Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2011-04-30 21:06:55

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

[MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

This is yet another method to stop forum spam registrations. The way it works is to check the user's IP registering against DNSBL lists online that include stopforumspam.com and spamhaus.org or any others you may want to add yourself.

For those who don't know, stopforumspam.com is shared on http://dnsbl.tornevall.org/ according to their API usage page. This allows you to do searches without an API key. Note that you can find more DNSBL lists over at http://www.dnsbl.info/dnsbl-list.php

Now, if it finds the user's IP registering in any list it'll deny registration. While it'll prevent the same IP from being checked again within the hour, please be careful though. Each list likely has a limit on the number of IP lookups you can do per day or month hence the global limit option provided.

EDIT: My original simplistic version is available below https://fluxbb.org/forums/viewtopic.php … 838#p40838 thanks to trichome for saving what I lost! For more advanced options check the resource link below.

Resource link...
http://fluxbb.org/resources/mods/spam-ip-check/

Options Screenshot...
spamipcheck.png

Last edited by blissend (2011-05-04 01:17:11)

Offline

#2 2011-04-30 21:41:01

Franz
Lead developer
From: Germany
Registered: 2008-05-13
Posts: 6,661
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

blissend wrote:

I didn't upload this to the resources area. If you want me to then I will.

Please do so.


fluxbb.de | develoPHP

"As code is more often read than written it's really important to write clean code."

Offline

#3 2011-04-30 21:51:25

Oldskool
Developer
From: Netherlands
Registered: 2008-12-28
Posts: 154
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Nice one, very simple, but should be very effective smile

Offline

#4 2011-04-30 23:02:31

trichome
Member
Registered: 2008-05-22
Posts: 42

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Very nice! I've been using this snippet and have found it to be quite effective. Great to see a beefed up version that still keeps it nice and simple. Thanks!

Edit: Is it redundant to use all the spamhaus blocklists?

http://www.spamhaus.org/zen/ wrote:

zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP blocklist configuration. You should not use ZEN together with other Spamhaus IP blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries

Last edited by trichome (2011-04-30 23:25:44)

Offline

#5 2011-05-03 18:41:21

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Franz wrote:
blissend wrote:

I didn't upload this to the resources area. If you want me to then I will.

Please do so.

I will submit something better today.

trichome wrote:

Very nice! I've been using this snippet and have found it to be quite effective. Great to see a beefed up version that still keeps it nice and simple. Thanks!

Edit: Is it redundant to use all the spamhaus blocklists?

http://www.spamhaus.org/zen/ wrote:

zen.spamhaus.org should be the only spamhaus.org DNSBL in your IP blocklist configuration. You should not use ZEN together with other Spamhaus IP blocklists, or with blocklists already included in our zones (such as the CBL) or you will simply be wasting DNS queries

You sir are correct! The best kind of correct! Once the new submitted version gets approved this list will be editable in the admin area.

Offline

#6 2011-05-03 19:35:46

trichome
Member
Registered: 2008-05-22
Posts: 42

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

You sir are correct!

That can't be right. big_smile

Upon further inspection it looks like zen might not be the ticket because it includes the pbl blocklist:

http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL#183 wrote:

The first thing to know is: THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned to ISP broadband customers (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for dynamic IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should be on the PBL. Even static IPs which do not send mail should be listed in the PBL.


So easy to fix though! That's what I love about this type of mod. In fact, since it's so simple to install and edit I'd almost prefer to just use the lean little code snippet you posted earlier as opposed to a plugin. Would using the snippet that create less (miniscule measurements I'm sure) overhead? Don't get me wrong, I'm not trying to diminish the importance of this or discourage you; just curious. I've gotten used to thinking as light as possible with FluxBB!

Thanks again for this!

Offline

#7 2011-05-03 21:13:53

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

trichome wrote:

You sir are correct!

That can't be right. big_smile

Upon further inspection it looks like zen might not be the ticket because it includes the pbl blocklist:

http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20PBL#183 wrote:

The first thing to know is: THE PBL IS NOT A BLACKLIST. You are not listed for spamming or for anything you have done. The PBL is simply a list of all of the world's dynamic IP space, i.e: IP ranges normally assigned to ISP broadband customers (DSL, DHCP, PPP, cable, dialup). It is perfectly normal for dynamic IP addresses to be listed on the PBL. In fact all dynamic IP addresses in the world should be on the PBL. Even static IPs which do not send mail should be listed in the PBL.


So easy to fix though! That's what I love about this type of mod. In fact, since it's so simple to install and edit I'd almost prefer to just use the lean little code snippet you posted earlier as opposed to a plugin. Would using the snippet that create less (miniscule measurements I'm sure) overhead? Don't get me wrong, I'm not trying to diminish the importance of this or discourage you; just curious. I've gotten used to thinking as light as possible with FluxBB!

Thanks again for this!

