• Registered: 2007-04-05
  • Posts: 21

Topic: Please advise on best upgrade approach and solution to SPAM

Hello,

I currently have our site on x.x.14, and see that 15 is out.  I went to do the patch mode and using the OSX Terminal app was unsuccessful.  I then just replaced the modified files manually, but our site lost its style.  So then I looked at the HIFF file and read through the forums.  I am not certain where to go from here.  Is terminal even able to accomplish the patch?

Secondly, will this patch solve some SPAM.  PunBB is being used on a commercial site, and we had some not so nice spam.  Will there always be the bad stuff?  Is there a way to handle it before users are able to see it?

Thanks for any insight on the above.

  • Utchin
  • PunBB senior member
  • Offline
  • Registered: 2007-02-09
  • Posts: 760

Re: Please advise on best upgrade approach and solution to SPAM

Not sure about the upgrade but i know the SPAM problem

There are multiple mods out so when the user registers they have to pass a "test". depending on what mod it is, it could be a math question, image verification..

To check posts before they are submitted to the public you want http://www.punres.org/viewtopic.php?id=2546


the registration help could be http://www.punres.org/viewtopic.php?id=3439

Sorry. Unactive due to personal life.
  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Please advise on best upgrade approach and solution to SPAM

http://punbb.org/download/hdiff/hdiff-1 … .2.15.html
Does this help?

  • Registered: 2007-04-05
  • Posts: 21

Re: Please advise on best upgrade approach and solution to SPAM

Thank you for the info.  I currently have a MOD that requires the user to enter what they see visually.  It appears to not do the thing.  I will keep your MOD under advisement.

Also, thank you for the hdiff file.  It seems the long way, but the sure way.

5 Reply by CodeXP (edited by CodeXP 2007-08-30 00:22)

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

shieldwolf wrote:

Thank you for the info.  I currently have a MOD that requires the user to enter what they see visually.  It appears to not do the thing.  I will keep your MOD under advisement.

Also, thank you for the hdiff file.  It seems the long way, but the sure way.

Here's what I'm using to protect myself against a lot of the spammers out there. It's a very simplified version of one of my first PunBB mods, and it works well for me smile I've tried to comment the code as best I can to explain what it does...

Open register.php, and find on line 27:

require PUN_ROOT.'include/common.php';

Add after:

/***************************
   START SPAM PROTECTION
***************************/

// Address of the blocklist server
$checkspam['blocklist'] = 'sbl-xbl.spamhaus.org';

// Build the url to check (reverse DNS query). If you want to test if it works on
// your server, replace the "get_remote_address()" part with the following: '127.0.0.2'
$checkspam['Reverse DNS'] = implode( '.', array_reverse( explode( '.', get_remote_address() ) ) ) . '.' . $checkspam['blocklist'];

// Do the actual lookup. If the users IP is listed in the blocklist, we will be given just an IP back from the queried server.
// If the user is *not* listed as a spammer, the result we get back from the server will be the same string as we sent.
if( $checkspam['Reverse DNS'] != gethostbyname($checkspam['Reverse DNS']) ) {
    
    message('Unfortunately, it would appear that your current IP address is listed in one of the anti-spam databases we queried.
            Because of this, you will not be able to register a new account at this point in time. If you believe this to
            be a mistake, we urge you to read the FAQ over at <a href="http://www.spamhaus.org/faq/index.lasso">The Spamhaus Project</a>
            for more details, including actions you can take to resolve this issue.',true);
}

/****************************
   END OF SPAM PROTECTION
****************************/

Save & upload.

If you allow anonymous posts on your forum, if would be a good idea to do the same with post.php (line numbers should be the same).


EDIT: Changed blocklist to a slightly less strict one as it would appear some legitimate users, like quaker, encountered problems with the original one...and we don't want that, now do we wink

CodeXP's Website

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

codexp, is that the only thing that required to add to the register.php?




Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

7 Reply by LVZ

  • LVZ
  • Member
  • Offline
  • From: Las Vegas
  • Registered: 2004-09-22
  • Posts: 27

Re: Please advise on best upgrade approach and solution to SPAM

This was my solution.  Not a complete solution but it gets rid of over 90% of my spam problems.

http://punbb.org/forums/viewtopic.php?i … p=2#p96898

::

LVZ's Website

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

quaker wrote:

codexp, is that the only thing that required to add to the register.php?




