[BETA] Anti-spam bots registration

RevJim · Post by **RevJim** » Tue Jun 06, 2006 6:16 am

Hi all,

This MOD has been replaced by a better version with ACP support. You can find that version here.

What follows is commentary on the original version, which still works fine (tested up through version 2.0.21). However most users will prefer to use the ACP version because it has more options and is easier to install.

-RJ

***

This is a continuation and enhancement of a previous MOD. It has been improved by many community members and seems to be very stable. The code below has been tested with phpBB versions 2.0.6 through 2.0.20. A big thanks to the original author niekas for getting it going. Unfortunately he seems to have disappeared, so we are starting a new thread to continue development of this excellent MOD.

The purpose of this MOD is to prevent spambots from registering user accounts on your forum, using spammy URL and Signature fields. These bots do not care whether or not you have account activation enabled because the spammers only want to create a web link from your forum to their website. Bots are detected as follows:

1. You remove the URL/Sig fields from your new user registration template.

2. Any user submitting a URL or Sig field during registration MUST be a spambot script, because normal users won't see those fields during registration.

3. Add code to check how many posts the user has made. If it is above a certain number (default 10) then the user will be able to add a URL and/or Sig when editing his or her profile.

If a spambot registration is detected, the registration process is cancelled and the account is NOT created. Optionally, an e-mail is sent to the forum administrator with details of the spambot's attempt, such as the IP address, spam links, password, etc., so that the administrator can add an IP ban manually if they detect repeated spambot attempts from a single IP address.

Again, I can't take credit for this awesome MOD. It was a community effort, and all of the contributors (to my knowledge) are listed as authors in the comments. For a more complete explanation of how this MOD changed over time, and why various design changes were made, please see the previous MOD.

-RJ

Code: Select all

##############################################################
## MOD Title: Anti-spam bots registration 
## MOD Author: niekas, artesea, cyberCrank, Lord Raiden, RevJim, DJ Andre, Ramon Fincken
##
## MOD Description: prevents spam bots registering on your forum by 
## 		removing website and signature fields in registration and profile form 
## 		until users reached certain amount of posts and sends an email notification 
## 		to learn IP address and more
## MOD Version: 0.0.1 (BETA)
## 
## Installation Level: (Easy) 
## Installation Time: ~5 minutes 
## Files To Edit: 
##               /includes/usercp_register.php 
##               /templates/subSilver/profile_add_body.tpl 
## Included Files: (n/a) 
############################################################## 
## For Security Purposes, Please Check: http://www.phpbb.com/phpBB/viewtopic.php?p=2166870 for the 
## latest version of this MOD BETA. Downloading this MOD from other sites could cause malicious code 
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered 
## in our MOD-Database, located at: http://www.phpbb.com/mods/
############################################################## 
##
## Author Notes:
##     + installable with EasyMOD
##	   + Edit the e-mail address variable if you want to receive notification for spam bot registration attempts.
##
############################################################## 
##
## MOD History:
##    2006-06-05 - Version 0.0.1
##	+ Misc. code cleanup to make implementation easier.
##	+ Version numbering changed in accordance with forum rules. For version numbering information, see: http://www.phpbb.com/phpBB/viewtopic.php?t=266307
##    2006-05-20 - Version 0.0.0
##	+ For all previous revisions, see http://www.phpbb.com/phpBB/viewtopic.php?t=186683
##			This MOD started with a different design and has been modified to meet current phpBB MOD guidelines and EasyMOD templating.
##
############################################################## 
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
############################################################## 

# 
#-----[ OPEN ]------------------------------------------ 
# 
includes/usercp_register.php 

# 
#-----[ FIND ]------------------------------------------ 
# 
$error = FALSE; 

# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
#   NOTE - be sure to add your email address in this area (below):
#
#    $myEmailAddress = "YOUR-EMAIL@YOUR-DOMAIN"; 
#
$cut_off=10; //how many posts should user have before form fields are activated 

// --------------------------------------- 
if (($mode == 'register' && ($HTTP_POST_VARS['website'] != '' || $HTTP_POST_VARS['signature'] != '') ) || ($userdata['user_posts'] < $cut_off && $mode=='editprofile' && ($HTTP_POST_VARS['website'] != '' || $HTTP_POST_VARS['signature'] != ''))) 
{ 

   $myEmailAddress = "YOUR-EMAIL@YOUR-DOMAIN"; // Edit this with your proper e-mail address.

