1 (edited by Justice 2011-11-02 19:38)

Topic: [release] SFS Antispam

(Not to be confused with the StopForumSpam.com Antispam extension.)

This extension will block registrations from known spammers listed in the StopForumSpam database. It includes a settings page for entering your StopForumSpam API key, as well as options for using a DNSBL (DNS blackhole list), custom block message, and email notification for blocked registrations. There is also an option to report spammers to the StopForumSpam database when deleting them. See screenshots below.

Changelog

  • ver 1.4 Bug fixes and small tweaks. (NOTE: If upgrading from 1.3, you will need to rename the `registered` column in the sfs_antispam table to `added`. Or if you prefer, you can uninstall 1.3 before installing 1.4.)

  • ver 1.3 Now caches blocked and reported spammers locally to reduce lookups. Auto-populates evidence from users signature, website, and last post (can still be edited before submitting). Other miscellaneous bug fixes and code cleanup.

  • ver 1.2 Changed hook priorities so that spammer check occurs after all other registration validation passes (e.g.  CAPTCHA validations)

  • ver 1.1 Email notifications fix, and added ability to submit evidence when reporting spammers (updated screenshot below)

  • ver 1.0 Initial release

Download

Screenshots

Settings page
http://dl.dropbox.com/u/6516117/punbb/sfs_antispam_settings.png


Blocked spammers list
http://dl.dropbox.com/u/6516117/punbb/blocked_spammers.png


Report spammer when deleting
http://dl.dropbox.com/u/6516117/punbb/report_spammer.png

Re: [release] SFS Antispam

really nice thanks

Re: [release] SFS Antispam

Brilliant.
Hope to have it installed here soon....

Extension Directory
Over 1.8 Million URLs checked in September 2012 with URL Checker extension.
Is your website being spammed? Send me the URL (entire post). Or post at http://url-checker.org

Re: [release] SFS Antispam

Just realized there is an issue where blocked registration notification emails don't always get sent.  I'll have an update to fix this soon.

Re: [release] SFS Antispam

Version 1.1 is up, with a fix for the email notifications and the ability to submit evidence when reporting spammers. Additional feedback welcome.

Re: [release] SFS Antispam

I noticed I was getting a lot of blocked spammer email alerts, and realized this was because the spam lookup was being performed before some other validation, such as the pun_antispam CAPTCHA validation. I just updated the extension to version 1.2, which uses hook priorities to ensure that the spammer check only occurs after all the other validations have passed.

Re: [release] SFS Antispam

Great added features

One thing that might be of value: instead of admin getting info of blocked spammers
-->
1. directly report the spammers to the sfs database so that it's really up to date....
and
2.  log the attempts stats in the admin section of the board

Thanks again...

Extension Directory
Over 1.8 Million URLs checked in September 2012 with URL Checker extension.
Is your website being spammed? Send me the URL (entire post). Or post at http://url-checker.org

Re: [release] SFS Antispam

it's compatible with last reCAPTCHA punbb extension?

Re: [release] SFS Antispam

fantasma wrote:

it's compatible with last reCAPTCHA punbb extension?

I tested it with reCAPTCHA and it works great.

Re: [release] SFS Antispam

thanks

Re: [release] SFS Antispam

KeyDog wrote:

Great added features
One thing that might be of value: instead of admin getting info of blocked spammers
-->
1. directly report the spammers to the sfs database so that it's really up to date....
and
2.  log the attempts stats in the admin section of the board

Thanks again...

I agree #2 is a good idea, and I'll look into it. But I'm not sure about #1. Is it appropriate to report someone to StopForumSpam when they haven't actually spammed our forum yet? Is this common practice? Would like to get more people's thoughts on this.

12

Re: [release] SFS Antispam

Feature request:
Fetch website, signature and last posting data and populate the Evidence field.

13 (edited by JanMichaels 2011-10-21 11:32)

Re: [release] SFS Antispam

But I'm not sure about #1. Is it appropriate to report someone to StopForumSpam when they haven't actually spammed our forum yet? Is this common practice? Would like to get more people's thoughts on this.