Q

Yes, it's all you'll need for it to work.. It's really quite simple, it just does a reverse dns lookup of a users address, so as long as you don't need any logging functions or the ability to override the check for certain IPs, it doesn't have to be more complicated than this smile

CodeXP's Website

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

codexp i added the code to my site and now it says my ip is listed when i try to register..lol.
Q
http://modelcrowd.com/register.php

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

10 Reply by CodeXP

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

quaker wrote:

codexp i added the code to my site and now it says my ip is listed when i try to register..lol.
Q
http://modelcrowd.com/register.php

Strange...though, if I were you I'd go to this page on the Spamhaus website and type in your IP address in the "lookup IP address" field. The reason for this is that while you're probably not listed as a spammer, it may be that you're behind some form of blacklisted proxy on your ISP's side. If so, there's one thing you can do; change the "$checkspam['blocklist']" variable from "zen.spamhaus.org" over to one of the following:

- sbl.spamhaus.org (this is just the spammer blocklist)
- sbl-xbl.spamhaus.org (this includes open proxies, trojans and other exploits as well).

The one I used is the most restrictive one, so I suppose it could cause problem. I did not have problem reaching your registration page though, so it's not a problem with the DNS lookup itself...thankfully smile

If you'd like, you can try opening the registration page on one of my websites and see if you're getting blocked there as well.

CodeXP's Website

11 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

this what i get when i try ur site...


Unfortunately, it would appear that your current IP address is listed in one of the spam databases we queried.
            Because of this, you will not be able to register a new account at this point in time. If you believe this to
            be a mistake, we urge you to read the FAQ over at The Spamhaus Project
            for more details, including actions you can take to resolve this issue.

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

12 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

ok i changed i to..

sbl-xbl.spamhaus.org

and now it allows me to register....

what i did was add another captcha mod time zone mod and rulez and now ur mod... i hope im save... ops and the bad behavior.....


Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

13 Reply by CodeXP (edited by CodeXP 2007-08-30 00:19)

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

quaker wrote:

this what i get when i try ur site...


Unfortunately, it would appear that your current IP address is listed in one of the spam databases we queried.
            Because of this, you will not be able to register a new account at this point in time. If you believe this to
            be a mistake, we urge you to read the FAQ over at The Spamhaus Project
            for more details, including actions you can take to resolve this issue.

Ok, then your IP really is listed in one of the blacklists. Do as I said, and get your IP checked directly at the spamhaus website, then report back here. I suspect you'll find that it's either listed in the XBL or PBL lists. If so, use the sbl.spamhaus.org address instead of the one I originally posted.

Ninjaedit: Nice to see that it solved it for you. I'll edit my original post and the script on my website so I don't block to many legitimate users accidentally smile

CodeXP's Website

14 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

Ref: PBL114749
68.32.0.0/11 is listed on the Policy Block List (PBL)


Outbound Email Policy of Comcast for this IP range:

Email sent by Comcast subscribers using a mail program such as Outlook Express are required to send the email through Comcast. To insure your mail program is properly configured, please visit http://www.comcast.net/help/faq/index.jsp?faq=Email117481. If you are a Comcast Commercial Services customer and need support, please contact support_biz@cable.comcast.com

i used the sbl-xbl.spamhaus.org and now it works on my site.

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

15 Reply by CodeXP (edited by CodeXP 2007-08-30 00:36)

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

quaker wrote:
Ref: PBL114749
68.32.0.0/11 is listed on the Policy Block List (PBL)


Outbound Email Policy of Comcast for this IP range:

Email sent by Comcast subscribers using a mail program such as Outlook Express are required to send the email through Comcast. To insure your mail program is properly configured, please visit http://www.comcast.net/help/faq/index.jsp?faq=Email117481. If you are a Comcast Commercial Services customer and need support, please contact support_biz@cable.comcast.com

i used the sbl-xbl.spamhaus.org and now it works on my site.

