XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author:

Spam Hammer?

Joana
Member
***


Avatar


Posts: 6
Registered: 5-3-2013
Member Is Offline


[*] posted on 11-15-2013 at 09:15 AM
Spam Hammer?


Hi guys,
I'm having a lot of trouble with bots registering to my forum and posting stupid messages. I went on the hacks page and found Spam Hammer. Will that help my case? What does it actually do?
Thanks.
View user's profile View All Posts By User
Mouser
XMB Contributor
********


Avatar


Posts: 198
Registered: 4-14-2008
Member Is Offline

Mood: Christmasy. Yes, in September.

[*] posted on 11-18-2013 at 05:38 PM



Taken out of the ZIP file;
Quote:

Mod Description: Provides a custom button in the profile editor so that Super Admins can instantly ban and move all posts for a specific member.



There were a few modifications that can be used.

This is one of them.
Best is to combine a few. Like passwords sent upon registration , CAPTCHA , etc.

I'm looking for a post from miqrogroove where he explained his own setup.
View user's profile View All Posts By User
Joana
Member
***


Avatar


Posts: 6
Registered: 5-3-2013
Member Is Offline


[*] posted on 11-21-2013 at 01:01 PM


Thanks! I think Captcha would help!
View user's profile View All Posts By User
bfgadmin
Member
***




Posts: 34
Registered: 5-7-2020
Location: Pittsburgh, PA
Member Is Offline

Mood: Technical

[*] posted on 5-7-2020 at 01:06 PM


We had the same problem, and I eventually found a workaround. Edit member.php and find this code:

Code:
$email = postedVar('email', 'javascript', TRUE, TRUE, TRUE); if ($SETTINGS['doublee'] == 'off' && false !== strpos($email, "@")) { $email1 = ", email"; $email2 = "OR email='$email'"; } else { $email1 = ''; $email2 = ''; }


add the following code:

Code:
$cSession = curl_init(); curl_setopt($cSession,CURLOPT_URL,"http://api.stopforumspam.org/api?username=".$username."&email=".$email."&f=xmldom"); curl_setopt($cSession,CURLOPT_RETURNTRANSFER,true); curl_setopt($cSession,CURLOPT_HEADER, false); $result=curl_exec($cSession); curl_close($cSession); $confidencecheck = explode("<confidence>",$result); $confidencefinal = explode("</confidence>",$confidencecheck[1]); $cutoff = 80; //change this to any value you want but higher means fewer false positives $confidence = $confidencefinal[0]; if($confidence == "") $confidence = '0'; if($confidence > $cutoff) { setcookie("spammer", "true"); header("Location: http://some-annoying-site.com"); exit; //echo "would not proceed with reg"; }elseif($confidence == "" || $confidence == NULL){ //echo "would proceed with reg due to fail-safe reg"; //left this here for future expansion such as further scrutiny required for unknown reg }else{ //echo "would proceed with reg pass check"; //left this here for future expansion }


Next, edit header.php and place this code pretty much anywhere. Since the account was rejected, there is no user to ban but we can still use that cookie we set in their browser to redirect them away again.

Code:
$isspammer = $_COOKIE['spammer']; if(isset($_COOKIE['spammer']) && $isspammer == "true"){ header("Location: http://another-redirect-to-an-annoying-place.com/"); }


There's another part to this that uses behavior analysis but I'd rather not post it since spammers likely read these.




XMB Rocks!
View user's profile Visit user's homepage View All Posts By User
bfgadmin
Member
***




Posts: 34
Registered: 5-7-2020
Location: Pittsburgh, PA
Member Is Offline

Mood: Technical

[*] posted on 5-7-2020 at 07:57 PM


Quote: Originally posted by Mouser  

Taken out of the ZIP file;
Quote:

Mod Description: Provides a custom button in the profile editor so that Super Admins can instantly ban and move all posts for a specific member.



There were a few modifications that can be used.

This is one of them.
Best is to combine a few. Like passwords sent upon registration , CAPTCHA , etc.

I'm looking for a post from miqrogroove where he explained his own setup.


Do you want something like this? For instance, I gave my super mods a button for each user in viewthread_post to give a Post/U2U ban. But even this is still reactive when it comes to dealing with spammers.

The thing you should know about forum spammers is that they are paid pennies everytime they spam a link in your forum. They are paid to do this as part of sketchy SEO techniques, and disrupting them for even a minute or two will change their calculus (ie: losing more money than earning).

One good trick is to catch their behavior and then redirect them to an endless stream of "are you a human?" tests. For instance, it starts with simple math and ends with questions about nuclear physics. Regardless of how they answer, every answer is wrong.

Another good tactic is to use my code (above) to redirect them to a dummy forum where they can spam to their heart's content. Simply return every week or so to clear all posts/delete new accounts/etc.

If you have an active XMB forum I'll share my behavior analysis code. Also, on our site, we require 5 posts before a member can edit any part of their profile besides their avatar and non-text input fields (avatar, topics per page, DOB, etc)

EDIT: One other option would be to create a means by which suspected spammers could "shadow post" (ie: a column in your posts table called visible) until you see they aren't a spammer.

Unfortunately, on this very site (XMB) I saw a user who registered and posting seemingly legitimate material only to start link spamming at a later date.




XMB Rocks!
View user's profile Visit user's homepage View All Posts By User

  Go To Top

Powered by XMB 1.9.11 (Debug Mode)
Forum Script Software by XMB © 2001-2020 The XMB Group
[Queries: 16] [PHP: 41.9% - SQL: 58.1%]
Funded with thanks to competitions website.