   //**********
   // If you DO NOT wish to receive e-mail notifications of spam bot registration attempts, delete all of the code between the lines of asterisks.

   $spammerIPAddress = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); 
   $spammerUsername     = $HTTP_POST_VARS['username']; 
   $spammerEmailAddress = $HTTP_POST_VARS['email']; 
   $spammerWebsite      = $HTTP_POST_VARS['website']; 
   $spammerSignature    = $HTTP_POST_VARS['signature']; 
   $spammerPassword     = $HTTP_POST_VARS['new_password'];
   $emailSubject   = "Notification of Spam Bot Attempt"; 
   $emailHeader    = "From: Spam-Bot-Mod"; 
   $emailMessage   = "Spam Bot Registration Attempted.\n\n"; 
   $emailMessage  .= "Spammer's IP Address = "     . $spammerIPAddress    . "\n"; 
   $emailMessage  .= "IP Lookup = http://www.nwtools.com/default.asp?prog=express&host=" . $spammerIPAddress . "\n";
   $emailMessage  .= "Spammer's Username = "       . $spammerUsername     . "\n"; 
   $emailMessage  .= "Spammer's Password = "       . $spammerPassword     . "\n";
   $emailMessage  .= "Spammer's email address = "  . $spammerEmailAddress . "\n"; 
   $emailMessage  .= "Spammer's Webpage URL = "    . $spammerWebsite      . "\n"; 
   $emailMessage  .= "Spammer's Signature Line = " . $spammerSignature    . "\n"; 
   mail($myEmailAddress, $emailSubject, $emailMessage, $emailHeader); 
   //********** 

   message_die(GENERAL_MESSAGE, "You are not authorized to use this feature. Please send e-mail to " . $myEmailAddress . " for more information.", '', __LINE__, __FILE__); 

}

# 
#-----[ FIND ]------------------------------------------ 
# 
if ( $mode == 'editprofile' ) 
   { 
      $template->assign_block_vars('switch_edit_profile', array()); 
   } 

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
if ( $mode == 'editprofile' ) 
   { 
      $template->assign_block_vars('switch_edit_profile', array()); 
      if ($userdata['user_posts'] >= $cut_off) 
      { 
      $template->assign_block_vars('switch_edit_website', array()); 
      } 
   } 

# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_add_body.tpl 

# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post" style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />

	  </td>
	</tr>

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
<!-- BEGIN switch_edit_website --> 
	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post" style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />

	  </td>
	</tr>
<!-- END switch_edit_website --> 

# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr> 
	  <td class="row1"><span class="gen">{L_SIGNATURE}:</span><br /><span class="gensmall">{L_SIGNATURE_EXPLAIN}<br /><br />{HTML_STATUS}<br />{BBCODE_STATUS}<br />{SMILIES_STATUS}</span></td>
	  <td class="row2"> 
		<textarea name="signature" style="width: 300px" rows="6" cols="30" class="post">{SIGNATURE}</textarea>

	  </td>
	</tr>

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
<!-- BEGIN switch_edit_website --> 
	<tr> 
	  <td class="row1"><span class="gen">{L_SIGNATURE}:</span><br /><span class="gensmall">{L_SIGNATURE_EXPLAIN}<br /><br />{HTML_STATUS}<br />{BBCODE_STATUS}<br />{SMILIES_STATUS}</span></td>
	  <td class="row2"> 
		<textarea name="signature" style="width: 300px" rows="6" cols="30" class="post">{SIGNATURE}</textarea>

	  </td>
	</tr>
<!-- END switch_edit_website --> 

#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM

RevJim · Post by **RevJim** » Tue Jun 06, 2006 6:23 am

FREQUENTLY ASKED QUESTIONS

Q: Does this MOD automatically ban IP addresses used by the spam bots?

A: NO. This MOD simply halts the registration, and the user account is not created. The previous version of this MOD did ban IP addresses automatically, but that code was removed for various reasons. See the old thread if you would like to read the discussion that led to this decision.

.

M.O.B. · Post by **M.O.B.** » Tue Jun 06, 2006 8:46 am

cool thanks!

