1 (edited by CodeXP 2005-10-03 13:49)

Topic: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

##
##
##        Mod title:  Spam Protection MOD
##
##      Mod version:  1.1
##   Works on PunBB:  1.2, 1.2.8
##     Release date:  2005-10-03
##           Author:  Öyvind A. Sörensen (codexp@tasarinan.com)
##
##      Description:  Add SPAM (trough spamhaus.org) protection to your
##                    forum! Block those f**kers from your site completely! ;)
##                    Now with admin plugins to configure several new
##                    options, like permanent blocking, which files to protect,
##                    "trusted" users, check frequency + more!
##
##   Affected files:  include/functions.php
##                    include/common.php
##
##       Affects DB:  Yes (adds a new table) + 2 new values to your
##                    config table
##
##            Notes:  This MOD will add spam protection to your forum.
##                    It will check the visitors IP against the SBL/XBL
##                    records at http://www.spamhaus.org
##                    The script will also block the use of most open
##                    proxies.
##                    If a record is returned, it will block the visitor
##                    from the scripts you specify. The results for that
##                    IP will be stored in the database for 1 hour (by default)
##                    before it's checked again. The reason for this is that
##                    the list is only updated once each hours, and also
##                    to prevent unnecessary slowdown to your forum.
##
##       DISCLAIMER:  Please note that "mods" are not officially supported by
##                    PunBB. Installation of this modification is done at your
##                    own risk. Backup your forum database and any and all
##                    applicable files before proceeding.
##
##


#
#---------[ 1. UPLOAD ]-------------------------------------------------------
#

install_mod.php to /
AP_SPAM_Protect_Scripts.php /plugins/
AP_SPAM_Protect_Settings.php /plugins/


#
#---------[ 2. RUN ]----------------------------------------------------------
#

install_mod.php

(Choose UPGRADE if you've installed v1.0 of this mod)


#
#---------[ 3. DELETE ]-------------------------------------------------------
#

install_mod.php


#
#---------[ 4. OPEN ]---------------------------------------------------------
#

include/functions.php


#
#---------[ 5. FIND (line: 25) ]---------------------------------------------
#

//
// Cookie stuff!
//


#
#---------[ 6. BEFORE, ADD ]-------------------------------------------------
#

//
// Spam & anonymizer protection (mod by codexp@tasarinan.com)
// SPM_start
function spam_protect($installed = TRUE, $ip = FALSE)
{
  global $db, $pun_config, $pun_user;

  // If we have defined that the script is not installed, quit here. 
  // Usage to disable: spam_protect(FALSE);
  if($installed === FALSE) return;
  
  // If script is not protected, or the config variables doesn't exist, end check here
  if (!in_array(basename($_SERVER['PHP_SELF']), explode(',', $pun_config['mod_spam_protect'])) || !array_key_exists('mod_spam_settings', $pun_config) || !array_key_exists('mod_spam_protect', $pun_config)):
            return;
    endif;

  // Get the config string, and generate an array from it..
    $config = explode(',', $pun_config['mod_spam_settings']);

    // Make the config array keys a little more readable for Homo sapiens ;)
    $config = array('server'         => $config[0],
                                    'expire'        => intval($config[1]),
                                    'max'                => intval($config[2]),
                                    'trust'            => intval($config[3]),
                                    'chk_admin'    => intval($config[4]),
                                    'chk_mods'    => intval($config[5])
                                    );

    // If we don't want to check admins/mods, or have enable the 'trusted' feature, end here.
    switch(TRUE):
        case($pun_user['g_id'] == PUN_ADMIN && $config['chk_admin'] === 0):
        case($pun_user['g_id'] == PUN_MOD && $config['chk_mods'] === 0):
        case($pun_user['num_posts'] >= $config['trust'] && $config['trust'] !== 0):
                return;
        default:
                break;
    endswitch;

    // If no 'test ip' defined, get the IP address...PunBB style ;)
  if($ip === FALSE):
            $ip = get_remote_address();
    endif;

  // Get the current users IP information from the DB, if any exists
  $result = $db->query('SELECT ip, time, blocked, total FROM '.$db->prefix.'spam_protect WHERE ip=\''.$ip.'\' LIMIT 1') or error('Unable to get spam protection', __FILE__, __LINE__, $db->error());
  $cur_status = $db->fetch_assoc($result);

