[Alpha] Spamfilter against automated bot registrations

[mgutt]

Manually:

Ban Emails:
Go to the ACP -> User Admin -> Ban Control -> and paste in the field "Ban one or more email addresses" every email address that is listed here:
http://www.phpbb-de.com/filter.php?spammers=display

If you want to search for spammer accounts in your forum try it with this query:
http://www.phpbb-de.com/filter.php?spammers=mysql

Ban IPs:
Go to the ACP -> User Admin -> Ban Control -> and paste in the field "Ban one or more IP addresses or hostnames" every ip addresses that is listed here:
http://www.phpbb-de.com/filter.php?ips=display

If you want to search for spammers posts in your forum posted with one of the listed ips try with this query:
http://www.phpbb-de.com/filter.php?ips=mysql


Automatically:

Description:
This mod uses my anti-spam database listed above. (at this time only the email addresses, ip banning will be added in the future)

You can manually add those listed emailaddresses to your banlist or you use this mod. It does it automatically.

It runs like that:
- The datas are read and a cache file is generated in the "cache" folder (please set CHMOD rights to "777"!)
- If a bot registers to your forum and his given emailaddress is in the anti-spam database the registration is denied
- If my server is temporarily not available, the code uses the cached file instead, so you are guarded every time
- The cache file is updated every 14 days
- You can add more spammers to your banlist in the acp as normal

Click here to download mod

Please set "777" rights to the "cache" folder. Howto:
http://www.phpbb.com/kb/article.php?article_id=363

[drathbun]

Why is 777 required? Why not read/write but not execute?

[mgutt]

Because 666 and 766 failes very often and your team posts 777 as standard as well

look:
http://www.phpbb.com/phpBB/viewtopic.ph ... 05#2193005
and:
http://www.phpbb.com/phpBB/viewtopic.ph ... 90#2325690
and:
http://www.phpbb.com/phpBB/viewtopic.ph ... 85#2268685
...

What do you prefer for the cache folder?

[drathbun]

What do you prefer for the cache folder?

For something that is going to be provided by another server? Not "execute" permissions, that's for sure. What happens if your server gets compromised, and someone loads a different script in place of the one I'm expecting?

I think the idea behind providing a list of known spammers is interesting. I started my own list not two days ago, and it contains quite a few (but not all) of the items on your list. But I would envision providing that as a list that people could look at, review, and elect to use. I would never - as trustworthy as you might think you are - trust someone to provide that list as a service via a remote call like you've provided in this MOD. It's not that I don't trust you, per se, it's that I don't trust the process.

Granting execute permissions should not be required, and I would not use any MOD that uses this technique. I will not attempt to speak for the MOD Team, but I would suggest that perhaps you get one of them to take an advance look at your MOD and let you know if it would even be approved for the MOD-DB in its current state.

[Ramon Fincken]

have any of you guys ever visited the www.cashette.com website?
It actually pays ppl if they get spam in their account...

so spammers will use this cashette.com account to actually get paid if I'm correct..


disgusting

[mgutt]

What do you prefer for the cache folder?

For something that is going to be provided by another server? Not "execute" permissions, that's for sure. What happens if your server gets compromised, and someone loads a different script in place of the one I'm expecting?

I think the idea behind providing a list of known spammers is interesting. I started my own list not two days ago, and it contains quite a few (but not all) of the items on your list. But I would envision providing that as a list that people could look at, review, and elect to use. I would never - as trustworthy as you might think you are - trust someone to provide that list as a service via a remote call like you've provided in this MOD. It's not that I don't trust you, per se, it's that I don't trust the process.

Granting execute permissions should not be required, and I would not use any MOD that uses this technique. I will not attempt to speak for the MOD Team, but I would suggest that perhaps you get one of them to take an advance look at your MOD and let you know if it would even be approved for the MOD-DB in its current state.

This can't happen because the spamfilter cache file is CHMOD 0666 (without execution):

Code: Select all

@chmod("cache/spamfilter.php", 0666);

And the content of the filter.txt is saved in an array which is later only used by this code line:

Code: Select all

					$match_email = str_replace('*', '.*?', $row[$i]['ban_email']);
					if (preg_match('/^' . $match_email . '$/is', $email))

And it must be included in a phpBB file to be used because of:

Code: Select all

if ( !defined('IN_PHPBB') )
{
	die('Hack attempt');
}

It is not possible to create a file as I want. The creation of the file is strictly controlled by the user of my mod. If someone hacks my server and creates a filter.txt as he want, he is only be able to produce an other array content. But there is no possibility to create an execution process.

This part is given, so how add an execution process here?

Code: Select all

$row = unserialize(\'%s\');

Maybe you find a security hole?!

regards
Marc Gutt

so spammers will use this cashette.com account to actually get paid if I'm correct..

disgusting

cashette is part of my spamfilter

[mgutt]

*@jvlj.com
added

[IgnorantNewGuy]

Mgutt,

A few questions.

