[Alpha] Spamfilter against automated bot registrations

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

[Alpha] Spamfilter against automated bot registrations

Post by mgutt »

Manually:

Ban Emails:
Go to the ACP -> User Admin -> Ban Control -> and paste in the field "Ban one or more email addresses" every email address that is listed here:
http://www.phpbb-de.com/filter.php?spammers=display

If you want to search for spammer accounts in your forum try it with this query:
http://www.phpbb-de.com/filter.php?spammers=mysql

Ban IPs:
Go to the ACP -> User Admin -> Ban Control -> and paste in the field "Ban one or more IP addresses or hostnames" every ip addresses that is listed here:
http://www.phpbb-de.com/filter.php?ips=display

If you want to search for spammers posts in your forum posted with one of the listed ips try with this query:
http://www.phpbb-de.com/filter.php?ips=mysql


Automatically:

Description:
This mod uses my anti-spam database listed above. (at this time only the email addresses, ip banning will be added in the future)

You can manually add those listed emailaddresses to your banlist or you use this mod. It does it automatically.

It runs like that:
- The datas are read and a cache file is generated in the "cache" folder (please set CHMOD rights to "777"!)
- If a bot registers to your forum and his given emailaddress is in the anti-spam database the registration is denied
- If my server is temporarily not available, the code uses the cached file instead, so you are guarded every time
- The cache file is updated every 14 days
- You can add more spammers to your banlist in the acp as normal

Click here to download mod

Please set "777" rights to the "cache" folder. Howto:
http://www.phpbb.com/kb/article.php?article_id=363
Last edited by mgutt on Tue Oct 10, 2006 1:41 pm, edited 5 times in total.
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Why is 777 required? Why not read/write but not execute?
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

Because 666 and 766 failes very often and your team posts 777 as standard as well ;)

look:
http://www.phpbb.com/phpBB/viewtopic.ph ... 05#2193005
and:
http://www.phpbb.com/phpBB/viewtopic.ph ... 90#2325690
and:
http://www.phpbb.com/phpBB/viewtopic.ph ... 85#2268685
...

What do you prefer for the cache folder?
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

mgutt wrote: What do you prefer for the cache folder?

For something that is going to be provided by another server? Not "execute" permissions, that's for sure. :-) What happens if your server gets compromised, and someone loads a different script in place of the one I'm expecting?

I think the idea behind providing a list of known spammers is interesting. I started my own list not two days ago, and it contains quite a few (but not all) of the items on your list. But I would envision providing that as a list that people could look at, review, and elect to use. I would never - as trustworthy as you might think you are ;-) - trust someone to provide that list as a service via a remote call like you've provided in this MOD. It's not that I don't trust you, per se, it's that I don't trust the process.

Granting execute permissions should not be required, and I would not use any MOD that uses this technique. I will not attempt to speak for the MOD Team, but I would suggest that perhaps you get one of them to take an advance look at your MOD and let you know if it would even be approved for the MOD-DB in its current state.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

have any of you guys ever visited the www.cashette.com website?
It actually pays ppl if they get spam in their account...

so spammers will use this cashette.com account to actually get paid if I'm correct..


disgusting :evil: :evil:
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

drathbun wrote:
mgutt wrote:What do you prefer for the cache folder?

For something that is going to be provided by another server? Not "execute" permissions, that's for sure. :-) What happens if your server gets compromised, and someone loads a different script in place of the one I'm expecting?

I think the idea behind providing a list of known spammers is interesting. I started my own list not two days ago, and it contains quite a few (but not all) of the items on your list. But I would envision providing that as a list that people could look at, review, and elect to use. I would never - as trustworthy as you might think you are ;-) - trust someone to provide that list as a service via a remote call like you've provided in this MOD. It's not that I don't trust you, per se, it's that I don't trust the process.

Granting execute permissions should not be required, and I would not use any MOD that uses this technique. I will not attempt to speak for the MOD Team, but I would suggest that perhaps you get one of them to take an advance look at your MOD and let you know if it would even be approved for the MOD-DB in its current state.


This can't happen because the spamfilter cache file is CHMOD 0666 (without execution):

Code: Select all

@chmod("cache/spamfilter.php", 0666);
And the content of the filter.txt is saved in an array which is later only used by this code line:

Code: Select all

					$match_email = str_replace('*', '.*?', $row[$i]['ban_email']);
					if (preg_match('/^' . $match_email . '$/is', $email))
And it must be included in a phpBB file to be used because of:

Code: Select all

if ( !defined('IN_PHPBB') )
{
	die('Hack attempt');
}
It is not possible to create a file as I want. The creation of the file is strictly controlled by the user of my mod. If someone hacks my server and creates a filter.txt as he want, he is only be able to produce an other array content. But there is no possibility to create an execution process.

This part is given, so how add an execution process here?

Code: Select all

$row = unserialize(\'%s\');
Maybe you find a security hole?!

regards
Marc Gutt
Ramon Fincken wrote: so spammers will use this cashette.com account to actually get paid if I'm correct..

disgusting :evil: :evil:


cashette is part of my spamfilter ;)
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

*@jvlj.com
added
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

IgnorantNewGuy
Registered User
Posts: 452
Joined: Thu Jul 14, 2005 9:27 pm

Post by IgnorantNewGuy »

Mgutt,

A few questions.

