Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2008-06-04 03:56:21

theUg
Member
From: Russia
Registered: 2008-05-28
Posts: 57
Website

Simple Anti-Spam Redux

Simple anti-spam mod, based on textual captcha (arithmetic or textual questions). It is pretty effective, on low-volume forums at least. Tested on 1.2.15, 1.2.18.

Description and instructions

* * *

There’s a bug. I’ve tested it in FF 2 and Opera 9.2, same thing hapens. If you open registration page and then reload it (either straight or come back after failed registration), the same question will stay on for a while. Is it because it is session based?

* * *

P. S. Made minor updates following Matt’s advise.

Last edited by theUg (2008-06-15 01:06:04)


Not only do I not know the answer,
I don’t even know what the question is

Offline

#2 2008-06-04 04:05:39

sirena
Member
From: AU
Registered: 2008-05-10
Posts: 172

Re: Simple Anti-Spam Redux

You might also want to have a look at the following -  it is a pretty good evolution of the original SAS and shares some of the same concepts you have employed:

It is by Jacky on punbb.org and is available here:

http://www.punres.net/files.php?pid=503

and discussed here:
http://punbb.informer.com/forums/viewtopic.php?id=19029
and
http://www.network-technologies.org/Pro … mod_punbb/

It works very well.

Offline

#3 2008-06-04 09:19:22

Popov
Member
From: Bulgaria
Registered: 2008-05-18
Posts: 46
Website

Re: Simple Anti-Spam Redux

It will be pretty useful. Can you make it 1.3 extension?


Free forex software - visual backtester, optimizer, trader...

Offline

#4 2008-06-04 12:00:42

sirena
Member
From: AU
Registered: 2008-05-10
Posts: 172

Re: Simple Anti-Spam Redux

To have this sort of mod as an extension would be great.

I can't make it so, since I am a PHP illiterate + the extension stuff is not documented well enough for stumbling amateurs like me to have a go.

Maybe Jacky will step up to the plate himself, or someone else - like the brilliant, super-smart and very handsome MattF smile

Offline

#5 2008-06-04 12:51:47

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Simple Anti-Spam Redux

1. How do I add $spamcode_failed to the language file?


Change that message line to:

message($lang_sas['spamcode_failed']);

Then add:

'spamcode_failed'    =>    'Whatever text you wish here',

to the lang file.

Last edited by MattF (2008-06-04 12:52:29)


Screw the chavs and God save the Queen!

Offline

#6 2008-06-04 12:54:36

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Simple Anti-Spam Redux

sirena wrote:

To have this sort of mod as an extension would be great.

I'm of no use on this one. I ain't got the foggiest regarding the specifics of the 1.3* extension system. smile


Screw the chavs and God save the Queen!

Offline

#7 2008-06-04 13:51:40

Connor
Former Developer
Registered: 2008-04-27
Posts: 1,127

Re: Simple Anti-Spam Redux

sirena wrote:

I can't make it so, since I am a PHP illiterate + the extension stuff is not documented well enough for stumbling amateurs like me to have a go.

This is something I don't want to happen really, you should download some extensions and have a look at the code and the current extension documentation, if you have any problems ask, they'll probably be problems other people have smile

Offline

#8 2008-06-05 05:18:52

theUg
Member
From: Russia
Registered: 2008-05-28
Posts: 57
Website

Re: Simple Anti-Spam Redux

MattF wrote:

message($lang_sas['spamcode_failed']);

Thanks, Matt, got it working, and updated the first post with changes.

Any ideas on reloading issue? It works like that:

If I fill the form wrong in FF, I get the error message, go back, page reloads automatically (i. e. not from browser cache), all information filled in is lost, but the captcha reloaded with different question. However, if I keep reloading page manually, without leaving it, the question stays the same.

In Opera, coming back from error message page doesn’t reload the page (keeping filled out form fields intact), and so doesn’t reload the question. Manual reload — same. Not tested in IE.

* * *

sirena, Jacky’s mod seems awful complicated. It might be more effective on popular high-volume forums, but Matt’s solution is simple and elegant. Fits my needs well, don’t have problem with spam for half a year now. My forum is really low-volume though.

I wish Matt’s script was more extensively tested on higher volume forums.

* * *

As for plans, after I finalize upgrade and streamlining of mods for latest versions of 1.2, I am looking forward to seriously tackling v.1.3. extensions of same mods I use now. For SAS Redux I wouldn’t mind implementing admin interface, but that’s over my head now. Also, bigger plan is to implement Raven’s anti-spam (Google that WordPress plug-in, neat thing), and use Matt’s script as a fall-back.