Think I'll stay away from the pbl blocklist for checks such as this (and just use the PBL and XBL), as I suspect it wouldn't help much on a website anyway. Besides, blocking all Comcast subscribers would most definetely be a very bad idea as I understand they're quite big...right? wink

CodeXP's Website

16 Reply by quaker (edited by quaker 2007-08-30 00:39)

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

yea
all over the USA...

thanks.. for another spam stopper..haha... now i think that i have about 5 mods for that.

side note.. this is starting to be a very good idea..
http://punbb.org/forums/viewtopic.php?pid=99832#p99832

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

17 Reply by CodeXP

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

quaker wrote:

yea
all over the USA...

thanks.. for another spam stopper..haha... now i think that i have about 5 mods for that.

side note.. this is starting to be a very good idea..
http://punbb.org/forums/viewtopic.php?pid=99832#p99832

Q

I can see the value in such a mod, but I don't think I'll have any use for it though smile

As for protecting a forum against spam, it really is difficult. If only PunBB allowed you to automatically promote members based on numbers of posts etc., and allow you to specify what BBCodes etc. was available for the different groups (remove ability for posting links, images and all that until they've made at least 10-20 posts over X number of days), it would greatly improve the whole situation. The only way to do this today is by using mods, and to be honest, having to many of them just makes it to much work upgrading when a new PunBB version is out. I would think that we'll be much better of when 1.3 is out, what with the extension system and other improvements smile

CodeXP's Website

18 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

I completely agree with you. i think that spam should be one of the main issue addressed and be added to the install version.
so that it will make the system safer for users and website owners.
what i also started doing is creating a user group called newbies. everyone who sign up is added to that group by default. and i personally upgrade there status to the next level. as a newbie.. they cant see post or do anything... at all.

that another way of fighting spam...

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

  • Registered: 2007-04-05
  • Posts: 21

Re: Please advise on best upgrade approach and solution to SPAM

Thank you for the info and the dialog.  I am unsure now though, is there an updated version of your MOD to use?

Thank you again!

Drayson

20 Reply by CodeXP

  • CodeXP
  • Senior Member
  • Offline
  • From: /dev/null
  • Registered: 2004-07-07
  • Posts: 503

Re: Please advise on best upgrade approach and solution to SPAM

@quaker: Yeah, I'd love to see some of these problems addressed in the 1.3 release, but even if they're not we still have the extension system which will make it a whole lot easier to implement solutions on your own.

@shieldwolf: The version you see in my original post is the latest version, so if you use that you should be ok.

CodeXP's Website

21 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

codexp, extension are good but i think that should be a part of the core . to many time have people spammed punbb user mostly from Russia and a few other country's. maybe some smart AI system will someday be in places.

I'm going to apply that mod to all my punbb sites. im trying to do less install_mods and more hand coding the mods into punbb. MC(modelcrowd) has only 5 install mods.

thanks!
Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Please advise on best upgrade approach and solution to SPAM

Extensions, especially for fighting spam, are wonderful. Why? They don't tie you to one solution.
Maybe Akismet comes as a default extension. But your users keep getting their posts marked as spam (sometimes happens when users make short posts like "lol"). So then you want to replace it with a CAPTCHA. And then you have issues with user accessibility, so you try some DNSBLs. And on it goes smile
The extensions allow you to mix and match and find a group of spam fighting tools that work for you, rather than tying you to one set of tools.

23 Reply by quaker

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Please advise on best upgrade approach and solution to SPAM

Smartys that is true! 

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

  • Registered: 2007-04-05
  • Posts: 21

Re: Please advise on best upgrade approach and solution to SPAM

CodeXP and all:  I added your MOD.  Will see how it goes...Thank you!!!!  Glad I could contribute to a long discussion, and really appreciate PunBB!  8-)

25 Reply by MattF (edited by MattF 2007-09-06 23:13)

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Please advise on best upgrade approach and solution to SPAM

CodeXP wrote:

Think I'll stay away from the pbl blocklist for checks such as this (and just use the PBL and XBL),

The PBL section of Spamhaus is designed for use upon MX servers, not web servers. It bears no relation to anything web based. The sbl-xbl list is the one best served for web use. The zen list, (or the pbl list alone), should only be used for MX servers and nothing more.

MattF's Website