  // Language definitions
  $eMessage = array('temp'    =>    '<strong>ERROR:</strong> Your IP address «'.$ip.'» is currently blocked by due to one, or more, of the following reasons:</p><div id="posterror"><ul><li><strong>Spam</strong></li><li><strong>Open proxy</strong></li><li><strong>Worms/viruses</strong></li><li><strong>Other form of trojan-horse exploits</strong></li></ul></div>',
                                        'perm'    =>    '<strong>FATAL ERROR:</strong> Your IP address «'.$ip.'» <span class="bbu">have been permanently blocked</span> by due to '.$config['max'].' verified hits against the Spamhaus RBL/XBL lists, which protects against the following:</p>'."\n\t\t".'<div id="posterror">'."\n\t\t\t".'<ul>'."\n\t\t\t\t".'<li><strong>Spam</strong></li>'."\n\t\t\t\t".'<li><strong>Open proxies</strong></li>'."\n\t\t\t\t".'<li><strong>Worms/viruses</strong></li><li>'."\n\t\t\t\t".'<strong>Other form of trojan-horse exploits</strong></li>'."\n\t\t\t".'</ul>'."\n\t\t".'</div>',
                                        'more'    =>    ''."\n\t\t".'<p>Please visit <a href="http://www.spamhaus.org/query/bl?ip='.$ip.'" onclick="window.open(this.href); return false;">The Spamhaus Project</a> for more details …'
                                        );

  // If the user have been blocked X number of times, quit with a message right away
  if($cur_status['total'] >= $config['max'] && $config['max'] != 0):
            message($eMessage['perm'].$eMessage['more'], true);

    // If the IP is blocked, and no new check is scheduled, end with a message here
  elseif($cur_status['blocked'] == 1 && time()-$cur_status['time'] < $config['expire']):
        message($eMessage['temp'].$eMessage['more'], true);

    // If we haven't checked the current IP before, or a new check is scheduled, continue...
  elseif(time()-$cur_status['time'] > $config['expire'] || !isset($cur_status['ip'])):
        $rev = array_reverse(explode('.', $ip));
        $lookup = implode('.', $rev) . '.' . $config['server'];
        $isbanned = '0';

    // Not really needed, but we want to make sure the total gets updated
    if(!isset($cur_status['total'])):
                $cur_status['total'] = '0';
        endif;

        // Check if the users IP is listed in the SBL database
    if ($lookup != gethostbyname($lookup)):
                $isbanned = '1'; // Users IP was listed!
                $cur_status['total']++; // Increase the total number hits
    endif;

    // Update the current status
    if(isset($cur_status['ip']) && isset($cur_status['blocked'])):
          $db->query('UPDATE '.$db->prefix.'spam_protect SET ip=\''.$ip.'\', time=\''.time().'\', blocked=\''.$isbanned.'\', total=\''.$cur_status['total'].'\' WHERE ip=\''.$ip.'\'') or error('Unable to update spam protection', __FILE__, __LINE__, $db->error());
        endif;

    // Create a new entry, seeing as the IP did not previously exist
    if(!isset($cur_status['ip'])):
          $result = $db->query('INSERT INTO '.$db->prefix.'spam_protect (ip, time, blocked, total) VALUES (\''.$ip.'\', \''.time().'\', \''.$isbanned.'\', \''.$cur_status['total'].'\')') or error('Unable to insert new spam protection', __FILE__, __LINE__, $db->error());
        endif;

    // The IP have been blocked, so let's display an error message
    if($isbanned == 1):
                message($eMessage['temp'].$eMessage['more'], true);
        endif;

  endif;
} 
// SPM_end


#
#---------[ 7. OPEN ]-------------
#

include/common.php


#
#---------[ 8. FIND (line: 136) ]---------------------------------------------
#

// Check if current user is banned
check_bans();


#
#---------[ 9. AFTER, ADD ]-----------------------------------------------
#

// SPM_start
if(function_exists(spam_protect)):
    spam_protect();
endif;
// SPM_end


#
#---------[ 10. SAVE/UPLOAD ]-------------------------------------------------
#


#
#---------[ NOTES ]---------------------------------------------
#

To configure: Go into your administration panel & select the new plugins.

UPDATED (oct. 3rd, 05): Now with 2 admin plugins to easy the configuration.
New in this release:

- Option to select protected scripts through the plugins (Just check the boxes and you're done!)
- Block users permatentely after X number of hits,
- Configure server to check against (advanced users only)
- Checking interval
- Trust users after X number of posts (e.g. disable checking after they've posted 10 posts (default))
- Admins & mods are not checked by default (possible to enable in admin plugin)
- Function in settings plugin to verify the SPAM Protection code in functions.php & common.php!
++

Enjoy! smile

[Download link]

Hope this is something people will find useful smile Been working on it a couple of days, and it seems to work *very* well so far big_smile Don't know if my description tells you all that you might want to know, so if you have any questions, just ask!

