XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author: Subject: Spam Hammer?
Joana
Member
***




Posts: 6
Registered: 5-3-2013
Member Is Offline


[*] posted on 11-15-2013 at 09:15 AM
Spam Hammer?


Hi guys,
I'm having a lot of trouble with bots registering to my forum and posting stupid messages. I went on the hacks page and found Spam Hammer. Will that help my case? What does it actually do?
Thanks.
View user's profile View All Posts By User
Mouser
XMB Contributor
********




Posts: 202
Registered: 4-14-2008
Member Is Offline

Mood: Christmasy. Yes, in September.

[*] posted on 11-18-2013 at 05:38 PM



Taken out of the ZIP file;
Quote:

Mod Description: Provides a custom button in the profile editor so that Super Admins can instantly ban and move all posts for a specific member.



There were a few modifications that can be used.

This is one of them.
Best is to combine a few. Like passwords sent upon registration , CAPTCHA , etc.

I'm looking for a post from miqrogroove where he explained his own setup.
View user's profile View All Posts By User
Joana
Member
***




Posts: 6
Registered: 5-3-2013
Member Is Offline


[*] posted on 11-21-2013 at 01:01 PM


Thanks! I think Captcha would help!
View user's profile View All Posts By User
bfgadmin
Member
***




Posts: 52
Registered: 5-7-2020
Location: Pittsburgh, PA
Member Is Offline

Mood: Technical

[*] posted on 5-7-2020 at 01:06 PM


We had the same problem, and I eventually found a workaround. Edit member.php and find this code:

Code:
$email = postedVar('email', 'javascript', TRUE, TRUE, TRUE); if ($SETTINGS['doublee'] == 'off' && false !== strpos($email, "@")) { $email1 = ", email"; $email2 = "OR email='$email'"; } else { $email1 = ''; $email2 = ''; }


add the following code:

Code:
$cSession = curl_init(); curl_setopt($cSession,CURLOPT_URL,"http://api.stopforumspam.org/api?username=".$username."&email=".$email."&f=xmldom"); curl_setopt($cSession,CURLOPT_RETURNTRANSFER,true); curl_setopt($cSession,CURLOPT_HEADER, false); $result=curl_exec($cSession); curl_close($cSession); $confidencecheck = explode("<confidence>",$result); $confidencefinal = explode("</confidence>",$confidencecheck[1]); $cutoff = 80; //change this to any value you want but higher means fewer false positives $confidence = $confidencefinal[0]; if($confidence == "") $confidence = '0'; if($confidence > $cutoff) { setcookie("spammer", "true"); header("Location: http://some-annoying-site.com"); exit; //echo "would not proceed with reg"; }elseif($confidence == "" || $confidence == NULL){ //echo "would proceed with reg due to fail-safe reg"; //left this here for future expansion such as further scrutiny required for unknown reg }else{ //echo "would proceed with reg pass check"; //left this here for future expansion }


Next, edit header.php and place this code pretty much anywhere. Since the account was rejected, there is no user to ban but we can still use that cookie we set in their browser to redirect them away again.

Code:
$isspammer = $_COOKIE['spammer']; if(isset($_COOKIE['spammer']) && $isspammer == "true"){ header("Location: http://another-redirect-to-an-annoying-place.com/"); }


There's another part to this that uses behavior analysis but I'd rather not post it since spammers likely read these.



View user's profile Visit user's homepage View All Posts By User
bfgadmin
Member
***




Posts: 52
Registered: 5-7-2020
Location: Pittsburgh, PA
Member Is Offline

Mood: Technical

[*] posted on 5-7-2020 at 07:57 PM


Quote: Originally posted by Mouser  

Taken out of the ZIP file;
Quote:

Mod Description: Provides a custom button in the profile editor so that Super Admins can instantly ban and move all posts for a specific member.



There were a few modifications that can be used.

This is one of them.
Best is to combine a few. Like passwords sent upon registration , CAPTCHA , etc.

I'm looking for a post from miqrogroove where he explained his own setup.


Do you want something like this? For instance, I gave my super mods a button for each user in viewthread_post to give a Post/U2U ban. But even this is still reactive when it comes to dealing with spammers.

