Topic: Botscout

Beta Extension
v.0.0.3

============================
historic:

btw if I want to add an API key in $url
?ip='.$ip&key=xxxxxxxx;
does it go there
or before the = , or do I need to put it somewhere different and call it another way?

(this would be for botscout which needs the API key if more than 20 queries are done a day...)

EDIT: FYI, this is from http://botscout.com/api.htm

IP - Check an IP Address: 
http://botscout.com/test/?ip=84.16.230.111&key=xxxxxxxx

2

Re: Botscout

KeyDog wrote:

?ip='.$ip&key=xxxxxxxx;

Yup, it's correct wink

Eraversum - scifi browser-based online webgame

Re: Botscout

Okay cool thx. Just testing this to see if it works on botscout aswell.
http://www.mediafire.com/file/gb89b8l3l … tscout.zip  (basically same ext just minus the 'last_seen')

If it does catch stuff maybe one could merge the two, i.e. send query to one, then depending on answer, send another query to the other bot db....

4

Re: Botscout

I don't know, I tried some of those IP listed at botscout and 90% of them were at SFS too. And 300 limit? That's not a really big one... Moreover instructions to installing extension would have to be like "Go there, get API key..." :-(

But if you would like keep trying, here's the code (I haven't tested it, but it should be fine)

    <hook id="rg_start"><![CDATA[
if (file_exists($ext_info['path'].'/lang/'.$forum_user['language'].'/'.$ext_info['id'].'.php'))
    require $ext_info['path'].'/lang/'.$forum_user['language'].'/'.$ext_info['id'].'.php';
else
    require $ext_info['path'].'/lang/English/'.$ext_info['id'].'.php';
    
$ip = get_remote_address();

$query = array(
    'SELECT'   => 'ip',
    'FROM'     => 'botscout',
    'WHERE'    => 'ip = \''.$ip.'\'',
    'LIMIT'    => '1'
);
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);

if($forum_db->num_rows($result) > 0) {
    message(sprintf($lang_botscout['Forbidden'], $ip));
} else {
    $url = 'http://botscout.com/test/?ip='.$ip.'&key=xxxxxxx;
    $remote_file = get_remote_file($url, 10);

    if(strpos("limit reached", $remote_file)) {
        //maybe we could log this somewhere? (email, maybe), but I don't think it's 'that' important
    } else {
        $array = explode('|', $remote_file);
        if($array[0] != "Y") {
            $query = array(
               'INSERT'   => 'ip, bot_visit, count',
               'INTO'     => 'botscout',
               'VALUES'   => '\''.$ip.'\', NOW(), \''.$array[2].'\''
            );
            $forum_db->query_build($query) or error(__FILE__, __LINE__);
            
            message(sprintf($lang_botscout['Forbidden'], $ip));
        }
    }
}
    ]]></hook>

BTW, sorry about that url, it wasn't correct, it should be like in the code, so

?ip='.$ip.'&key=xxxxxxxx;

Eraversum - scifi browser-based online webgame

5 (edited by KeyDog 2010-08-24 12:22)

Re: Botscout

Thanks! Will try it...
(PS: split this off into seperate topic..)

[EDIT]
for the record : how another script does it... for auroraGPT
[code=php]
< ?php
///////////////////////////////////////////////////////////////////
// AuroraGPT BotScout mod (basic version) for AuroraGpt 4-mrV3   //
// This mod assembled by aussiebob - rod@qifn.net - 19 Aug 2010  //
// As used on http://www.buxbunny.com - AuroraGpt 4-mrV3         //
///////////////////////////////////////////////////////////////////

// This mod will verify all new signups against external databases of
// known scammers, spammers, bots, and general pains in the ass!

// HOW IT WORKS - when the bot or registerant clicks the button the
// email and IP address are checked against the http://botscout.com
// database of known bots. If a record is found then the signup simply
// fails and the details are written to your admin site log.
// If it's a genuine signup, then the registeration goes through as normal.
// We recommend you check out the http://botscout.com site, (BTW: we are NOT
// affilated with BotScout, we just use the handy free service provided)
// NOTE: We intentionally do NOT check by username as they are too generic
// ie: a genuine signup with username holly would be rejected as a bot

// DISCLAIMER: We cannot be held accountable for any losses due to the
// misuse of this script nor any incorrect data returned from Botscout.
// Your daily signup numbers will drop as bots are detected!