EXreaction · Post by **EXreaction** » Tue Jun 06, 2006 4:17 pm

Instead of:

Code: Select all

#
#-----[ FIND ]------------------------------------------
#
   <tr>
     <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
     <td class="row2">
      <input type="text" class="post" style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />

     </td>
   </tr>

#
#-----[ REPLACE WITH ]------------------------------------------
#
<!-- BEGIN switch_edit_website -->
   <tr>
     <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
     <td class="row2">
      <input type="text" class="post" style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />

     </td>
   </tr>
<!-- END switch_edit_website -->

#
#-----[ FIND ]------------------------------------------
#
   <tr>
     <td class="row1"><span class="gen">{L_SIGNATURE}:</span><br /><span class="gensmall">{L_SIGNATURE_EXPLAIN}<br /><br />{HTML_STATUS}<br />{BBCODE_STATUS}<br />{SMILIES_STATUS}</span></td>
     <td class="row2">
      <textarea name="signature" style="width: 300px" rows="6" cols="30" class="post">{SIGNATURE}</textarea>

     </td>
   </tr>

#
#-----[ REPLACE WITH ]------------------------------------------
#
<!-- BEGIN switch_edit_website -->
   <tr>
     <td class="row1"><span class="gen">{L_SIGNATURE}:</span><br /><span class="gensmall">{L_SIGNATURE_EXPLAIN}<br /><br />{HTML_STATUS}<br />{BBCODE_STATUS}<br />{SMILIES_STATUS}</span></td>
     <td class="row2">
      <textarea name="signature" style="width: 300px" rows="6" cols="30" class="post">{SIGNATURE}</textarea>

     </td>
   </tr>
<!-- END switch_edit_website -->

I would reccomend you do this:

Code: Select all

#
#-----[ FIND ]------------------------------------------
#

	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>

# 
#-----[ BEFORE, ADD ]------------------------------------------
# 

	<!-- BEGIN switch_user_logged_in -->

#
#-----[ FIND ]------------------------------------------
#

	</tr>

# 
#-----[ AFTER, ADD ]------------------------------------------
# 

	<!-- END switch_user_logged_in -->

#
#-----[ FIND ]------------------------------------------
# note: Second line is longer than shown

	<tr>
	  <td class="row1"><span class="gen">{L_SIGNATURE}

# 
#-----[ BEFORE, ADD ]------------------------------------------
# 

	<!-- BEGIN switch_user_logged_in -->

#
#-----[ FIND ]------------------------------------------
#

	</tr>

# 
#-----[ AFTER, ADD ]------------------------------------------
# 

	<!-- END switch_user_logged_in -->

Its a little longer, but its less confusing if you are modding a different theme and the template is not the same as subSilver.

M.O.B. · Post by **M.O.B.** » Tue Jun 06, 2006 5:45 pm

EXreaction, trust that I have over a few hundred hacks installed and not one has ever placed coding before or after the website and signature boxes. So the code above is pretty solid for EasyMOD and it checks out great. Like I said it before in the other previous thread.

Cool?

The issue with yours is the noob person is not using Easymod then they could make an error trying to put code after </tr> since we can agree that there are many </tr> sessions in that page. Easymod wouldn't have an issue with finding the first </tr> code after the previous change, but for a noob person would probably don't know exactly where (following proper protocol). So I feel that your way is not the most practical for those that don't use Easymod. They could make the mistake of a search and replace command using whatever they tend to use and will find many sessions with the </tr> code and make an error somehow. Agreed?

Here is the code I mean:

Code: Select all

# 
#-----[ FIND ]------------------------------------------ 
# 

   </tr> 

# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 

   <!-- END switch_user_logged_in -->

EXreaction · Post by **EXreaction** » Tue Jun 06, 2006 5:50 pm

DJ Andre wrote: EXreaction, trust that I have over a few hundred hacks installed and not one has ever placed coding before or after the website and signature boxes. So the code above is pretty solid for EasyMOD and it checks out great. Like I said it before in the other previous thread.

Cool?

Ya, no other mods(other than mine) modify that part that I know of.

What I am talking about is for other themes that are not based on subSilver.

EDIT: You edited yours.

It would take a real noob to do that(someone that wouldn't even be able to install phpBB2 would probably be able to figure that out).

M.O.B. · Post by **M.O.B.** » Tue Jun 06, 2006 6:04 pm

What may be comforting is that I had a few clients with various themes and I haven't stumbled upon a theme that would have an issue. The way this code used to be in the original code in the previous one did have issues with most themes. It was the way it spaced the lines. Note I didn't try installing that code with Easymod since it wasn't compliant. So when I re-edited the code, I made it be able to work with mostly all themes.

That's good news.