If you want an alternative method of testing (other than the ones described in the last 'note', head over to http://www.aliveproxy.com/products/aliv … roxy-list/ and choose yourself an open, public proxy. Why? Well, because those should also be blocked wink

Enjoy!

EDIT: For a demo, visit this demo/dev site through one of the proxys listed on the site posted above. Alternatively, if you're using Ad-Muncher, enable IP scrable on the tools page of the configuration.

2

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Now, that is one useful mod!

Thanks, I will definitely give it  a try.

The German PunBB Site:
PunBB-forum.de

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Tobi wrote:

Now, that is one useful mod!

Thanks, I will definitely give it  a try.

Let me know if you have any questions/problems. I've tested it on both Windows & Linux, and didn't encounter any problems yet...but you never know wink

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Nice!

"Programming is like sex: one mistake and you have to support it for the rest of your life."

5

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Well, I don't see anything. Which can be a good or a bad sign... smile
At least there is no error appearing so I figure it works OK.

The German PunBB Site:
PunBB-forum.de

6 (edited by CodeXP 2005-09-28 14:37)

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Tobi wrote:

Well, I don't see anything. Which can be a good or a bad sign... smile
At least there is no error appearing so I figure it works OK.

Hehe, I'd say that's a good sign wink As for testing, try adding spam_protect('127.0.0.2'); instead of spam_protect();.

If that displays an error message, then everything works just as it should smile

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Maybe this should have instructions to be run specifically when a user registers or a post is posted?

8 (edited by CodeXP 2005-09-28 17:54)

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Connorhd wrote:

Maybe this should have instructions to be run specifically when a user registers or a post is posted?

That's quite simple... Just add spam_protect(); to the register.php, post.php & perhaps edit.php files, instead of common.php smile

That being said, the reason I would recommend people to add it to their common.php, is to prevent SPAM bots from harvesting e-mails in topics etc..

I'm currently working on the next version of this, that will add the possibility of permanently blocking users after X failed attempts + a admin plugin (maybe wink).

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

but surely thats a big performance hit, checking every IP, and even checking it on every view of post.php is bad imo, it should only be checked when a registration or post is attempted. but thats just my opinion tongue

10

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Connorhd wrote:

but surely thats a big performance hit, checking every IP, and even checking it on every view of post.php is bad imo, it should only be checked when a registration or post is attempted. but thats just my opinion tongue

Each IP is only checked once, each hour. Other than that, it's only a single query, selecting a single row, on each page view. I don't think anyone would notice any performance hit. Of course, when checking against the remote server, there will be a slight delay, but as mentioned, it only happens for each user once in 60 minutes smile

But each to his/her own I guess... Just add the spam_protect(); function to the part of post.php/register.php that gets executed on a form submit.. Not that hard really wink

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

ahh i didn't realise you cached them at all, thats not too bad then wink

12

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Nice, saved it off just in case the spammers start coming around my forums wink

13

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Isn't the idea of this mod to install it before the spammers come around your forums? tongue

The German PunBB Site:
PunBB-forum.de

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

yep..... or after if you need it clear the post if you don't want to delete double or more post

Go Canada! - No matter what, except when Stephen Harper is Prime Minster!
NHL is back, GO TORONTO MAPLE LEAFS! even if they lose...
[Firefox Rules!] - [Amazing Race] - [My Site!]

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

how does this clear the posts?

16

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

It does not affect posts in any way.

By the way, I've currently re-written the protection a little smile

The next version will probably be posted later this week.

Done:
- Admin plugin to select which scripts to protect/not protect. As simple as clicking a checkbox for the scripts you want to protect smile
- Permanently block IP's after X number of hits.

Partially done:
- Admin plugin to manage each blocked IP

17

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Tobi, I haven't had any issues with spam on my forums yet, but that will change as PunBB becomes more popular. I moderate a few phpBB forums and we get spam on a steady basis, they usually latch on to one topic and it becomes a clickfest between me and the spammer.

CodeXP, the new version sounds great.

18

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Seems to me this potentially could be a great addition and implemented into PunBB itself?

Rickard?  smile

19 (edited by pogenwurst 2005-10-02 16:01)

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Is there any way to reset your cached copy of the Spamhaus database? My forum is blocking my IP, which I looked up in the Spamhaus database. Spamhaus said that it could not find my IP.

