SMF and StopForumSpam.com
Found a great site over at StopForumSpam.com. Over the past few weeks I've been checking registrations on a couple of my forums against their database. What I've found is that most of the registrations have been spammers and they've gotten the axe. But after deleting 15-20 per day I wanted a little more automated solution.
Fortunately there's an API at StopForumSpam.com. It's quick and easy to query the API for an IP and see if it's a spamming IP. What I did was add a function to the Register.php file in the Sources folder and added a message in my Register.template.php theme file that says that registrations are closed if they visit from a found IP.
Sources/Register.php - Add to the end
-
/**
-
* Checks the IP address against StopForumSpam.com database
-
* @author Ryan Nutt
-
* @return bool
-
*/
-
function isSpamIP()
-
{
-
global $context;
-
-
/* Check to make sure it's the correct action. Otherwise we don't want to spend the time
-
to query the database. */
-
if ($context['current_action']!='register' && $context['current_action']!='register2')
-
{
-
return false;
-
}
-
-
if (!$fContents)
-
{
-
/* The file couldn't be retrieved. Figure it's better to say no by mistake than to
-
say yes. */
-
return false;
-
}
-
-
{
-
return false;
-
}
-
return true;
-
-
}
If there's a match in the StopForumSpam.com database this will return true, otherwise it'll return false. If the current action isn't register or register2 or if the file couldn't be retrieved through the API then it returns false. I'd rather be wrong and assume it's not a spammer than assume it is if the code can't get to the API.
Also in Sources/Register.php - After the global lines in Register2()
-
if (isSpamIP())
-
{
-
redirectexit('action=register');
-
}
This will check before actually attempting to register a new user and bounce them back to the main register page if there's a match.
theme folder/Register.template.php - Right after the global declarations in template_before()
This checks isSpamIP() and if it's true then a message is displayed that registrations are currently closed and a 403 forbidden header is added.
Does it work?
We'll, I've tried it and was able to register from my computer which doesn't match an IP in the StopForumSpam.com database. And I forced the function to return true and wasn't able to register. So it appears to. But I guess time will tell. Heck, if it reduces the number of spammers I have to delete then it's worth a shot.
If you try it and it does or doesn't work, please drop a line in the comments and let me know.
Next steps
After I let this run for a while I'm going to go in and put a little more code into the Register2() function in Sources/Register.php to check the entered email address and possibly user name against the database and give some sort of message if they're found.
Question, Comments...
Do you have more questions. Please either leave a comment below or join us in our new forum.
THANKS!!! I had been meaning to do something like this for the past few months, ever since I first came across stopforumspam.com
The last few weeks we’ve been getting way more registration attempts than before, an it was becoming a big pain. I did a google search hoping somebody had already done the work, and here you are. :-)
Two suggestions on your post:
1. Your code snippets above are using SmartQuotes. People less familiar with php (or programming in general) may get tripped up if they simply copy-and-paste from the website into their .php files. It might be nice if you could update the snippets from, eg
‘yes’
to the correct
‘yes’
2. Similarly, the line-numbers in the snippets may confuse the clueless. I know a lot of SMF admins out there are not the most clueful.
Lastly, a feature request… it would be great to check the email address against the stopforumspam API as well. The spammers’ email-generation algorithm results in email addresses being re-used, so that even a newly compromised attack IP, not yet registered in the database, is likely to be using a known-bad email address.
Anyway, THANK YOU once again, this was a wonderful find and is hugely appreciated!!
Denis
(looks like a global CSS may be to blame for the SmartQuotes — perhaps just enclosing your code examples in PRE tags would work?)
Yeah, I’ve noticed a few still come through on a spammy email address. But if I had to guess I’d say this catches 90 plus percent of ‘em. Adding an email check to the actual registration routine in my next step.
On my forum I’ve also changed to return a 200 header instead of the 403. My thinking was that a 403 made sense, but some spam robots may be reading that and assuming that they need to change IPs. I’ve noticed a lot of “Registering for an account on the forum” with matching UAs but coming from different IPs. My guess is they’re seeing the 403 and trying another IP.
The quote thing appears to be a WordPress issue that I need to spend some time working on.
The quotes thing was a WordPress issue. WP filters quotes into smart quotes. Don’t know why, but I’d guess it’s a typography issue. Good for style, bad for code.
Found and installed a plugin called WP Untexturize that takes care of it.
So, after about 8 months I think this is a pretty successful mod. I’ve got two SMF forums, one with this mod and one without. The one with it gets maybe one spam registration a week. The one without is around 10 or 12 a day.
IMO checking by IP is not very good because other users may be assigned the same IP. It would be much safer if you checked email instead. This post contains details on how to do that http://www.zubrag.com/articles/spam-protection.php