For my spam blocking service it is appropriate to send the blocked signup back to me as I keep an "All Time Spam Activity" score for each spammer submission's IP, username and email, and it helps me build statistics on the current activity of a specific spammer.  This also helps me determine if I can deactivate an IP as an active spammer after a certain time period of no spam reports. 

The only real downside to sending back a report of an active spammer on rejection (one listed in mine or someone else's spam blocking service) is that an API key would be needed before the auto reporting could be used as the submissions without an API key would be rejected (I'm assuming SFS does as I do), and it would be a waste of bandwidth (especially on popular sites with lots of spammer signups)..... Of course, you could just add an option to do that or not smile

I'm also interested in adding my spammer signup blocking service to your extension Justice... That is, if you don't mind.  I'm studying Punbb's extension system now, and can do it if you are too busy. 

Please contact me at your convenience if you are interested.

best,

Jan

Re: [release] SFS Antispam

JanMichaels wrote:

For my spam blocking service it is appropriate to send the blocked signup back to me as I keep an "All Time Spam Activity" score for each spammer submission's IP, username and email, and it helps me build statistics on the current activity of a specific spammer.  This also helps me determine if I can deactivate an IP as an active spammer after a certain time period of no spam reports. 

The way I see it, a "spam report" is just that, a report of spamming. A blocked registration cannot be qualified as spamming, regardless of whether or not their IP address or email address is listed in the StopForumSpam database. Your spamming service may have different rules as to what constitutes spam, but since my extension utilizes the StopForumSpam.com service (as indicated by the "SFS" in the name) I don't feel it appropriate to add such a feature to my extension.

That said, this is open source. You are welcome to take my extension and build upon it, and release your own StopArticleSpam extension if you wish.  smile

15

Re: [release] SFS Antispam

Justice wrote:

A blocked registration cannot be qualified as spamming, regardless of whether or not their IP address or email address is listed in the StopForumSpam database.

The problem with that: If a spammer is human or not hitting a honeypot, he'll only have 1-2 entries in the sfs db. Some people have code rules to require a minimum of 3-5 entries to block a spammer. If you have IP and email of a known spammer, he's a nuisance/danger for your site. The quality and certainty regarding spammers would increase if they were reported, imo.

Extension Directory
Over 1.8 Million URLs checked in September 2012 with URL Checker extension.
Is your website being spammed? Send me the URL (entire post). Or post at http://url-checker.org

16

Re: [release] SFS Antispam

I may be wrong, but I don't see this setting "Search e-mail addresses" being utilized.

17 (edited by JanMichaels 2011-10-23 08:51)

Re: [release] SFS Antispam

A blocked registration cannot be qualified as spamming...

Although I respect your opinion, I have to agree AND disagree.. This morning I woke up to a nice message on one of my trap forums that started out "Hello my friends..." and continued on with some lovely images (let's just say they weren't PG rated).  I submitted him to my spammer database.

I then found 16 more spam reports from other client sites about the same IP number....

I agree when you say that a blocked registration can't be qualified as spamming until he/she's spammed your site ...I disagree in that a blocked registration IS qualified as a known spammer trying to spam again, and again and again and usually with a bot, and the more times they are reported, the more obvious it becomes they will spam your site if you let them.  One, two reports may be a mistake, but five, ten, two hundred reports makes the person's intentions clear.

I do though very much admire your fairness, and thank you for giving me permission to add to your extension.  smile

In respect to your feelings on the subject I won't add a report back of blocked spammers...

best,

Jan

Re: [release] SFS Antispam

KeyDog wrote:

The problem with that: If a spammer is human or not hitting a honeypot, he'll only have 1-2 entries in the sfs db. Some people have code rules to require a minimum of 3-5 entries to block a spammer. If you have IP and email of a known spammer, he's a nuisance/danger for your site. The quality and certainty regarding spammers would increase if they were reported, imo.

