Topic: Anti-Bot Modification for PunBB

I apologize in advance if this isn't the correct forum to post this in; it seemed the most applicable one that I saw.

Due to the rather aggressive increase in bot activity that I've seen across many of my forums I've developed some "bot buster" code, and I'm offering it to the PunBB community (and several of the other major message boards as well).

I've bundled up a drop-in BotBuster mod for PunBB that people are welcome to use. Technically it's not 100% "drop-in", but it's very, very close. It's all self-contained in one file, requires NO database modifications, and should require only one minor edit to the registration file. (You'll also want to set a couple of very simple configuration options in the BotBuster file, but that's it.)

It uses the http://www.BotScout.com API to check registration emails and reject known bots. Because it uses the BotScout API you don't have to host anything, change your database, or do any complicated modifications to your code. BoutScout.com keeps a list of emails, IPs, and user names that bots use and makes them available through a simple API (as well as manual searches).

Full Disclosure:
I'm the owner/operator of www.BotScout.com. What we do is trap bots by using a large number of "bot honeypot" forms located on a bunch of our sites. We then publish that information so people can use it to screen registration attempts. smile

I've included configuration options for SMF, VBulletin, phpBB, Phorum, PunBB, Invision Power Board, FUDForum, Ikonboard, Snitz, and W-Agora. It seems to work fine and it can be used on virtually any kind of forum, contact page, or web form.

The code and a ReadMe file are available for download here: http://www.botscout.com/code.htm (click the "Download BotScout BotBuster ver. 1.10" link)  If you use it I'd love to hear about it.

If anyone would like to write up specific installation instructions for PunBB, I'll gladly include it in the ReadMe.txt file.

Also, if anyone would like to create a PunBB-specific mod or plugin using the BotScout API, I'd be very interested in helping and would be happy to publish the code or a link to the mod on the BotScout site. The API is simple and easy-to-use, and the API details can be found here: http://www.botscout.com/api.htm.

MrMike
http://www.BotScout.com
http://www.botscout.com/image/bslogo.gif

Re: Anti-Bot Modification for PunBB

Looks useful. Thanks for contributing that and starting the BotScout service.

But I'd like to suggest that you perhaps have a talk to the people over at http://www.stopforumspam.com to see if you guys may be able to work together somehow. smile

They have been offering a near identical service for some time now. They also have a public API etc.

I suppose forum admins could use both for maximum forum antibot/antispam impact, but that gets pretty tedious.

3 (edited by MrMike 2009-01-18 14:11)

Re: Anti-Bot Modification for PunBB

sirena wrote:

Looks useful. Thanks for contributing that and starting the BotScout service.

Thank you, I hope it proves to be useful and effective. We're using it on about 40 sites at the moment and it's working very well for us.

sirena wrote:

But I'd like to suggest that you perhaps have a talk to the people over at http://www.stopforumspam.com to see if you guys may be able to work together somehow.

They have been offering a near identical service for some time now. They also have a public API etc.

I suppose forum admins could use both for maximum forum antibot/antispam impact, but that gets pretty tedious.

We had three specific goals in mind for the BotScout code:

  • make our plugin very easy to install, and

  • make our API very simple to use

  • support a large number of forums

I think we may have a slight edge in these areas,  but admins could certainly use either or both service to the same effect.

If you could point me towards the information on making an "official" plugin for PunBB, I'll see if I or one of my partners can do it. If one of the developer or code gurus here is willing to do it, I'll help in any way I can.

Re: Anti-Bot Modification for PunBB

This is what we have so far for installation instructions for using the generic BotScout code package with PunBB. If you see any obvious mistakes or if this is simply wrong, please let us know and we'll make corrections.

BotScout Installation Instructions for PunBB, ver 1.32

1) Edit the "BotScout.php" file and uncomment the line that corresponds to the PunBB Forum. Change this:

// for PunBB
//$apptype='PUNBB';   

To this:

// for PunBB
$apptype='PUNBB';       

You may also want to turn on email notifications for the first few days so you get a notice when BotBuster stops a bot, otherwise just leave it set to "off".


2) OPTIONAL - If you have an API key from BotScout (recommended), enter it on the line that says:

// your optional API key
$APIKEY = '';

Put your API key between the quotes. The API key is a 10 to 15 character mix of letters and numbers. You can do a limited number of API lookups every day without an API key, but if you need to do more than a few you're better off getting an API key. API keys are free, so why not get one? Go here to get an API key: http://botscout.com/getkey.htm


3) Save the "BotScout.php" file and place it in the main directory where you installed PunBB. (You can place the BotScout.php file in a different directory if you want to- just make sure that the path you set in the next step matches where you place it.)


4) Open the file in the main PunBB directory named "register.php". Search for this code:

-------------------
    // Did everything go according to plan so far?
    if (empty($errors))
    {
        $username = forum_trim($_POST['req_username']);
        $email1 = strtolower(forum_trim($_POST['req_email1']));
-------------------

Directly below this code, add these lines:

    ////////////////////////////////////////////////////
    // BotScout.com "BotBuster" check
    include('/path/to/your/forum/BotScout.php');
    ////////////////////////////////////////////////////

Change the part that says "/path/to/your/forum/" so that it goes to the same directory you placed the "BotScout.php" file in under Step 3.

That's it. Now when anyone tries to register on your forum the email address will be checked against the BotScout.com database. If a match is found, the registration will simply halt. Since "real" users won't have the same email address as a bot they'll be able to register without any problem. Again, if you get more than ~20 attempted registrations per day, you'll need to get an API key: http://botscout.com/getkey.htm


You can also change the "BotScout.php" file so that it checks IP addresses and/or user names, but in most cases the email address is probably the best thing to check.

BotScout Generic Code Download: http://www.botscout.com/code.htm
BotScout API Guide: http://www.botscout.com/api.htm