[phpBB3 3.0.8 MOD] Avoid spambot attack

WEB, Hardware, Software e generali

Moderatore: MODERATORE

Rispondi
Avatar utente
Rombo di Tuono
Site Admin
Messaggi: 7105
Iscritto il: 04 lug 2007, 18:07
Località: Seconda stella a DESTRA...
Contatta:

[phpBB3 3.0.8 MOD] Avoid spambot attack

Messaggio da Rombo di Tuono »

--------------------------------------------------------------------------------------------------------------------------------------------------
In these days, it seems there is a big attack against phpBB forums.

Many fake users register, and no protection seems to work: neither captcha, nor GD's image, nor re-captcha.

I've no time to format my own solution, like an "official" MOD, but I want to share it with other people.

Anyone is welcome if able to contribute.

Name of the MOD: StopForumSpam MOD
Author: Rombo di Tuono

Description of the MOD: "StopForumSpam" Mod DISALLOWS registration to anyone with e-mail, IP, or username inserted in http://www.stopforumspam.com's blacklists
Version of the MOD: 1.0 RC1

Requirements: phpBB 3.0.x

Features:
How it works:
MOD checks for e-mail, IP and username on registration, and returns an error message if one out of three elements is in blackists, more: it adds a post in administrator's log.
Avatar utente
Rombo di Tuono
Site Admin
Messaggi: 7105
Iscritto il: 04 lug 2007, 18:07
Località: Seconda stella a DESTRA...
Contatta:

Re: [phpBB3 3.0.8 MOD] Avoid spambot attack

Messaggio da Rombo di Tuono »

MOD is based upon the one made by http://www.alexdoolittle.com, who owns the whole credit

I've made just some modifications, because it was generating some errors.

Now it's stable, but I suggest to add a PCA interface, and to format MOD according to standards
[videobanner]x[/videobanner]
Avatar utente
Rombo di Tuono
Site Admin
Messaggi: 7105
Iscritto il: 04 lug 2007, 18:07
Località: Seconda stella a DESTRA...
Contatta:

Re: [phpBB3 3.0.8 MOD] Avoid spambot attack

Messaggio da Rombo di Tuono »

Here is the code with instructions for the MOD

I prefer to have a check for the frequency, i.e. the number of times the element is in the blacklist, just to avoid false positives, anyway, I've set it up to THREE.

Codice: Seleziona tutto

################################################################################
##
## Mod Title:        SFS Anti-Spam Registration
## Mod Author:       Alex Doolittle, info@alexdoolittle.com
##
## Mod Description:    This MOD adds an IP, email, and username check when
##            registering using the stopforumspam.com API blacklist
##            and prevents registration upon finding a match.
##
## Mod Version:        1.0.1
##
##
## Compatibility:    3.0.3, 3.0.4
##	
##
## Installation Level:    Easy
## Installation Time:     5 Minutes
##
## Files To Edit:    3
##
##				includes/ucp/ucp_register.php
##				includes/functions_user.php
##				language/en/ucp.php
##				language/en/acp/common.php
##
################################################################################
##
##  Full support for this MOD can be obtained at:
##
##  http://www.alexdoolittle.com
##
################################################################################
##
##   2009-01-18 - Version 1.0.1
##    - corrected stopforumspam.com connectivity check, error log via ACP
##    - added registration logging when reg is blocked, admin log via acp
##   2008-12-12 - Version 1.0.0
##    - first release
##
################################################################################
##
##  This mod is released under the GNU GPL v2.
##
################################################################################
##
##  BEFORE ADDING THIS MOD TO YOUR FORUM, please be sure to backup ALL
##  affected files.
##
################################################################################
#
#----------[ OPEN ]-------------------------------------
#

includes/ucp/ucp_register.php

#
#----------[ FIND ]-------------------------------------
#

			'tz'				=> request_var('tz', (float) $timezone),

#
#----------[ AFTER, ADD ]-------------------------------
#

			// StopForumSpam.com API, IP variable
			'address'			=> getenv('REMOTE_ADDR'),

#
#----------[ FIND ]-------------------------------------
#

				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),

#
#----------[ AFTER, ADD ]-------------------------------
#

				// StopForumSpam.com API, call
				'address'			=> array('address'),

#
#----------[ OPEN ]-------------------------------------
#

includes/functions_user.php

#
#----------[ FIND ]-------------------------------------
#

	foreach ($bad_usernames as $bad_username)
	{
		if (preg_match('#^' . $bad_username . '$#', $clean_username))
		{
			return 'USERNAME_DISALLOWED';
		}
	}

#
#----------[ AFTER, ADD ]-------------------------------
#

	// StopForumSpam.com API, Username Check
	$sfs_check = stopforumspam($username, "username");
	if ( $sfs_check )
	{
	   add_log('admin', 'SFS_BLOCK_USER', $username);
	   return 'SFS_USERNAME_BANNED';
	} 


#
#----------[ FIND ]-------------------------------------
#

		if ($row)
		{
			return 'EMAIL_TAKEN';
		}
	}

#
#----------[ AFTER, ADD ]-------------------------------
#


	// StopForumSpam.com API, Email Check
	$sfs_check = stopforumspam($email, "email");
	if ( $sfs_check )
	{
		add_log('admin', 'SFS_BLOCK_EMAIL', $email);
		return 'SFS_EMAIL_BANNED';
	}

