1 Topic by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Topic: Discard registrations with double names to block spammers

I use a modified version of PunBB as my central registration system. I have an increasing problem with spammers signing up.

Spammers (almost) always sign up using the same "name" in my custom firstname and surname fields. It should be easy to check for that and discard those registrations, even without letting whoever's trying to register know that it didn't go through.

Any suggestions how to do that?

Any other suggestions how to block this type of spammer? Would more required custom sign-up fields make any difference?

I've already added a math captcha...

I'm not a real php programmer. I copy/paste php code and know some basics. I'm getting better at it, but can't write scripts from scratch. Any suggestions are very much appreciated!

Peter's Website

2 Reply by MattF

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Discard registrations with double names to block spammers

Simplest way may just be to create a separate file containg an array of names that are banned, include the file in register.php and use in_array to check if the name is in that list|array. Then just update the array as and when.

MattF's Website

3 Reply by Peter

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: Discard registrations with double names to block spammers

No, that's useless, as useless as blocking individual IP numbers. They never use the same name.

I meant they always use the same "name" in my custom firstname and surname fields, so something like this: Brezwkljklj Brezwkljklj

That should make them relatively easy to filter out. I'm asking for suggestions what the PHP for that would look like:

if firstname=surname, then insert nothing in the database and redirect to 'Succes, now get lost!'

Peter's Website

4 Reply by Smartys (edited by Smartys 2008-05-06 01:52)

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Discard registrations with double names to block spammers

Edit: Whoops, sorry Peter, apparently I can't read. tongue

  • quaker
  • quaker
  • Senior Member
  • Offline
  • From: USA
  • Registered: 2006-02-22
  • Posts: 1,783

Re: Discard registrations with double names to block spammers

u can add this to the register.php

i use spamhaus mod that mattf did for me...

right below!

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


add

/***************************
   START SPAM PROTECTION
***************************/

// Address of the blocklist server
$checkspam['blocklist'] = 'sbl.spamhaus.org';

// Build the url to check (reverse DNS query). If you want to test if it works on
// your server, replace the "get_remote_address()" part with the following: '127.0.0.2'
$checkspam['Reverse DNS'] = implode( '.', array_reverse( explode( '.', get_remote_address() ) ) ) . '.' . $checkspam['blocklist'];

// Do the actual lookup. If the users IP is listed in the blocklist, we will be given just an IP back from the queried server.
// If the user is *not* listed as a spammer, the result we get back from the server will be the same string as we sent.
if( $checkspam['Reverse DNS'] != gethostbyname($checkspam['Reverse DNS']) ) {
    
    message('Unfortunately, it would appear that your current IP address is listed in one of the anti-spam databases we queried.
            Because of this, you will not be able to register a new account at this point in time. If you believe this to
            be a mistake, we urge you to read the FAQ over at <a href="http://www.spamhaus.org/faq/index.lasso">The Spamhaus Project</a>
            for more details, including actions you can take to resolve this issue.',true);
}

/****************************
   END OF SPAM PROTECTION
****************************/

that is one step.. another is captcha... mod..

Q

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

quaker's Website

6 Reply by MattF

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Discard registrations with double names to block spammers

Peter wrote:

That should make them relatively easy to filter out. I'm asking for suggestions what the PHP for that would look like:

if firstname=surname, then insert nothing in the database and redirect to 'Succes, now get lost!'

if (strtolower($firstname) == strtolower($surname))
{
    [whatever code takes your fancy here]
}

MattF's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Discard registrations with double names to block spammers

Whoops, ignore me Peter, I misread your post smile

8 Reply by MattF

  • MattF
  • Senior Member
  • Offline
  • From: South Yorkshire, England
  • Registered: 2007-03-15
  • Posts: 1,956

Re: Discard registrations with double names to block spammers

As did I. big_smile

MattF's Website

9 Reply by Peter (edited by Peter 2008-05-07 16:04)

  • Peter
  • Senior Member
  • Offline
  • From: Brooklyn, NY
  • Registered: 2006-01-10
  • Posts: 205

Re: Discard registrations with double names to block spammers

MattF, Smartys, quaker, thanks so much again! I should have described my problem more clearly.

MattF's latest solution looks very helpful. I'll take that, try some things and post the result when I have it. :-)

Edit: I've added the lines to register.php (and a line in lang_register):

    ...
        // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('#\s+#s', ' ', $username);

    // block spammers with double names
    if (strtolower($firstname) == strtolower($surname)) { 
        message($lang_register['Double name spammer']);
        exit;
    }

    // Validate username and passwords ...

When I test signing up with the same name in firstname and surname, it gets through without problems. So if (strtolower($firstname) == strtolower($surname)) is ignored, it doesn't do anything.

Or did I put it in the wrong place?

I'll get back to this when I have more time...

Peter's Website