Topic: SPAM Protection MOD 1.1 [Updated Oct. 3rd, 05]
##
##
## Mod title: Spam Protection MOD
##
## Mod version: 1.1
## Works on PunBB: 1.2, 1.2.8
## Release date: 2005-10-03
## Author: Öyvind A. Sörensen (codexp@tasarinan.com)
##
## Description: Add SPAM (trough spamhaus.org) protection to your
## forum! Block those f**kers from your site completely! ;)
## Now with admin plugins to configure several new
## options, like permanent blocking, which files to protect,
## "trusted" users, check frequency + more!
##
## Affected files: include/functions.php
## include/common.php
##
## Affects DB: Yes (adds a new table) + 2 new values to your
## config table
##
## Notes: This MOD will add spam protection to your forum.
## It will check the visitors IP against the SBL/XBL
## records at http://www.spamhaus.org
## The script will also block the use of most open
## proxies.
## If a record is returned, it will block the visitor
## from the scripts you specify. The results for that
## IP will be stored in the database for 1 hour (by default)
## before it's checked again. The reason for this is that
## the list is only updated once each hours, and also
## to prevent unnecessary slowdown to your forum.
##
## DISCLAIMER: Please note that "mods" are not officially supported by
## PunBB. Installation of this modification is done at your
## own risk. Backup your forum database and any and all
## applicable files before proceeding.
##
##
#
#---------[ 1. UPLOAD ]-------------------------------------------------------
#
install_mod.php to /
AP_SPAM_Protect_Scripts.php /plugins/
AP_SPAM_Protect_Settings.php /plugins/
#
#---------[ 2. RUN ]----------------------------------------------------------
#
install_mod.php
(Choose UPGRADE if you've installed v1.0 of this mod)
#
#---------[ 3. DELETE ]-------------------------------------------------------
#
install_mod.php
#
#---------[ 4. OPEN ]---------------------------------------------------------
#
include/functions.php
#
#---------[ 5. FIND (line: 25) ]---------------------------------------------
#
//
// Cookie stuff!
//
#
#---------[ 6. BEFORE, ADD ]-------------------------------------------------
#
//
// Spam & anonymizer protection (mod by codexp@tasarinan.com)
// SPM_start
function spam_protect($installed = TRUE, $ip = FALSE)
{
global $db, $pun_config, $pun_user;
// If we have defined that the script is not installed, quit here.
// Usage to disable: spam_protect(FALSE);
if($installed === FALSE) return;
// If script is not protected, or the config variables doesn't exist, end check here
if (!in_array(basename($_SERVER['PHP_SELF']), explode(',', $pun_config['mod_spam_protect'])) || !array_key_exists('mod_spam_settings', $pun_config) || !array_key_exists('mod_spam_protect', $pun_config)):
return;
endif;
// Get the config string, and generate an array from it..
$config = explode(',', $pun_config['mod_spam_settings']);
// Make the config array keys a little more readable for Homo sapiens ;)
$config = array('server' => $config[0],
'expire' => intval($config[1]),
'max' => intval($config[2]),
'trust' => intval($config[3]),
'chk_admin' => intval($config[4]),
'chk_mods' => intval($config[5])
);
// If we don't want to check admins/mods, or have enable the 'trusted' feature, end here.
switch(TRUE):
case($pun_user['g_id'] == PUN_ADMIN && $config['chk_admin'] === 0):
case($pun_user['g_id'] == PUN_MOD && $config['chk_mods'] === 0):
case($pun_user['num_posts'] >= $config['trust'] && $config['trust'] !== 0):
return;
default:
break;
endswitch;
// If no 'test ip' defined, get the IP address...PunBB style ;)
if($ip === FALSE):
$ip = get_remote_address();
endif;
// Get the current users IP information from the DB, if any exists
$result = $db->query('SELECT ip, time, blocked, total FROM '.$db->prefix.'spam_protect WHERE ip=\''.$ip.'\' LIMIT 1') or error('Unable to get spam protection', __FILE__, __LINE__, $db->error());
$cur_status = $db->fetch_assoc($result);
// Language definitions
$eMessage = array('temp' => '<strong>ERROR:</strong> Your IP address «'.$ip.'» is currently blocked by due to one, or more, of the following reasons:</p><div id="posterror"><ul><li><strong>Spam</strong></li><li><strong>Open proxy</strong></li><li><strong>Worms/viruses</strong></li><li><strong>Other form of trojan-horse exploits</strong></li></ul></div>',
'perm' => '<strong>FATAL ERROR:</strong> Your IP address «'.$ip.'» <span class="bbu">have been permanently blocked</span> by due to '.$config['max'].' verified hits against the Spamhaus RBL/XBL lists, which protects against the following:</p>'."\n\t\t".'<div id="posterror">'."\n\t\t\t".'<ul>'."\n\t\t\t\t".'<li><strong>Spam</strong></li>'."\n\t\t\t\t".'<li><strong>Open proxies</strong></li>'."\n\t\t\t\t".'<li><strong>Worms/viruses</strong></li><li>'."\n\t\t\t\t".'<strong>Other form of trojan-horse exploits</strong></li>'."\n\t\t\t".'</ul>'."\n\t\t".'</div>',
'more' => ''."\n\t\t".'<p>Please visit <a href="http://www.spamhaus.org/query/bl?ip='.$ip.'" onclick="window.open(this.href); return false;">The Spamhaus Project</a> for more details …'
);
// If the user have been blocked X number of times, quit with a message right away
if($cur_status['total'] >= $config['max'] && $config['max'] != 0):
message($eMessage['perm'].$eMessage['more'], true);
// If the IP is blocked, and no new check is scheduled, end with a message here
elseif($cur_status['blocked'] == 1 && time()-$cur_status['time'] < $config['expire']):
message($eMessage['temp'].$eMessage['more'], true);
// If we haven't checked the current IP before, or a new check is scheduled, continue...