#
#----------[ FIND ]-------------------------------------
#

?>

#
#----------[ BEFORE, ADD ]------------------------------
#

// StopForumSpam.com API, IP check
function validate_address($addr)
{
	// Check SFS global banlist
	$sfs_check = stopforumspam($addr, "ip");
	if ( $sfs_check )
	{
		add_log('admin', 'SFS_BLOCK_IP', $addr);
		return 'SFS_IP_BANNED';
	}
	
	return false;
}

// StopForumSpam.com API connector
function stopforumspam($value, $type)
{
	$sfs_request_url = "http://www.stopforumspam.com/api?$type=$value";
	$sfs_doc = new DOMDocument();
	if (!$sfs_doc->load($sfs_request_url))
	{
		// On communication error, return false and log occurence
		$sfs_appears = "no";
		add_log('critical', 'SFS_ERROR');
	}
	else
	{
		$sfs_appears = $sfs_doc->getElementsByTagName("appears")->item(0)->nodeValue;
		//RDT added following line
		$sfs_frequency = $sfs_doc->getElementsByTagName("frequency")->item(0)->nodeValue;
	}

	// If the data appears on the blacklist
	return ($sfs_appears == "yes" && $sfs_frequency > 3) ? true : false;
	// RDT added: '&& $sfs_frequency > 3'
}

#
#----------[ OPEN ]-------------------------------------
#

language/en/ucp.php

#
#----------[ FIND ]-------------------------------------
#

	'SHOW_EMAIL'				=> 'Users can contact me by e-mail',

#
#----------[ BEFORE, ADD ]-------------------------------
#
	
	'SFS_EMAIL_BANNED'				=> 'Your EMAIL is not allowed because StopForumSpam.com.',
	'SFS_IP_BANNED'					=> 'Your IP address is not allowed because StopForumSpam.com.',
	'SFS_USERNAME_BANNED'			=> 'Your USERNAME is not allowed because StopForumSpam.com.',
	
#
#----------[ OPEN ]-------------------------------------
#

language/it/ucp.php

#
#----------[ FIND ]-------------------------------------
#

	'SHOW_EMAIL'				=> 'Rendi visibile il tuo indirizzo e-mail',

#
#----------[ BEFORE, ADD ]-------------------------------
#
	
	'SFS_EMAIL_BANNED'				=> 'E-MAIL non permessa, perchè presente su StopForumSpam.com.',
	'SFS_IP_BANNED'					=> 'IP non permesso perchè presente su StopForumSpam.com.',
	'SFS_USERNAME_BANNED'			=> 'NOME UTENTE non permesso perchè presente su StopForumSpam.com.',

#
#----------[ OPEN ]-------------------------------------
#

language/en/acp/common.php

#
#----------[ FIND ]-------------------------------------
#

	'LOG_WORD_EDIT'			=> '<strong>Edited word censor</strong><br />» %s',	

#
#----------[ AFTER, ADD ]-------------------------------
#

	'SFS_ERROR'					=> '<strong>Registration blacklist cannot be contacted</strong> >> %s',
	'SFS_BLOCK_EMAIL'				=> '<strong>Known spam registration via blocked email</strong> >> %s',
	'SFS_BLOCK_IP'					=> '<strong>Known spam registration via blocked IP</strong> >> %s',
	'SFS_BLOCK_USER'				=> '<strong>Known spam registration via blocked username</strong> >> %s',

#
#----------[ OPEN ]-------------------------------------
#

language/it/acp/common.php

#
#----------[ FIND ]-------------------------------------
#

	'LOG_WORD_EDIT'			=> '<strong>Censura parola modificata</strong><br />» %s',	

#
#----------[ AFTER, ADD ]-------------------------------
#

	'SFS_ERROR'					=> '<strong>La blacklist di registrazione non era disponibile</strong> >> %s',
	'SFS_BLOCK_EMAIL'				=> '<strong>Registrazione spam tramite email bloccata</strong> >> %s',
	'SFS_BLOCK_IP'					=> '<strong>Registrazione spam tramite IP bloccato</strong> >> %s',
	'SFS_BLOCK_USER'				=> '<strong>Registrazione spam tramite nome utente bloccato</strong> >> %s',

#
#-----[ SAVE/CLOSE ALL FILES ]--------------------------
#
# EoM
Avatar utente
Rombo di Tuono
Site Admin
Messaggi: 7105
Iscritto il: 04 lug 2007, 18:07
Località: Seconda stella a DESTRA...
Contatta:

Re: [phpBB3 3.0.8 MOD] Avoid spambot attack

Messaggio da Rombo di Tuono »

Since there are STILL tons of spammer, probably your administrator's log will fill in a matter of days...

When you are sure all is working, check for the three lines that begin with :"add_log('admin', 'SFS_BLOCK_" and COMMENT THEM [put "//" before "add"]

this way:
// add_log('admin', 'SFS_BLOCK_.....
MarvinDaf

phpBB3 3 0 8 MOD Avoid spambot attack

Messaggio da MarvinDaf »

Since we were under "attack," are we at risk, and would this be a good time to change our passwords, if we havent in awhile? Or does it matter?
Avatar utente
Rombo di Tuono
Site Admin
Messaggi: 7105
Iscritto il: 04 lug 2007, 18:07
Località: Seconda stella a DESTRA...
Contatta:

Re: phpBB3 3 0 8 MOD Avoid spambot attack

Messaggio da Rombo di Tuono »

MarvinDaf ha scritto:Since we were under "attack," are we at risk, and would this be a good time to change our passwords, if we havent in awhile? Or does it matter?
Upgrade your forum to PHPBB 3.2 and that's all
Rispondi