RevJim · Post by **RevJim** » Tue Jun 06, 2006 6:21 pm

EXreaction wrote: Because the website and signature sections would be open yet, and then you would get IP banned from the website if you typed in anything in those fields. Not a very good combo there.

The current code does not automatically ban IP addresses. Let's not start that discussion again, we'll scare the natives.

It seems to me that the new code you proposed doesn't help much, since administrators who use templates other than subSilver will still need to manually figure out how to apply it to their template. And the proposed change does make it harder for administrators who do not use EasyMod. Admins who run other templates AND apply mods to their forum are probably used to this anyway -- converting subSilver mods to work with their own templates.

With all that said, maybe there should be some sort of documentation on how to apply this MOD to other templates? It doesn't seem like it would be that hard to do...

-RJ

EXreaction · Post by **EXreaction** » Tue Jun 06, 2006 6:23 pm

Ok, sounds good then. I don't keep up with themes too much, I haven't looked through many themplate codes other than subSilver. 8)

I also just noticed that EasyMod installs the template code in your other themes if you have them installed! It gives you errors if it doesn't find it, but it does a lot of the work for you.

I <3 Easymod.

RevJim wrote:
EXreaction wrote:Because the website and signature sections would be open yet, and then you would get IP banned from the website if you typed in anything in those fields. Not a very good combo there.

The current code does not automatically ban IP addresses. Let's not start that discussion again, we'll scare the natives.

It seems to me that the new code you proposed doesn't help much, since administrators who use templates other than subSilver will still need to manually figure out how to apply it to their template. And the proposed change does make it harder for administrators who do not use EasyMod. Admins who run other templates AND apply mods to their forum are probably used to this anyway -- converting subSilver mods to work with their own templates.

With all that said, maybe there should be some sort of documentation on how to apply this MOD to other templates? It doesn't seem like it would be that hard to do...

-RJ

Oh, I appologize, I thought it did autoban(I will remove that from my last post so people don't get confused).

But EasyMod does edit code in other templates now. 8O
I was playing with it last night and it did(though I never remember it doing that before, and I could have sworn that its something they have in their to-do list yet). 8O

I guess I just really hate the replace options. People like to use it whenever they can to save on time. Then if the mod isn't updated for a long time and there have been new releases, the mod no longer works(this has happened to me many times, though I am much better at php now, so I can usually make it work

).

Code3TJ · Post by **Code3TJ** » Wed Jun 07, 2006 8:37 pm

Nicely done - thanks to everybody for your efforts. I received 4 emails within 30 mins of installing it notifying me of blocked attempts. Out of curiousity, what is displayed to the potential new user when their attempt to register is blocked?

M.O.B. · Post by **M.O.B.** » Wed Jun 07, 2006 9:38 pm

Code3TJ wrote: Nicely done - thanks to everybody for your efforts. I received 4 emails within 30 mins of installing it notifying me of blocked attempts. Out of curiousity, what is displayed to the potential new user when their attempt to register is blocked?

They will see:

You are not authorized to use this feature. Please send e-mail to " YOUR-EMAIL@YOUR-DOMAIN " for more information.

But since I know these are mostly spammers, I don't wish to offer my email address to them to spam me any further.. so instead of providing them an email address, I provive them a link so they can fill out an online form. Ha ha! Let them have fun filling that up!

keimo · Post by **keimo** » Thu Jun 08, 2006 4:25 am

hey just wanted to post in and say THANK YOU for this mod. I too, was wondering why the IP's were not showing up in my "ban list" even though the spam registrations have stopped COMPLETELY. I was averaging about 30 a day and now...not a single one!

A suggestion to people putting the code in, I just copy and pasted the code in and it works perfectly. I have been pretty hesitant to try these mods because of the coding. I'm not a coder but I was desperate so I tried it with just copy and paste and it worked fine.

I'll go back through the old topic to find out why the auto ban was removed, but I was wondering if you could post up somewhere the code TO IMPLEMENT THE AUTOBAN so that we could put it in if we so desired.

Just the fact that the asshats are getting the "not authorized" message back is great but still, I would like to see the ip's banned personally. Start the petition to get this into the next version of the board automatically

M.O.B. · Post by **M.O.B.** » Thu Jun 08, 2006 7:38 am

keimo wrote: I'll go back through the old topic to find out why the auto ban was removed, but I was wondering if you could post up somewhere the code TO IMPLEMENT THE AUTOBAN so that we could put it in if we so desired.