1. Does this work with CH 2.1.6 presently?
2. Can you explain how this works, exactly? As I look at the only file required to be edited, all of the banned domains you've listed in your database are not there. Do I have to enter them manually into my ACP?


Regarding these instructions:

You can test the successful installation as follows:
## - Try to register an account at your forum with one of the
## forbidden mail accounts (f.e. with "test@boom.ru").
## You will get a decline message at your forum if my
## mod works successfully
## - Wait till a new user has registered to your forum. Now
## you will find the file: cache/spamfilter.php (if not CHMOD
## the "cache" folder 0777 as mentioned in the topic of phpBB)

The first one worked. I saw the error message.
The second one did not. Cache was already set to 777 and cache/spamfilter.php was not created even after I created a real user.

Thx,
Scott 8)

[mgutt]

1. Does this work with CH 2.1.6 presently?

I'm using CH 2.1.4. The new version of CH isn't tested, but I think it has to work there as well.

2. Can you explain how this works, exactly? As I look at the only file required to be edited, all of the banned domains you've listed in your database are not there. Do I have to enter them manually into my ACP?

No and never. The mod reads the data directly from my server and returns the spamfilter.php on your host. There are all new spammers saved into. In a period this file is updated (like a virus scanner on your pc).

Regarding these instructions:

You can test the successful installation as follows:
## - Try to register an account at your forum with one of the
## forbidden mail accounts (f.e. with "test@boom.ru").
## You will get a decline message at your forum if my
## mod works successfully
## - Wait till a new user has registered to your forum. Now
## you will find the file: cache/spamfilter.php (if not CHMOD
## the "cache" folder 0777 as mentioned in the topic of phpBB)

The first one worked. I saw the error message.
The second one did not. Cache was already set to 777 and cache/spamfilter.php was not created even after I created a real user.

Thx,
Scott 8)

That is strange. The mod does the following:
- Is a cache file available? No -> write cache file -> Is a cache file available? -> No -> Read directly from server...

Everytime it returns "yes" it uses the cache file.

Try to remove all "@" here and after that try to register with banned email account:

// output to file
$handle = @fopen("cache/spamfilter.php", 'w');
@flock($handle, LOCK_EX);
@fwrite($handle, sprintf($cache_data, create_date('Y-m-d H:i:s', time(), $board_config['board_timezone']), time(), str_replace('\'', '\\\'', str_replace('\\', '\\\\', $spamdata[0]))));
@flock($handle, LOCK_UN);
@fclose($handle);
@umask(0000);
@chmod("cache/spamfilter.php", 0666);
return true;

The "@" avoids error messages. So after you have removed them we will see whats going on there. Please paste them here.

regards


EDIT:

Update released:

search in functions_validate.php:

Code: Select all

				// if the cache is older than 14 days it is rewritten
				if ( $gentime < (time() + 1209600) )
				{

replace with:

Code: Select all

				// if the cache is older than 3 days it is rewritten
				if ( ($gentime + 259200) < time() )
				{

The rhythm was risen and a minor bug has been removed.

regards

[IgnorantNewGuy]

Thanks. Now it worked. I tried out one of the banned email addresses that was in your list but never added manually to my ACP and I got the standard error message: Your email address has been banned. Then I checked the cache file and saw that spamfilter.php was there.

Kudos!

Here are some more to add to your list, if you do that:

*@bigfreemail.info
*@bigmir.net
*@freenet.de
*@info.ru
*@megahotmalise.com
*@pisem.net
*@pu-blocker.com
*@shop.de
*@sibmail.com
*@ukr.net
*@users.1go.dk
*@vandex.ru
*@xyonline.org

Thx,
Scott 8)

[mgutt]

I add new spam accounts not in a random way. At this time I have the following requirements before adding a new emaildomain:

- registered an account to a phpBB forum (automatically or manually)
- clicked on the link in the activation email
- posted in the forum advertising messages
- registers hundreds of accounts (without activation but with a domain owned by a spammer -> needs more investigation)
- the email account is an "antispam"-account (called "trashmail"-account as well)
- and some more...

This avoids to add serious email accounts like "gmail.com", "yahoo.com" as they are used by spammers as well.

I'll be back after checking your proposals.

regards

[IgnorantNewGuy]

Well, I installed this now on a 2.1.6 CH board and it does not work. I made all the changes in the above posts and I've tried registering a couple of the banned domains on your db, but they are permitted to register.

Cache is 777.

I had gotten this to work on my phpBB 2.0.21 site, but not this one.

?

Scott 8)

[mgutt]

I've tried it with 2.1.4 but not with 2.1.6 till now.

I'll be back we some infos

[mgutt]

floralokon@yahoo.com
added

makes advertisement with websiteurls to russian pages.

[mgutt]

added:

*@ruxv.com
*@yqli.com
*@rxpw.com