Topic: Spambots attacking!

In my forum, I've gotten a pretty high google search ranking, and I'm being bombarded by spambots to the tune of 20+ per day. All of them use gmail.com accounts (so I can't block the email domain), but they do follow a ridiculous naming scheme: each chooses a username that goes ma***zda where the * represents a number. (1) Can I prune usernames using wildcards like this? (2) Does Punbb have a sign up mode like phpBB that requires me to manually add users who request a login? I couldn't find this option in the admin panel.

Re: Spambots attacking!

Note: I used the User Admin plugin to prune users with no posts who registered recently, but this is too imprecise for future use. I think that I need a better way of quickly deleting spambots down the road.

3

Re: Spambots attacking!

What registration mods are you using?

Re: Spambots attacking!

No clue.

Re: Spambots attacking!

Link us your forums then.

Re: Spambots attacking!

i use a mod called another captcha mod search for it at punres.org and the time zone mod and with this from a thread!
add this right below the common.php line in the register.php

/***************************
   START SPAM PROTECTION
***************************/

// Address of the blocklist server
$checkspam['blocklist'] = 'sbl.spamhaus.org';

// Build the url to check (reverse DNS query). If you want to test if it works on
// your server, replace the "get_remote_address()" part with the following: '127.0.0.2'
$checkspam['Reverse DNS'] = implode( '.', array_reverse( explode( '.', get_remote_address() ) ) ) . '.' . $checkspam['blocklist'];

// Do the actual lookup. If the users IP is listed in the blocklist, we will be given just an IP back from the queried server.
// If the user is *not* listed as a spammer, the result we get back from the server will be the same string as we sent.
if( $checkspam['Reverse DNS'] != gethostbyname($checkspam['Reverse DNS']) ) {
    
    message('Unfortunately, it would appear that your current IP address is listed in one of the anti-spam databases we queried.
            Because of this, you will not be able to register a new account at this point in time. If you believe this to
            be a mistake, we urge you to read the FAQ over at <a href="http://www.spamhaus.org/faq/index.lasso">The Spamhaus Project</a>
            for more details, including actions you can take to resolve this issue.',true);
}

/****************************
   END OF SPAM PROTECTION
****************************/
My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

7 (edited by tmallen 2007-10-29 17:19)

Re: Spambots attacking!

Where is the common.php line in register.php? Common.php appears three times in the file. Should it come right after this?

require PUN_ROOT.'include/common.php';

Seems a bit early to be filtering out registrants (line 27, second non-comment line).

8 (edited by quaker 2007-10-29 17:44)

Re: Spambots attacking!

u put this in the register.php right below the line with

this common.php is at the top of the page....

require PUN_ROOT.'include/common.php';

this is where you start adding the code!!!!!!!!!!!!!!!!!!!!!!


/***************************
   START SPAM PROTECTION
***************************/
My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

Re: Spambots attacking!

mmm... cool.
I think i will replace the akismet module by this.

I went on spamhaus and gave quick look at the documentation but still don't understand how it works.
How is the lookup made?... like... in the code you posted above... where is the actual lookup?
I don't see any remote data retrieval.. quaker, can you explan in more detail?

10 (edited by MattF 2007-10-30 14:02)

Re: Spambots attacking!

Working on a RBL test address: 127.0.0.2, (which will return a txt record, hence a match), the following:

gethostbyname($checkspam['Reverse DNS'])

queries the following through a DNS lookup to Spamhaus:

2.0.0.127.sbl-xbl.spamhaus.org

Try a dig or host lookup on that above and you'll see what happens. Try it then with a 3 as the first number, and you'll see how the rbl responds for a non listed address.