No problem, although I've seem to have lost this lite version so if you have it feel free to post it here for reference purposes. For now this is the initial sample list I'll use (might make sense not to include one by default)...

opm.tornevall.org, sbl.spamhaus.org, xbl.spamhaus.org, b.barracudacentral.org

The version I'm uploading to the resource area is more complicated and modifies the database but the trade off so far is...

  • Prevents the same IP from being checked every hour

  • Disable forum registrations for one day if the global IP lookup limit has been reached

  • Configurable in the admin area so you can add lists or turn the IP lookup on/off

Last edited by blissend (2011-05-03 21:17:40)

Offline

#8 2011-05-03 23:57:27

trichome
Member
Registered: 2008-05-22
Posts: 42

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Looks good! Here's the simple snippet:

--OPEN
register.php

--FIND
// Did everything go according to plan?

--INSERT BEFORE
// Check if registrar's IP belongs to any black lists, if found redirect to index.php to deny registration.
$dnsbl_lists = array("opm.tornevall.org", "b.barracudacentral.org", "sbl.spamhaus.org", "xbl.spamhaus.org");
$reverse_ip = implode(".", array_reverse(explode(".", get_remote_address())));
$check = 0;
foreach($dnsbl_lists as $list)
{
    if(checkdnsrr($reverse_ip.".".$list.".", "A")) {
        $check = 1;
        break; // for speedy checks just find in any list and then break
    }
}
if($check == 1) redirect('index.php', $lang_register['Spam IP Failed']);

--OPEN
lang/English/register.php

--FIND
'Register'                    =>    'Register',

--ADD AFTER
'Spam IP Failed'            =>    'Your IP is listed in one or more spammer databases!',

Edit: Insert point updated with Smartys' input here.

Last edited by trichome (2012-01-14 23:29:47)

Offline

#9 2011-05-07 18:44:14

mike brown
Member
Registered: 2011-05-07
Posts: 1

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

i have used this snippet and its worked well

Offline

#10 2011-05-09 10:25:42

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

I have a question regarding instructions in the readme.

#---------[ 4. OPEN ]---------------------------------------------------------
#

register.php

#
#---------[ 3. FIND (line: 61) ]---------------------------------------------
#

    require PUN_ROOT.'footer.php';
}

Then, the registration code pasted in the general scope of the file, meaning that it will execute at least twice, i.e. when registration form is shown and when registration form is submitted.

Would it be better to insert registration code only in the scope of the code that is executed when the form is submitted?

#---------[ 3. FIND (line: 68) ]---------------------------------------------
#
if (isset($_POST['form_sent']))
{

Please lest me know what you think...

P.S. By the way, the indexes of the steps are incorrect in readme! wink

Offline

#11 2011-05-10 15:52:46

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

den4b wrote:

I have a question regarding instructions in the readme.

#---------[ 4. OPEN ]---------------------------------------------------------
#

register.php

#
#---------[ 3. FIND (line: 61) ]---------------------------------------------
#

    require PUN_ROOT.'footer.php';
}

Then, the registration code pasted in the general scope of the file, meaning that it will execute at least twice, i.e. when registration form is shown and when registration form is submitted.

Would it be better to insert registration code only in the scope of the code that is executed when the form is submitted?

#---------[ 3. FIND (line: 68) ]---------------------------------------------
#
if (isset($_POST['form_sent']))
{

Please lest me know what you think...

I checked and you are partially right. It won't scan the same IP twice if its within the last hour but it will initialize some variables before doing the check so I will correct that.

As for why I have the code where I have it... It was simply a design decision to not even let spammers fill out the form if listed and me wanting to toy with them having to click I agree to the rules for no reason 8) You can position the code snippet in this version wherever you want of course.

den4b wrote:

P.S. By the way, the indexes of the steps are incorrect in readme! wink

I found them to be off by a few lines on some so I corrected the ones I spotted. I submitted the next one for the devs to review so it should (hopefully) be corrected in the next version.

Last edited by blissend (2011-05-10 15:54:13)

Offline

#12 2011-05-10 23:39:33

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

I suppose there are two design approaches for where to put the code:

  1. At the start of the register page - don't let spammers even close to that page.

  2. At the form submission stage - waste their time by making them fill out form just to find out that they are blocked! [evil laugh] big_smile

blissend wrote:

I found them to be off by a few lines on some so I corrected the ones I spotted. I submitted the next one for the devs to review so it should (hopefully) be corrected in the next version.

Line numbers were off by a bit as well, but I was talking about the numbers beside the step names in the readme, i.e. "4. OPEN" followed by "3. FIND" - incorrect indexes, minor issue anyway.

This MOD is very effective!! Thanks a lot! smile

Offline

#13 2011-05-11 14:49:44

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

den4b wrote:

I suppose there are two design approaches for where to put the code:

  1. At the start of the register page - don't let spammers even close to that page.

  2. At the form submission stage - waste their time by making them fill out form just to find out that they are blocked! [evil laugh] big_smile

blissend wrote:

I found them to be off by a few lines on some so I corrected the ones I spotted. I submitted the next one for the devs to review so it should (hopefully) be corrected in the next version.