elseif(time()-$cur_status['time'] > $config['expire'] || !isset($cur_status['ip'])):
$rev = array_reverse(explode('.', $ip));
$lookup = implode('.', $rev) . '.' . $config['server'];
$isbanned = '0';
// Not really needed, but we want to make sure the total gets updated
if(!isset($cur_status['total'])):
$cur_status['total'] = '0';
endif;
// Check if the users IP is listed in the SBL database
if ($lookup != gethostbyname($lookup)):
$isbanned = '1'; // Users IP was listed!
$cur_status['total']++; // Increase the total number hits
endif;
// Update the current status
if(isset($cur_status['ip']) && isset($cur_status['blocked'])):
$db->query('UPDATE '.$db->prefix.'spam_protect SET ip=\''.$ip.'\', time=\''.time().'\', blocked=\''.$isbanned.'\', total=\''.$cur_status['total'].'\' WHERE ip=\''.$ip.'\'') or error('Unable to update spam protection', __FILE__, __LINE__, $db->error());
endif;
// Create a new entry, seeing as the IP did not previously exist
if(!isset($cur_status['ip'])):
$result = $db->query('INSERT INTO '.$db->prefix.'spam_protect (ip, time, blocked, total) VALUES (\''.$ip.'\', \''.time().'\', \''.$isbanned.'\', \''.$cur_status['total'].'\')') or error('Unable to insert new spam protection', __FILE__, __LINE__, $db->error());
endif;
// The IP have been blocked, so let's display an error message
if($isbanned == 1):
message($eMessage['temp'].$eMessage['more'], true);
endif;
endif;
}
// SPM_end
#
#---------[ 7. OPEN ]-------------
#
include/common.php
#
#---------[ 8. FIND (line: 136) ]---------------------------------------------
#
// Check if current user is banned
check_bans();
#
#---------[ 9. AFTER, ADD ]-----------------------------------------------
#
// SPM_start
if(function_exists(spam_protect)):
spam_protect();
endif;
// SPM_end
#
#---------[ 10. SAVE/UPLOAD ]-------------------------------------------------
#
#
#---------[ NOTES ]---------------------------------------------
#
To configure: Go into your administration panel & select the new plugins.UPDATED (oct. 3rd, 05): Now with 2 admin plugins to easy the configuration.
New in this release:
- Option to select protected scripts through the plugins (Just check the boxes and you're done!)
- Block users permatentely after X number of hits,
- Configure server to check against (advanced users only)
- Checking interval
- Trust users after X number of posts (e.g. disable checking after they've posted 10 posts (default))
- Admins & mods are not checked by default (possible to enable in admin plugin)
- Function in settings plugin to verify the SPAM Protection code in functions.php & common.php!
++
Enjoy! 
Hope this is something people will find useful Been working on it a couple of days, and it seems to work *very* well so far 
Don't know if my description tells you all that you might want to know, so if you have any questions, just ask!
If you want an alternative method of testing (other than the ones described in the last 'note', head over to http://www.aliveproxy.com/products/aliv … roxy-list/ and choose yourself an open, public proxy. Why? Well, because those should also be blocked 
Enjoy!
EDIT: For a demo, visit this demo/dev site through one of the proxys listed on the site posted above. Alternatively, if you're using Ad-Muncher, enable IP scrable on the tools page of the configuration.
