Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Spammer trap code  (Read 16074 times)

0 Members and 1 Guest are viewing this topic.

Deus

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 152
Spammer trap code
« on: July 24, 2009, 11:54:10 pm »

I've been using this code for a few weeks now and spammer activity has dropped off almost completely.
It's not 100%, some still get through, but instead of 5-6 spammer registrations per day, I get 2-3 per month.
It also sends you an email to confirm that it's blocked a spammer, (if you enable it).
It checks with stopforumspam.com to verify the ip, and if they are listed, they are redirected to a new page, telling them how to unlist their ip.

The code consists of 2 files, and one line to edit into a page of your choice.
It works on all types of software, including forums, galleries, blogs, portals, and much much more.
Please check all links in the code otherwise it will fail.


spammertrap.php
Code: [Select]
<?php
// SpammerTrap - JACP - endtimesroundtable.com / etrtmedia.com / watcherspace.com
// Using http://www.bin-co.com/php/scripts/load/
// Version : 1.00.A Curl/Fsockets Routine
// ==============================
// Turn on (=1) or off (=0) email notification
$nudgeme 0;

// Get IP from client
$whitetest ipCheck();

// Begin Whitelist
$whiteskip 0;
// Add this test section for each IP to force acceptance
if ($whitetest == "0.0.0.0")
{
$whiteskip 1;
}
// End of test section

// Do the rest if nothing found on whitelist

if ($whiteskip == 0)
{
// Use StopForumSpam API
$contents load("http://www.stopforumspam.com/api?ip=$whitetest");
// Check for a positive result, which means a spammer IP has been detected
$mycheck stripos($contents"<appears>yes</appears>");
if ($mycheck !== false)
{
// Send them far away from here
header('Location: http://www.yourdomain/linkto/spammertrap.html');
// Change the above URL to a localized webpage, or use the one provided

if ($nudgeme == 1)
{
// If the $nudgeme is set to 1, send an email alert

// Recipient - change to your notification email address
$to "your-email@yourdomain.com";

// Subject
$subject 'SpammerTrap Alert.';

// Message
$message "
<html>
<head>
  <title>SpammerTrap Alert</title>
</head>
<body>
$whitetest has been detected by the Stop Forum Spam API as being a spammer.
</body>
</html>
"
;

// To send HTML mail, the Content-type header must be set
$headers  'MIME-Version: 1.0' "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' "\r\n";

// Additional headers - change this to be the main webmaster email for your board
$headers .= 'From: youremail@yourdomain.com' "\r\n";

// Mail it
mail($to$subject$message$headers);
}
}
// Not found, back to normal activities
}

// End of program code, functions follow

function ipCheck()
{
if (getenv('HTTP_CLIENT_IP')) {
$ip getenv('HTTP_CLIENT_IP');
}
elseif (getenv('HTTP_X_FORWARDED_FOR')) {
$ip getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_X_FORWARDED')) {
$ip getenv('HTTP_X_FORWARDED');
}
elseif (getenv('HTTP_FORWARDED_FOR')) {
$ip getenv('HTTP_FORWARDED_FOR');
}
elseif (getenv('HTTP_FORWARDED')) {
$ip getenv('HTTP_FORWARDED');
}
else {
$ip $_SERVER['REMOTE_ADDR'];
}
return $ip;
}

function 
load($url,$options=array('method'=>'get','return_info'=>false)) {
    
$url_parts parse_url($url);
    
$info = array(//Currently only supported by curl.
        
'http_code'    => 200
    
);
    
$response '';

    
$send_header = array(
        
'Accept' => 'text/*',
        
'User-Agent' => 'BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)'
    
);

    
///////////////////////////// Curl /////////////////////////////////////
    //If curl is available, use curl to get the data.
    
if(function_exists("curl_init"
                and (!(isset(
$options['use']) and $options['use'] == 'fsocketopen'))) { //Don't user curl if it is specifically stated to user fsocketopen in the options
        
if(isset($options['method']) and $options['method'] == 'post') {
            
$page $url_parts['scheme'] . '://' $url_parts['host'] . $url_parts['path'];
        } else {
            
$page $url;
        }

        
$ch curl_init($url_parts['host']);

        
curl_setopt($chCURLOPT_URL$page);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue); //Just return the data - not print the whole thing.
        
curl_setopt($chCURLOPT_HEADERtrue); //We need the headers
        
curl_setopt($chCURLOPT_NOBODYfalse); //The content - if true, will not download the contents
        
if(isset($options['method']) and $options['method'] == 'post' and $url_parts['query']) {
            
curl_setopt($chCURLOPT_POSTtrue);
            
curl_setopt($chCURLOPT_POSTFIELDS$url_parts['query']);
        }
        
//Set the headers our spiders sends
        
curl_setopt($chCURLOPT_USERAGENT$send_header['User-Agent']); //The Name of the UserAgent we will be using ;)
        
$custom_headers = array("Accept: " $send_header['Accept'] );
        if(isset(
$options['modified_since']))
            
array_push($custom_headers,"If-Modified-Since: ".gmdate('D, d M Y H:i:s \G\M\T',strtotime($options['modified_since'])));
        
curl_setopt($chCURLOPT_HTTPHEADER$custom_headers);

        
curl_setopt($chCURLOPT_COOKIEJAR"cookie.txt"); //If ever needed...
        
