1 (edited by testingpunbb 2007-12-06 01:32)

Topic: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Hi everybody,

first of all: LOVE THIS FORUM!
I installed it just today as a former phpbb admin. First impression: Love it! (in fact, even though I'm a poor student I would donate some bugs if knew whereto)

I found out that censoring words like .com into dot_com and other tld could be an effective way to keep spammers out which promote
all kinds of stuff for ggl rankings.
It works even during the registration procedure. It's just great! You can try it out here: xnexus.com/punbb

It works almost in every environment but on personal user details. If you could get the code to check there too in the same way for censored words
as during the registration process there would be no way at all for bots to register with their crap. It even works on email addresses.
There is no work around yet but to disable "User info in posts"
This is the only drawback I found so far on censoring.

I don't know if you are aware of this but facebook forums are running on punbb using reCAPTCHA on registration.
Anyhow, I contacted a moderator from the facebooks forums today and asked him to share the plugin for reCAPTCHA (no answer yet).
I need to give it a try. Didn't find any better solution for now than that.

We are launching soon a huge website (not the one mentioned above) with estimated over 150k users to fit over time and are running tests on punbb, smf, icebb and bbpress.
As far as I can tell for now, if punbb keeps on running like that there will be no need left to check out the other ones. If someone here has experience with a that big load of users
hosted on punbb and thinks this is the wrong solution performance or database wise then let me know. Suggestions are very welcome!

If there is one of you having a solution for Censoring at all times already or even got reCAPTCHA plugin working please share.

Thank you guys for doing what you did so far. It's great stuff.

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Moved to PunBB Discussion wink
Welcome to the forums! big_smile

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Now then:

http://blog.36invisible.com/2007/08/05/ … for-punbb/ | Instructions for integrating PunBB with recaptcha, I won't vouch for their accuracy since I found them through 5 seconds of Googling tongue

And where is the censor not being applied properly? Or do you mean that the censor is being passive (doing a replace before displaying) rather than being active (denying a change that would violate the censor)?

4 (edited by testingpunbb 2007-12-06 01:39)

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

I just found those lines, checking for censored words during the registration in the Username field:

    // Check username for any censored words
    if ($pun_config['o_censoring'] == '1')
    {
        // If the censored username differs from the username
        if (censor_words($username) != $username)
            message($lang_register['Username censor']);

Now I only need the right place to insert somewhere in profile.php (correct me if I'm wrong)
in order to have it check in the website field of the user profile. This way the user shouldn't
be able to put in censored words (in this case tld's) and everything would be peachy.
Any ideas where to put that in ?

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

I do, but are you suggesting not allowing a TLD in a website field? Why allow the website field at all then? tongue

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Smartys wrote:

I do, but are you suggesting not allowing a TLD in a website field? Why allow the website field at all then? tongue

Simple because humans can make up something from wewewe.punbb.dot_org and googlebots or other ranking bots won't.
If they can not insert their crap (like during registration, they can't) we win.

My friend was working on AI for strategic games at http://razzar.com/ai/forum/ and I was the host back then.
When googlerankins went up we got so many bots registering that I've had enough and we had to shut down due to lack of time
for maintaining this meanace.

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

By the way, I posted a couple of minutes ago here. http://punbb.org/forums/viewtopic.php?id=9298
But that's only half as beautiful as scenario 1..

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Mmm, I think you're more likely to get confused users than anything else with that setup. wink
But if you insist:
profile.php
FIND

            // Add http:// if the URL doesn't contain it already
            if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0)
                $form['url'] = 'http://'.$form['url'];

ADD AFTER

            if ($pun_config['o_censoring'] == '1' && censor_words($form['url']) != $form['url'])
                message('Put stuff to say here');

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

I did it like that:

// Add http:// if the URL doesn't contain it already
            if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0)
                $form['url'] = 'http://'.$form['url'];
            if ($pun_config['o_censoring'] == '1' && censor_words($form['url']) != $form['url'])
                message('You aren't allowed to use tld's');   

            break;
        }

Now when I click on profile:
Parse error: parse error, unexpected T_STRING in /srv/www/vhosts/xnexus.net/httpdocs/punbb/profile.php on line 761

What did I miss?

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

After all I just thought about it. And you are right, that would confuse users and keep spammers away.
Let's say I go with scenario 2, what lines have to go to get rid of the website field?

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

REMOVE

                            <dt><?php echo $lang_profile['Website'] ?>: </dt>
                            <dd><?php echo $url ?> </dd>
<label><?php echo $lang_profile['Website'] ?><br /><input type="text" name="form[url]" value="<?php echo pun_htmlspecialchars($user['url']) ?>" size="50" maxlength="80" /><br /></label>
            // Add http:// if the URL doesn't contain it already
            if ($form['url'] != '' && strpos(strtolower($form['url']), 'http://') !== 0)
                $form['url'] = 'http://'.$form['url'];

FIND

$form = extract_elements(array('realname', 'url', 'location'));

REPLACE WITH

$form = extract_elements(array('realname', 'location'));

12 (edited by testingpunbb 2007-12-06 02:57)

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Man you're the greatest! *bowing*
Really fool-proof guide you just delivered.

The fields are gone.
Unfortunately it's still being diplayed in the posts. http://xnexus.net/punbb/viewtopic.php?pid=12#p12
Now that wouldn't even matter if the spapbots which know the punbb code couldn't insert their stuff in the first place.
Is it possible for them to do that anyhow ? Like to deliver their stuff on a different basis?

Great response time btw ;-)

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

Nope, it isn't possible to set the URL anymore wink
To remove the display from viewtopic.php:
DELETE

            if ($cur_post['url'] != '')
                $user_contacts[] = '<a href="'.pun_htmlspecialchars($cur_post['url']).'">'.$lang_topic['Website'].'</a>';

And thank you wink

14 (edited by testingpunbb 2007-12-07 03:01)

Re: my Antispam Solution - through reCAPTCHA + Alltime Censoring SPAM

You're the one to be thanked.
Sometimes things just need to be said.

Worked like a charm by the way.

Now I'm gonna look into that reCAPTCHA integration, although it's 4:30am and I might wanna go to sleep..
There has to be a way to keep em 100% out.

I thought about the censoring again.
1. I have to admit that censoring tld's on the website field might be a bit confusing to users.
2. Let's pretend you want to censor other words like dick, suck and other even more offending words,
why would you allow them in places like "the real name" or "location" if you won't have them in the username
nor in the posts. It's just makes perfect sense to me to disallow em globally, therefore forbid inserting their bad stuff (that would keep spammers away).
Replacing them only, does not keep the bots away. It does though reduce the damage (since googlebots won't find anything useful).
When the bot inserts his data, he leaves happy without realizing that his crap is gonna be replaced. Now that's the place
where we could simply stall him and not letting him insert it in the first place, rather than just replace afterwards what he did.



*expressing gratitude* for your help