Not only do I not know the answer,
I don’t even know what the question is

Offline

#9 2008-06-05 11:13:12

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Simple Anti-Spam Redux

Must admit, I've no idea regarding that reload bit. If anyone has any pointers on that problem though, I'll try and get it updated to cater. smile

There is one other minor alteration you ought to make to that code, btw. I obviously forgot to update the code over on punres/punbb. big_smile It'll work fine as is, but altering these:

    $_SESSION['hint'] = $hints[h.$number];
    $_SESSION['answer'] = $answers[a.$number];
    $_SESSION['question'] = $questions[q.$number];

to:

    $_SESSION['hint'] = $hints['h'.$number];
    $_SESSION['answer'] = $answers['a'.$number];
    $_SESSION['question'] = $questions['q'.$number];

will stop any undefined index lines appearing in the logs if you ever run in E_ALL reporting mode. smile

Last edited by MattF (2008-06-05 11:14:47)


Screw the chavs and God save the Queen!

Offline

#10 2008-06-06 21:55:05

theUg
Member
From: Russia
Registered: 2008-05-28
Posts: 57
Website

Re: Simple Anti-Spam Redux

Matt, I have no idea what it means, but I changed it anyway. smile

Since main script is i good shape, I am trying to move onto spam-protecting guest posting. Right now I am using different mod for this, cause I am not quite sure how to stick Matt’s version in there, but other mod can provide insight as to where to stick it in.

I started by putting “require_once” links to script files near the top of post.php. Next step is to activate the script, based on whether user’s a guest. I am not sure about the syntaxis, but I suppose it should be something like that:

if ($pun_user['is_guest'])
{
    if (isset ($_POST['spamcode']) && $_POST['spamcode'] != '' && strtolower($_POST['spamcode']) == strtolower($_SESSION['answer']))
    {
        session_unset();
        session_destroy();
    }
    else
    {
        session_unset();
        session_destroy();
        message("$spamcode_failed");
    }
}

Is that correct? How critical is the placement with the post.php? The other mod I use, places it right after

else if (isset($_POST['preview']))
{

and before

    require_once PUN_ROOT.'include/parser.php';
    $preview_message = parse_message($message, $hide_smilies);

Not only do I not know the answer,
I don’t even know what the question is

Offline

#11 2009-04-02 23:12:53

MattF
Member
From: South Yorkshire, England
Registered: 2008-05-06
Posts: 1,233
Website

Re: Simple Anti-Spam Redux

theUg wrote:

Matt, I have no idea what it means, but I changed it anyway. smile

Since main script is i good shape, I am trying to move onto spam-protecting guest posting. Right now I am using different mod for this, cause I am not quite sure how to stick Matt’s version in there, but other mod can provide insight as to where to stick it in.

I started by putting “require_once” links to script files near the top of post.php. Next step is to activate the script, based on whether user’s a guest. I am not sure about the syntaxis, but I suppose it should be something like that:

if ($pun_user['is_guest'])
{
    if (isset ($_POST['spamcode']) && $_POST['spamcode'] != '' && strtolower($_POST['spamcode']) == strtolower($_SESSION['answer']))
    {
        session_unset();
        session_destroy();
    }
    else
    {
        session_unset();
        session_destroy();
        message("$spamcode_failed");
    }
}

Is that correct? How critical is the placement with the post.php? The other mod I use, places it right after

else if (isset($_POST['preview']))
{

and before

    require_once PUN_ROOT.'include/parser.php';
    $preview_message = parse_message($message, $hide_smilies);

Did you ever get the guest posting part sorted? Just on the offchance that you didn't, that first block of code, with the sessions. If you look in post.php for this line:

if (isset($_POST['form_sent']))

several lines below that, after the post flood protection and error lines, you'll find this line:

        // If it's a new topic
        if ($fid)
        {

Place that first block of code from the mod just above the '// If it's a new topic' line. The captcha input/question part is probably best placed just below the help links and above this bit of code below:

$checkboxes = array();

Screw the chavs and God save the Queen!

Offline

#12 2011-03-20 16:11:47

theUg
Member
From: Russia
Registered: 2008-05-28
Posts: 57
Website

Re: Simple Anti-Spam Redux

The mod was working fine for over a year since publication, but recently (specifically, early January) I saw explosion of spam registrations (which were mostly absent before). I suspected DB hack, and changed password, but that didn’t help. So, temporarily I suspended registrations and even postings.

Could they target the mod itself and read answers off of sas.php? But then again, it should be protected and give them 403 code, innit? Since I used arithmetical questions, did bots use calculator? Did anyone else using this experience any significant issues like that?


Not only do I not know the answer,
I don’t even know what the question is

Offline

Board footer

Powered by FluxBB