1. Does this work with CH 2.1.6 presently?
2. Can you explain how this works, exactly? As I look at the only file required to be edited, all of the banned domains you've listed in your database are not there. Do I have to enter them manually into my ACP?


Regarding these instructions:
You can test the successful installation as follows:
## - Try to register an account at your forum with one of the
## forbidden mail accounts (f.e. with "test@boom.ru").
## You will get a decline message at your forum if my
## mod works successfully
## - Wait till a new user has registered to your forum. Now
## you will find the file: cache/spamfilter.php (if not CHMOD
## the "cache" folder 0777 as mentioned in the topic of phpBB)


The first one worked. I saw the error message.
The second one did not. Cache was already set to 777 and cache/spamfilter.php was not created even after I created a real user.

Thx,
Scott 8)

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

IgnorantNewGuy wrote: 1. Does this work with CH 2.1.6 presently?

I'm using CH 2.1.4. The new version of CH isn't tested, but I think it has to work there as well.
IgnorantNewGuy wrote: 2. Can you explain how this works, exactly? As I look at the only file required to be edited, all of the banned domains you've listed in your database are not there. Do I have to enter them manually into my ACP?

No and never. The mod reads the data directly from my server and returns the spamfilter.php on your host. There are all new spammers saved into. In a period this file is updated (like a virus scanner on your pc).
IgnorantNewGuy wrote: Regarding these instructions:
You can test the successful installation as follows:
## - Try to register an account at your forum with one of the
## forbidden mail accounts (f.e. with "test@boom.ru").
## You will get a decline message at your forum if my
## mod works successfully
## - Wait till a new user has registered to your forum. Now
## you will find the file: cache/spamfilter.php (if not CHMOD
## the "cache" folder 0777 as mentioned in the topic of phpBB)


The first one worked. I saw the error message.
The second one did not. Cache was already set to 777 and cache/spamfilter.php was not created even after I created a real user.

Thx,
Scott 8)


That is strange. The mod does the following:
- Is a cache file available? No -> write cache file -> Is a cache file available? -> No -> Read directly from server...

Everytime it returns "yes" it uses the cache file.

Try to remove all "@" here and after that try to register with banned email account:
// output to file
$handle = @fopen("cache/spamfilter.php", 'w');
@flock($handle, LOCK_EX);
@fwrite($handle, sprintf($cache_data, create_date('Y-m-d H:i:s', time(), $board_config['board_timezone']), time(), str_replace('\'', '\\\'', str_replace('\\', '\\\\', $spamdata[0]))));
@flock($handle, LOCK_UN);
@fclose($handle);
@umask(0000);
@chmod("cache/spamfilter.php", 0666);
return true;


The "@" avoids error messages. So after you have removed them we will see whats going on there. Please paste them here.

regards


EDIT:

Update released:

search in functions_validate.php:

Code: Select all

				// if the cache is older than 14 days it is rewritten
				if ( $gentime < (time() + 1209600) )
				{
replace with:

Code: Select all

				// if the cache is older than 3 days it is rewritten
				if ( ($gentime + 259200) < time() )
				{
The rhythm was risen and a minor bug has been removed.

regards
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

IgnorantNewGuy
Registered User
Posts: 452
Joined: Thu Jul 14, 2005 9:27 pm

Post by IgnorantNewGuy »

Thanks. Now it worked. I tried out one of the banned email addresses that was in your list but never added manually to my ACP and I got the standard error message: Your email address has been banned. Then I checked the cache file and saw that spamfilter.php was there.

Kudos!

Here are some more to add to your list, if you do that:

*@bigfreemail.info
*@bigmir.net
*@freenet.de
*@info.ru
*@megahotmalise.com
*@pisem.net
*@pu-blocker.com
*@shop.de
*@sibmail.com
*@ukr.net
*@users.1go.dk
*@vandex.ru
*@xyonline.org

Thx,
Scott 8)

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

I add new spam accounts not in a random way. At this time I have the following requirements before adding a new emaildomain:

- registered an account to a phpBB forum (automatically or manually)
- clicked on the link in the activation email
- posted in the forum advertising messages
- registers hundreds of accounts (without activation but with a domain owned by a spammer -> needs more investigation)
- the email account is an "antispam"-account (called "trashmail"-account as well)
- and some more...

This avoids to add serious email accounts like "gmail.com", "yahoo.com" as they are used by spammers as well.

I'll be back after checking your proposals.

regards
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

IgnorantNewGuy
Registered User
Posts: 452
Joined: Thu Jul 14, 2005 9:27 pm

Post by IgnorantNewGuy »

Well, I installed this now on a 2.1.6 CH board and it does not work. I made all the changes in the above posts and I've tried registering a couple of the banned domains on your db, but they are permitted to register.

Cache is 777.

I had gotten this to work on my phpBB 2.0.21 site, but not this one.

?

Scott 8)

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

I've tried it with 2.1.4 but not with 2.1.6 till now.

I'll be back we some infos ;)
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

floralokon@yahoo.com
added

makes advertisement with websiteurls to russian pages.
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

mgutt
Registered User
Posts: 346
Joined: Tue Sep 21, 2004 2:54 pm
Location: Germany, Sankt Augustin
Contact:

Post by mgutt »

added:

*@ruxv.com
*@yqli.com
*@rxpw.com
Forums: Honda || phpBB Categories Hierarchy
Mods: Spamfilter against bot registrations || Seo Urls

Post Reply

Return to “[2.0.x] MODs in Development”