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
        
curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);

        if(isset(
$url_parts['user']) and isset($url_parts['pass'])) {
            
$custom_headers = array("Authorization: Basic ".base64_encode($url_parts['user'].':'.$url_parts['pass']));
            
curl_setopt($chCURLOPT_HTTPHEADER$custom_headers);
        }

        
$response curl_exec($ch);
        
$info curl_getinfo($ch); //Some information on the fetch
        
curl_close($ch);

    
//////////////////////////////////////////// FSockOpen //////////////////////////////
    
} else { //If there is no curl, use fsocketopen
        
if(isset($url_parts['query'])) {
            if(isset(
$options['method']) and $options['method'] == 'post')
                
$page $url_parts['path'];
            else
                
$page $url_parts['path'] . '?' $url_parts['query'];
        } else {
            
$page $url_parts['path'];
        }

        
$fp fsockopen($url_parts['host'], 80$errno$errstr30);
        if (
$fp) {
            
$out '';
            if(isset(
$options['method']) and $options['method'] == 'post' and isset($url_parts['query'])) {
                
$out .= "POST $page HTTP/1.1\r\n";
            } else {
                
$out .= "GET $page HTTP/1.0\r\n"//HTTP/1.0 is much easier to handle than HTTP/1.1
            
}
            
$out .= "Host: $url_parts[host]\r\n";
            
$out .= "Accept: $send_header[Accept]\r\n";
            
$out .= "User-Agent: {$send_header['User-Agent']}\r\n";
            if(isset(
$options['modified_since']))
                
$out .= "If-Modified-Since: ".gmdate('D, d M Y H:i:s \G\M\T',strtotime($options['modified_since'])) ."\r\n";

            
$out .= "Connection: Close\r\n";

            
//HTTP Basic Authorization support
            
if(isset($url_parts['user']) and isset($url_parts['pass'])) {
                
$out .= "Authorization: Basic ".base64_encode($url_parts['user'].':'.$url_parts['pass']) . "\r\n";
            }

            
//If the request is post - pass the data in a special way.
            
if(isset($options['method']) and $options['method'] == 'post' and $url_parts['query']) {
                
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
                
$out .= 'Content-Length: ' strlen($url_parts['query']) . "\r\n";
                
$out .= "\r\n" $url_parts['query'];
            }
            
$out .= "\r\n";

            
fwrite($fp$out);
            while (!
feof($fp)) {
                
$response .= fgets($fp128);
            }
            
fclose($fp);
        }
    }

    
//Get the headers in an associative array
    
$headers = array();

    if(
$info['http_code'] == 404) {
        
$body "";
        
$headers['Status'] = 404;
    } else {
        
//Seperate header and content
        
$separator_position strpos($response,"\r\n\r\n");
        
$header_text substr($response,0,$separator_position);
        
$body substr($response,$separator_position+4);

        foreach(
explode("\n",$header_text) as $line) {
            
$parts explode(": ",$line);
            if(
count($parts) == 2$headers[$parts[0]] = chop($parts[1]);
        }
    }

    if(
$options['return_info']) return array('headers' => $headers'body' => $body'info' => $info);
    return 
$body;
}
?>


This is the redirction page.
spammertrap.html
Code: [Select]
<html>
<head>
<title>Spammer IP Address Detected</title>
</head>
<body bgcolor="red">
<h1>Attention!</h1>
<h2>Your IP address has been identified as belonging to a known spammer.</h2>
<hr>
<p>If you feel this is in error, please contact the webmaster of the site you were just viewing.</p>
<br>
<p>Also, please contact the <u>Stop Forum Spam</u> website using their help form <a href="http://www.stopforumspam.com/contact">HERE.</a></p>
<p>Inform them that your IP address is being incorrectly flagged as a spammer, and you'd like to have it removed.</p>
<br>
<center>
<i>Thank You!</i>
</center>
</body>
</html>

And this is the single line of code needed in your template, you can out this line just about anywhere on your site.
Code: [Select]
<script type="text/javascript" src="http://www.yourdomain.com/linkto/spammertrap.php"></script>

I've posted the code, as I only have winrar installed and I cant post RAR files. Sorry.
Thanks to Stoker at http://www.phpbb3bbcodes.com/portal.php for posting it originally.
Sorry if it's a dupe, i could'nt find it in search, so i think i'm the first with this.
Logged
https://the-bionic-cyclist.co.uk/
The Bionic Cyclist - Ebike and Technology Reviews
https://the-bionic-cyclist.co.uk/forum
For everything else.

Nibbler

  • Guest
Re: Spammer trap code
« Reply #1 on: July 25, 2009, 12:31:03 am »

How does it work?
Logged

Deus

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 152
Re: Spammer trap code
« Reply #2 on: July 25, 2009, 11:48:44 am »

Hi Nibbler, it grabs a visitors IP and checks it against http://www.stopforumspam.com database.
If they're listed as a spammer, it redirects to a local holding page, preventing them from progressing any further.