// INSTRUCTIONS:
// 1- Edit the CONFIGURATION section of this file.
// 2- Place this file (botscout.php) in your members directory.
// 3- Edit the file members/join.php
// and add this line - include('botscout.php');
// directly below line $co = lookupIp($vip); so it looks like this

// $co = lookupIp($vip);
// include('botscout.php');

// Thats all folks - enjoy

// ---- CONFIGURATION BEGIN  ----
// NOTE: This is optional, but without an API KEY you can only do 20 lookups daily
// Register for a FREE API KEY at http://botscout.com/getkey.htm

// Enter your Free API KEY you received by email from http://botscout.com/
$APIKEY = 'YOUR-API-KEY';
// ---- CONFIGURATION END ----

// --------------------------------------------------------------------------
// ---- DO NOT EDIT BELOW THIS LINE UNLESS YOU KNOW WHAT YOU ARE DOING!! ----
// --------------------------------------------------------------------------

// init vars
$botdata='';
$returned_data='';

// get the registerants IP address
$XIP = $_SERVER['REMOTE_ADDR'];

// get the registerants username
$XUSER = $uUsername;

// get the registerants email
$XMAIL = urlencode($uEmail);

// Assemble the query to send to BotScout.com using the registerants email and IP addresses only
$apiquery = "http://botscout.com/test/?multi&mail=$XMAIL&ip=$XIP";

// Add your BotScout.com registered user API KEY to the query
if($APIKEY != ''){
    $apiquery = "$apiquery&key=$APIKEY";
}

// Send the query to BotScout.com using either file_get_contents() or cURL
if(function_exists('file_get_contents')){
// Use file_get_contents
$returned_data = file_get_contents($apiquery);
}else{
    // Use cURL
$ch = curl_init($apiquery);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$returned_data = curl_exec($ch);
curl_close($ch);
}

// Parse returned data array values
$botdata = explode('|', $returned_data);

// Display error message should there be a problem accessing the Botscout.com database.
if(substr($returned_data, 0,1) == '!'){
// if the first character is an exclamation mark, an error has occurred
print "Verification Error: $returned_data - Please try again later.";
exit;
}

// Check if the signup email and IP appear in the returned BotScout.com data values.
if($botdata[3] > 0 || $botdata[5] > 0){

// perform IP - Country lookup
    $sql=  'SELECT c.country FROM ip2nationCountries c, ip2nation i WHERE i.ip < INET_ATON("'.$XIP.'") AND c.code = i.country ORDER BY i.ip DESC LIMIT 0,1';
    $temp1=mysql_query($sql);
    list($countrylist) =mysql_fetch_row($temp1);
    $cntry="$countrylist" ;

// insert details into site logs
    $sql=$Db1->query("INSERT INTO logs SET username='".$XUSER."', log='Bot Signup Failed - $XUSER - $uEmail x $botdata[5] records - $XIP x $botdata[3] records - $cntry', dsub='".time()."'");

// Generate a fake Error number (Looks more credible)
$errorfake = round(rand(1100, 20000));

// Give credit to BotScout.com and display an error message to the bot smile
print "<h3>ERROR: $errorfake</h3>
        <p><a href=\"http://botscout.com\" title=\"More Info...\" >Registerant Identified as a Bot</a> - Registration Failed! - Exiting process.</p>";

// halt the signup process
exit;

}
// NOTE: We have added an extra mySQL table called users_rejected and actually add the rejects to it.
// Then we can display the info both in the admin and on the public Rejects page.
// This is an optional extra - fig it yourself - or ask for help in the EMS forum - Private

?>
[/code]

Re: Botscout

Just noticed that stopforumspam.com has been down for several hours, maybe it would be good to have this botscout querying as backup ... when the other site is down?

7

Re: Botscout

Yup, I read it on Twitter as well, but I believe it's the first "major" down of SFS so I don't think it's "that needed" to have a backup system...

//Aka, lazy programmer  big_smile

Eraversum - scifi browser-based online webgame

Re: Botscout

True, but it's always good to have any easy to use Plan B ...

Also it might been good to have a way of querying for spammers email addresses via both services, as I often find an offenders email addy has already been flagged to one of the services....