Just the fact that the asshats are getting the "not authorized" message back is great but still, I would like to see the ip's banned personally. Start the petition to get this into the next version of the board automatically

In a nutshell it was decided to avoid IP banning because many of these "spam bots--(not human)" are using bogus (static*) IP addresses or jumping (dynamic) IP Addresses all the time that it may someday ban an innocent person on your board or a valid IP Address in the future. (*It is also possible to "fake" static IP address assignments through DHCP by assigning the same IP address to a computer — and no other — each time it is requested.)

But here is the IP Ban addon to this MOD. (I am not a coder, so if anyone sees an error somewhere, please let me know to correct it. I followed the sequence on the original hack on http://www.phpbb.com/phpBB/viewtopic.php?t=186683

Also, I made it EasyMOD applicable:

Code: Select all

############################################################## 
## MOD Title: Anti-spam bots registration IP Ban addition
## MOD Author: niekas, DJ Andre
## 
## MOD Adds IP Ban to Anti-Spam bot registration MOD. 
## 
## MOD Version: 0.0.1 (BETA) 
## 
## Installation Level: (Easy) 
## Installation Time: ~1 minutes 
## Files To Edit: 
##               /includes/usercp_register.php 
## Included Files: (n/a) 
############################################################## 
## For Security Purposes, Please Check: http://www.phpbb.com/phpBB/viewtopic.php?p=2166870 for the 
## latest version of this MOD BETA. Downloading this MOD from other sites could cause malicious code 
## to enter into your phpBB Forum. As such, phpBB will not offer support for MOD's not offered 
## in our MOD-Database, located at: http://www.phpbb.com/mods/ 
############################################################## 
## 
## Author Notes: 
##     + installable with EasyMOD 
## 
############################################################## 
## 
## MOD History: 
##    2006-06-08 - Version 0.0.1 
##   + This addon is for IP Ban for Anti-Spam bots registration MOD 
## 
############################################################## 
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD 
############################################################## 

# 
#-----[ OPEN ]------------------------------------------ 
# 
includes/usercp_register.php 

# 
#-----[ FIND ]------------------------------------------ 
# 
if (($mode == 'register' && ($HTTP_POST_VARS['website'] != '' || $HTTP_POST_VARS['signature'] != '') ) || ($userdata['user_posts'] < $cut_off && $mode=='editprofile' && ($HTTP_POST_VARS['website'] != '' || $HTTP_POST_VARS['signature'] != ''))) 
{  

# 
#-----[ AFTER, ADD ]------------------------------------------ 
# 
   $ban_this=encode_ip(getenv('REMOTE_ADDR')); 

   $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_ip) 
   VALUES ('" . $ban_this . "')"; 
   if ( !$db->sql_query($sql) ) 
   { 
      message_die(GENERAL_ERROR, "Couldn't insert ban_ip info into database", "", __LINE__, __FILE__, $sql); 
   } 
   $sql = "DELETE FROM " . SESSIONS_TABLE . " 
      WHERE session_ip = '" . $ban_this . "'"; 
   if ( !$db->sql_query($sql) ) 
   { 
      message_die(GENERAL_ERROR, "Couldn't delete banned sessions from database", "", __LINE__, __FILE__, $sql); 
   }

# 
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ 
# 
# EoM

keimo · Post by **keimo** » Thu Jun 08, 2006 2:45 pm

ahh thanks for that info man. I'm of the opinion that I don't want these asses even being able to get anywhere NEAR my forum again is a good thing so the autoban is something that appeals to me. I may stick the code in for a while then take it back out just to watch my ip ban's go up...

It's the little things in life that make it worthwhile ya' know

objectman · Post by **objectman** » Thu Jun 08, 2006 5:03 pm

This worked great for a while and I get emails like this:

Code: Select all

Spam Bot Registration Attempted.

Spammer's IP Address = 84.73.26.250
IP Lookup = http://www.nwtools.com/default.asp?prog=express&host=84.73.26.250
Spammer's Username = Howard5192
Spammer's Password = Howard519212ok
Spammer's email address = Howard5192@qualityandsweet.info Spammer's Webpage URL = http://cheap-college-textbooks.skynet10.org.uk/
Spammer's Signature Line =

but they still kep a-coming. The only common element in all my (tens of) spambot emails is the

Code: Select all

http://www.nwtools.com/default.asp?prog=express&host=

bit. Instead of IP addresses is it possible to ban an IP lookup like this one? Surely it would be a simple line of code?[/code]

advertisements