Line numbers were off by a bit as well, but I was talking about the numbers beside the step names in the readme, i.e. "4. OPEN" followed by "3. FIND" - incorrect indexes, minor issue anyway.

This MOD is very effective!! Thanks a lot! smile

Just be warned in v1.0.1 and onward if you want to place the code elsewhere you'll have to change...

if ($pun_config['o_ipcheck_enable'] == 1 && empty($_POST['form_sent']))

to the way it was...

if ($pun_config['o_ipcheck_enable'] == 1)

As for the step numbering, I haven't been this embarrassed in a long while! Well once I have another reason to upload a new version that will be fixed too.

Offline

#14 2011-05-19 22:32:47

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

I'm a little puzzled by the new approach:

if ($pun_config['o_ipcheck_enable'] == 1 && empty($_POST['form_sent']))

That effectively executes IP check only the form is displayed, not when submitted. That means that the robots which create automatic form submissions will bypass this IP check?! Or am i missing something?

Offline

#15 2011-05-26 20:53:20

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

den4b wrote:

I'm a little puzzled by the new approach:

if ($pun_config['o_ipcheck_enable'] == 1 && empty($_POST['form_sent']))

That effectively executes IP check only the form is displayed, not when submitted. That means that the robots which create automatic form submissions will bypass this IP check?! Or am i missing something?

Correct. As I said you can place the code wherever you want just take out...

&& empty($_POST['form_sent'])

and enjoy 8)

Offline

#16 2011-05-27 13:40:27

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Ok, for the default distribution I think you should either take out:

&& empty($_POST['form_sent'])

Or, at least use:

&& !empty($_POST['form_sent'])

So it defiantly performs IP check at the submission stage, otherwise, spam-bots will simply by-pass it by posting directly to the registration page, rendering this plug-in useless.

What do you think?

Offline

#17 2011-05-31 18:28:44

blissend
FluxBB Donor
From: NY, USA
Registered: 2009-07-02
Posts: 30
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

den4b wrote:

Ok, for the default distribution I think you should either take out:

&& empty($_POST['form_sent'])

Or, at least use:

&& !empty($_POST['form_sent'])

So it defiantly performs IP check at the submission stage, otherwise, spam-bots will simply by-pass it by posting directly to the registration page, rendering this plug-in useless.

What do you think?

Actually I'm going to put it at the end when the form is submitted like all the other methods do. While its fun to toy with spam bots, it's how I learned some of what they can do, I should only do that in my own personal code rather than instructing others to do so.

This way it makes more sense to everyone and no more worries on

empty($_POST['form_sent']

8) I'll update it this week sometime. Sound good?

Offline

#18 2011-06-01 08:53:12

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Sounds good! I will check it out when you update it. Thanks smile

Offline

#19 2011-06-01 13:08:35

TomeOne
Member
Registered: 2010-09-07
Posts: 5

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

What should I add so it checked stopforumspam.com's database?

Offline

#20 2011-06-01 14:40:28

den4b
Member
From: Dublin, Ireland
Registered: 2010-08-14
Posts: 23
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

TomeOne, stopforumspam.com database is shared on tornevall.org, so just use their DNSBL.

blissend wrote:

For those who don't know, stopforumspam.com is shared on http://dnsbl.tornevall.org/ according to their API usage page.

Offline

#21 2011-06-04 23:35:48

TomeOne
Member
Registered: 2010-09-07
Posts: 5

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Wow, aren't I the fool. Usually I pride myself on reading everything before asking stupid questions. sad

Thanks!

Offline

#22 2011-12-12 15:20:04

trichome
Member
Registered: 2008-05-22
Posts: 42

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

I've been getting spam from IPs already listed on SFS. Yesterday I moved from the snippet version to the full mod but they're still getting through somehow. Nasty spammers like this.

I'm guessing that dnsbl.tornevall.org is either slow to synch with SFS or otherwise unavailable when the checks were done. From what I understand the code on this mod was changed to not allow blacklisted IPs to even view the registration page.

Any ideas on what may be allowing the spammers to get through?

Offline

#23 2011-12-12 16:03:52

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

From the modification's code:

			if ($pass = 0)
				message($lang_register['Spam IP Failed']);

Somehow I don't think that's going to stop anyone...

Offline

#24 2011-12-12 16:16:30

trichome
Member
Registered: 2008-05-22
Posts: 42

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Thanks, Smartys. I hope the PHP-minded among us can figure this out. It's a big help in preventing spam.

I'm also using your excellent bad behavior mod. smile

Offline

#25 2011-12-12 16:18:43

Smartys
Former Developer
Registered: 2008-04-27
Posts: 3,139
Website

Re: [MOD] Spam IP Check (stopforumspam.com, spamhaus.org, etc.)

Aww, thanks smile

In case anyone is confused, that if statement should read

if ($pass == 0)

A single equals sign is an assignment operator, not a comparison operator.

Offline

Board footer

Powered by FluxBB