I completely understand where you're coming from, but after asking about this over at the StopForumSpam forums, I have learned that reporting spammers just for trying to register, with no actual proof of spamming, violates their Terms of Service:

Any automatic reporting to StopForumSpam.com that is simply relying on other DNSBLs, without an actual witnessed incident of spamming (be it profile linking, signature linking, or message), will result in:
1. Suspension of the offending user account.
2. Addition of the user account data (user name, IP adress(es), and e-mail account), to the database here (filing a false report is spamming our forum).
3. Removal of all contributed records from that user to our database.
4. Whatever other punitive actions that Pedigree or Russ wish to levy, without restriction.

Some additional quotes:

Zaphod wrote:

The spammers must actually complete an act of spamming to your forum to be reported here.
Usually determination of spam requires human intervention, so seeing the automatic part in your script, is a warning sign you may be violating ToS.
Zap

Wizzle wrote:

Have to second that.
Automatically reporting spammers on a live forum is a very bad idea. Any risk of reporting an "innocent" is too much.
Now, if you mean, a new member was flagged, reviewed and then "one click" report. That's kool, and very useful too!

So I think that settles that. No automatic reporting of blocked registrations (to SFS at least).  smile

19 (edited by Justice 2011-10-24 03:05)

Re: [release] SFS Antispam

rbma wrote:

I may be wrong, but I don't see this setting "Search e-mail addresses" being utilized.

Really? I use this setting because I want to block registrations from those using listed email addresses as well as those using listed IP addresses. Do most people only block by IP?

Or maybe the way I labeled the setting is unclear. To clarify, if you leave it unchecked, then this extension will only search the StopForumSpam database for a registrants IP address, and block the registration if there's a match. With the option turned on, it will first search on their IP address and block if there's a match, but if there's no match, it will then search on their email address, and block the registration if there's a match.

I will admit that I'm far from an expert on this subject, but doesn't it make sense  to search on both?

20 (edited by JanMichaels 2011-10-24 03:52)

Re: [release] SFS Antispam

I agree it's a moot point, although it's unclear how this applies to back reporting to their own database from their own spam report listing judging by this statement...

simply relying on other DNSBLs...

  I thought the question was reporting back to SFS from their own listings?  Sorry if I misunderstood.

This also is a bit confusing

Automatically reporting spammers on a live forum is a very bad idea. Any risk of reporting an "innocent" is too much...

 

How can the reporting back of a person listed by their own service be an "innocent" person if they've already been reported to SFS and the person reporting back is using SFS's own database?

Rhetorical questions and don't need a reply  smile

Re: [release] SFS Antispam

JanMichaels wrote:

I thought the question was reporting back to SFS from their own listings?  Sorry if I misunderstood.

Yes, we are talking about automated reporting to SFS from their own listings. I was given the same answer ("Don't do it") when I asked the question directly, referencing my SFS Antispam PunBB extension thread here. So they've made it pretty clear (to me, at least) that it violates their ToS.  smile

Re: [release] SFS Antispam

Totally clear to me and never had any intention of doing so smile

Thanks for the clarification,

Jan

23

Re: [release] SFS Antispam

Justice wrote:

To clarify, if you leave it unchecked, then this extension will only search the StopForumSpam database for a registrants IP address, and block the registration if there's a match. With the option turned on, it will first search on their IP address and block if there's a match, but if there's no match, it will then search on their email address, and block the registration if there's a match.

In manifest.xml, please advise where this setting 'o_sfs_search_email_addresses' is evaluated and executed accordingly.

24 (edited by Justice 2011-10-24 06:24)

Re: [release] SFS Antispam

rbma wrote:

In manifest.xml, please advise where this setting 'o_sfs_search_email_addresses' is evaluated and executed accordingly.

Ah! I misunderstood your question the first time. I thought you were suggesting that people wouldn't want to utilize the feature.

And you are totally right, I somehow forgot to add the check on that setting, so currently it is searching on email addresses whether you want it to or not.  sad My apologies, and I'll have it fixed in the next version, along with the other requested features.

25

Re: [release] SFS Antispam

I see now how it could be misinterpreted. Sorry about that.

How about the option to check on IP or email or username?  We had a false positive the other day where the IP was reported back in August, but the email address was not. In this case, we would want to check on email only.