Comments on: SMF and StopForumSpam.com

By: no spam

no spam — Thu, 25 Mar 2010 09:41:52 +0000

IMO checking by IP is not very good because other users may be assigned the same IP. It would be much safer if you checked email instead. This post contains details on how to do that http://www.zubrag.com/articles/spam-protection.php

By: Ryan

Ryan — Tue, 14 Jul 2009 01:23:09 +0000

So, after about 8 months I think this is a pretty successful mod. I’ve got two SMF forums, one with this mod and one without. The one with it gets maybe one spam registration a week. The one without is around 10 or 12 a day.

By: Ryan

Ryan — Mon, 15 Dec 2008 23:54:58 +0000

The quotes thing was a WordPress issue. WP filters quotes into smart quotes. Don't know why, but I'd guess it's a typography issue. Good for style, bad for code. Found and installed a plugin called WP Untexturize that takes care of it.

By: Ryan

Ryan — Mon, 15 Dec 2008 16:31:47 +0000

Yeah, I’ve noticed a few still come through on a spammy email address. But if I had to guess I’d say this catches 90 plus percent of ‘em. Adding an email check to the actual registration routine in my next step.

On my forum I’ve also changed to return a 200 header instead of the 403. My thinking was that a 403 made sense, but some spam robots may be reading that and assuming that they need to change IPs. I’ve noticed a lot of “Registering for an account on the forum” with matching UAs but coming from different IPs. My guess is they’re seeing the 403 and trying another IP.

The quote thing appears to be a WordPress issue that I need to spend some time working on.

By: Denis Goddard

Denis Goddard — Mon, 15 Dec 2008 14:08:01 +0000

(looks like a global CSS may be to blame for the SmartQuotes — perhaps just enclosing your code examples in PRE tags would work?)

By: Denis Goddard

Denis Goddard — Mon, 15 Dec 2008 14:06:40 +0000

THANKS!!! I had been meaning to do something like this for the past few months, ever since I first came across stopforumspam.com
The last few weeks we’ve been getting way more registration attempts than before, an it was becoming a big pain. I did a google search hoping somebody had already done the work, and here you are. :-)

Two suggestions on your post:

1. Your code snippets above are using SmartQuotes. People less familiar with php (or programming in general) may get tripped up if they simply copy-and-paste from the website into their .php files. It might be nice if you could update the snippets from, eg
‘yes’
to the correct
‘yes’

2. Similarly, the line-numbers in the snippets may confuse the clueless. I know a lot of SMF admins out there are not the most clueful.

Lastly, a feature request… it would be great to check the email address against the stopforumspam API as well. The spammers’ email-generation algorithm results in email addresses being re-used, so that even a newly compromised attack IP, not yet registered in the database, is likely to be using a known-bad email address.

Anyway, THANK YOU once again, this was a wonderful find and is hugely appreciated!!

Denis