The thing you should know about forum spammers is that they are paid pennies everytime they spam a link in your forum. They are paid to do this as part of sketchy SEO techniques, and disrupting them for even a minute or two will change their calculus (ie: losing more money than earning).

One good trick is to catch their behavior and then redirect them to an endless stream of "are you a human?" tests. For instance, it starts with simple math and ends with questions about nuclear physics. Regardless of how they answer, every answer is wrong.

Another good tactic is to use my code (above) to redirect them to a dummy forum where they can spam to their heart's content. Simply return every week or so to clear all posts/delete new accounts/etc.

If you have an active XMB forum I'll share my behavior analysis code. Also, on our site, we require 5 posts before a member can edit any part of their profile besides their avatar and non-text input fields (avatar, topics per page, DOB, etc)

EDIT: One other option would be to create a means by which suspected spammers could "shadow post" (ie: a column in your posts table called visible) until you see they aren't a spammer.

Unfortunately, on this very site (XMB) I saw a user who registered and posting seemingly legitimate material only to start link spamming at a later date.



View user's profile Visit user's homepage View All Posts By User
AlwaysLosingPasswords
Member
***




Posts: 21
Registered: 11-25-2022
Member Is Offline


[*] posted on 3-6-2023 at 04:35 PM


Happy to report that reCAPTCHA v2 and v3 appear to defeat the bots that required all this convoluted analysis!

Mixing both methods should eliminate automatic registration with the same inconvenience as a reCAPTCHA.
View user's profile View All Posts By User
lottos
Administrator
********




Posts: 477
Registered: 6-3-2002
Member Is Offline

Mood: pass me a TimTam

[*] posted on 3-7-2023 at 11:37 PM


Quote: Originally posted by AlwaysLosingPasswords  
Happy to report that reCAPTCHA v2 and v3 appear to defeat the bots that required all this convoluted analysis!

Mixing both methods should eliminate automatic registration with the same inconvenience as a reCAPTCHA.


Does the registration script (member.php) need updating to take advantage of reCAPTCHA v2 and/or v3 ?
View user's profile View All Posts By User
AlwaysLosingPasswords
Member
***




Posts: 21
Registered: 11-25-2022
Member Is Offline


[*] posted on 3-9-2023 at 05:28 PM


lottos, the latest version has v2 incorporated into the Admin CP->Settings now. :)

V3 can be implemented in a number of ways (including with v2), but here is how I did it:

Code:
if(isset($_POST['g-recaptcha-response'])) { $validate_trick = $_POST['validate']; if($validate_trick != "viper3"){ die; //fail } //form submitted $reCAPTCHA_secret_key = "YOUR_SECRET_KEY_HERE"; $g_recaptcha_response = $_POST['g-recaptcha-response']; $g_recaptcha_allowable_score = "0.9"; $ip = $_SERVER['REMOTE_ADDR']; $url = 'https://www.google.com/recaptcha/api/siteverify?secret=' . urlencode($reCAPTCHA_secret_key) . '&response=' . urlencode($g_recaptcha_response) . '&remoteip=' . urlencode($ip); $response = file_get_contents($url); $responseArray = explode(",", $response); if(isset($responseArray[0]) && str_contains($responseArray[0], ": true")) { if(isset($responseArray[3])) { $score = explode(": ", $responseArray[3]); $score_value = str_replace('"score": ', '', $score[1]); if(trim($score_value) >= $g_recaptcha_allowable_score) { //pass spam check echo "SUCCESS!"; }else{ //fail spam check echo "FAILED SPAM CHECK!"; } } }else{ //fail for some other reason echo "FAILED FOR OTHER REASON!"; } exit; } ?>


There is also a hidden input field that presents a random value by default. When an actual browser opens the page, this JS is run:

Code:
<script> document.getElementById("validate").value = "viper3"; </script>


We no longer use Stop Forum Spam, although their service is top tier and works quite well too. The Google technology is more mature/stable (in my humble opinion) so that is where I have put most of my focus with anti-spam efforts.
View user's profile View All Posts By User

  Go To Top

Powered by XMB 1.9.12 (Debug Mode)
XMB Forum Software © 2001-2024 The XMB Group
[Queries: 16] [PHP: 24.1% - SQL: 75.9%]