Spamhaus wrote:

XXXXXXXXXX is not listed in the SBL

XXXXXXXXXX is not listed in the XBL




If the IP you are checking is not in our database, but you are receiving bounce messages saying it is, then it is probable the IP has been removed from our database but DNS servers around the internet have not yet updated. In this case, wait 1-2 hours and the blocking should clear by itself.

Here's the message I'm receiving on my forums:

ERROR: Your IP address «XXXXXXXXX» is currently blocked by due to one, or more, of the following reasons:

    * Spam
    * Open proxy
    * Worms/viruses
    * Other form of trojan-horse exploits

Please visit The Spamhaus Project for more details ?

It's been about half an hour since I first got the message. How do I get rid of it?

Also, I think that a nice feature (at least for my forums) would be to not block any IPs that are already registered.

Looking for a certain modification for your forum? Please take a look here before posting.

20

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

Well, what did you write in your common.php file? You should only have added spam_protect();, and *not* spam_protect('127.0.0.2');. That was only intended for testing...

Other than that, as long as your IP isn't listed at Spamhaus, you should not be blocked, no matter what.

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

CodeXP wrote:

Well, what did you write in your common.php file? You should only have added spam_protect();, and *not* spam_protect('127.0.0.2');. That was only intended for testing...

Other than that, as long as your IP isn't listed at Spamhaus, you should not be blocked, no matter what.

Just spam_protect();

However, I added it to the bottom of common_admin.php, not common.php. Any possible problem there?

Looking for a certain modification for your forum? Please take a look here before posting.

22 (edited by CodeXP 2005-10-02 21:33)

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

pogenwurst wrote:
CodeXP wrote:

Well, what did you write in your common.php file? You should only have added spam_protect();, and *not* spam_protect('127.0.0.2');. That was only intended for testing...

Other than that, as long as your IP isn't listed at Spamhaus, you should not be blocked, no matter what.

Just spam_protect();

However, I added it to the bottom of common_admin.php, not common.php. Any possible problem there?

Hmm.. Don't see how it could, but I would recommend you to use it in common.php just to be safe. If possible, could you try e-mailing me your IP, so that I'd be able to test it? Also, what web server are you using? I've only tested this on Apache, so I'm not sure how it would behave on other servers..

You might also be interested to know that in the next version I'm working on, I've just added the option to enable/disable checking for admins/moderators, and also, an option to stop checking users after they've reached X numbers of posts. All through a new admin plugin smile

EDIT: Here's a screen of each of the new plugins.

http://img69.imageshack.us/img69/259/spamscripts7ce.th.png
http://img69.imageshack.us/img69/9616/spamsettings5jj.th.png

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

My IP should be on its way.

My host (Netfirms) uses Apache/1.3.26 (Unix) mod_perl/1.26 according to phpinfo();

I don't desire protection for every page. Just a handful. common_admin.php was simply the first of those I tested.

I was going to wait for the next version, but I got impatient. It sounds nice.

Thanks for your help.

Looking for a certain modification for your forum? Please take a look here before posting.

24 (edited by CodeXP 2005-10-02 22:00)

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

pogenwurst wrote:

My IP should be on its way.

My host (Netfirms) uses Apache/1.3.26 (Unix) mod_perl/1.26 according to phpinfo();

I don't desire protection for every page. Just a handful. common_admin.php was simply the first of those I tested.

I was going to wait for the next version, but I got impatient. It sounds nice.

Thanks for your help.

Just sent you a reply... Didn't notice anything wrong using your IP. If you have SSH access to your host, could you try pinging your ip from the server?

If your IP was 127.0.0.1, you should ping:

1.0.0.127.sbl-xbl.spamhaus.org
(reverse IP.sbl-xbl.spamhaus.org)

If you don't get a reply, your IP isn't listed in their DB. I'm using gethostbyname to check against their servers, and that function should be supported in PHP 3, 4 & 5.

EDIT: Could you try visiting my 'test' site @ http://205.234.98.146/ ? I'm using the old version of the script there, so if the script itself is the cause of your problems, you should be blocked there as well.

Re: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]

I sent you my phpinfo. It's been a few hours now - still blocked.

Sorry, but I really have no idea what to do in terms of this pinging stuff.

I can access your test site fine.

If it helps at all, here are the other mods to my functions.php:
Change Page Links 1.0.1 by Michael Lanman
Private Messaging System (PMS) 1.2.1 by David Djurbäck and Connorhd
Invitations 1.0.1 by Tobi Schulz - all of this is commented out
You Can See Profile! 2.0 by Krzysztof Pawelek

Looking for a certain modification for your forum? Please take a look here before posting.