
	'S_BUTTON_NAME'		=> ($mode == 'edit') ? 'update_comment' : 'submit_comment',
	'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
	'S_POST_ACTION' 	=> append_sid('guestbook_posting.'.$phpEx, array('mode' => $mode)),

	'USERNAME'			=> $username,
	'EMAIL'				=> $email,
	'WEBSITE'			=> $website,

));

Maybe you can help me?

[A_O_C]

1. When i installed your MOD a few weeks ago only the version 1.03 was available here... No i can see that you made a new version 1.04... I took an look on the instructions (install.xml) but i can´t find any changes to the 1.03 version instructions... There are any updates on this MOD since the version 1.03?

1.0.4 appears to be the officially released version.

[momentum]

Yesterday I removed the current anti-spam measures installed on one board and let the BOTs register to their hearts content. In less than six hours I had over a dozen unactivated accounts.

Installed this MOD then dropped the standard CAPTCHA to it's minimum settings and haven't seen a BOT since.

I'd give it a week or so to say for sure, but I'd recommend this MOD.

Craig.

[MaFeSa]

Very great MOD !!

Thanks daroPL

[daroPL]

Thanks.

crusi, I'll help you if you send me the registration file from the MOD.

[crusi]

Thanks.

crusi, I'll help you if you send me the registration file from the MOD.

Hi daroPL,

that is really great from you.
I will send you the needed file via pm.


Thanks in advance
Best regards,
Crus