On a side note, it may also be worthwhile adding
Code: [Select]
<script type="text/javascript" src="http://www.yourdomain.com/linkto/spammertrap.php"></script> to the register.php file, just incase they try to acess it directly.
Logged
https://the-bionic-cyclist.co.uk/
The Bionic Cyclist - Ebike and Technology Reviews
https://the-bionic-cyclist.co.uk/forum
For everything else.

Nibbler

  • Guest
Re: Spammer trap code
« Reply #3 on: July 25, 2009, 01:39:44 pm »

But the redirect only applies to the javascript file itelf. This mod simply cannot work as you describe. I doubt it has any effect whatsoever.
Logged

rwozny

  • Coppermine newbie
  • Offline Offline
  • Posts: 14
Re: Spammer trap code
« Reply #4 on: July 25, 2009, 01:49:16 pm »

I am putting this lines to the test on two separate galleries. Will see the effects tomorrow, as almost everyday i get some spammer registrations.
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1503
  • aka 'i-imagine'
    • Home Page
Re: Spammer trap code
« Reply #5 on: July 25, 2009, 03:46:58 pm »

To expand a bit on Nibbler's comment......

What if the spammer/bot has no javascript? Is there a "stop" or other way to prevent them from spamming/registering?

[off topic]
You mention...
It's not 100%, some still get through

Are they registering with (slightly obscured here) "s_t_u_v_123123" "j_k_l_m_9875" and the infamous y_y_d_b_e_y_o_n_d, fake email addresses and perhaps from certain southeast asian regions? The reason that I ask is that I see in my logs certain IP ranges always entering register.php with no referer, no javascript and also with odd looking user agents - thanks [/off topic]

Deus

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 152
Re: Spammer trap code
« Reply #6 on: July 26, 2009, 05:04:02 pm »

You're right nibbler, I've spent a few hours looking into this, and there's no way that it can execute a php file when it's looking for .js resource.
But amazingly, I've still had emails from the script, telling me people have been bounced.

Well, I've added <!-- INCLUDE spammertrap.php --> to my forum, and it's not creating any errrors. Although the files need to be relative to the file you've included it into.

So, I will be able to see in the next day or two if it worked.
You need to copy the spammertrap.html and spammertrap.php file to the themes/youtheme folder for it to work.

Logged
https://the-bionic-cyclist.co.uk/
The Bionic Cyclist - Ebike and Technology Reviews
https://the-bionic-cyclist.co.uk/forum
For everything else.

Deus

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 152
Re: Spammer trap code
« Reply #7 on: July 26, 2009, 05:14:48 pm »

To expand a bit on Nibbler's comment......

What if the spammer/bot has no javascript? Is there a "stop" or other way to prevent them from spamming/registering?

[off topic]
You mention...
Are they registering with (slightly obscured here) "s_t_u_v_123123" "j_k_l_m_9875" and the infamous y_y_d_b_e_y_o_n_d, fake email addresses and perhaps from certain southeast asian regions? The reason that I ask is that I see in my logs certain IP ranges always entering register.php with no referer, no javascript and also with odd looking user agents - thanks [/off topic]

See my previous post for a fix.
Yes most seem to be from a very large Asian Country, and a large Eastern European country.
This time it's directly accessing the php file, so JS enabled/disabled shold'nt be an issue.

 
Logged
https://the-bionic-cyclist.co.uk/
The Bionic Cyclist - Ebike and Technology Reviews
https://the-bionic-cyclist.co.uk/forum
For everything else.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Spammer trap code
« Reply #8 on: July 27, 2009, 07:51:55 am »

My guess is that you're preventing actual humans who drop spam manually to access instead of bots.
IP checking is pretty lame and can be circumvented comparatively easily. As soon as such code goes into the core packages of popular apps (or if there are enough people using that method as a mod), the spammers will adopt to it and change their attack patterns. IP address checking will not help against a botnet (a net of trojan-infected PC across the globe), but only against bot farms. I strongly doubt that this mod will stand a chance. It's wishfull thinking imo.
Don't get me wrong, I welcome your readiness to share. But I doubt that your mod will reduce comment spam dramatically.
Logged

wutacrock

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 37
Re: Spammer trap code
« Reply #9 on: July 31, 2009, 04:35:03 am »

will this block people from just doing regular comments? i don't want to block them, i only want to block people who are spamming.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Spammer trap code
« Reply #10 on: July 31, 2009, 08:33:26 am »

Use the captcha plugin in a first attempt if you don't understand what has been posted in this thread. Of course this mod does not stop everybody to post comments - what would be the point of such a mod, as this could be accomplished without a mod in coppermine by just disabling the comment feature on the groups control panel?
This mod is suppossed to stop spammers by looking up their IP address. Although we (the coppermine dev team) welcome the contribution of this mod we're not sure that it will work as advertized, so you should consider this mod as a work in progress imo that only those should give a try who understand what is being discussed here. Everyone else (who is looking for a simple solution to fight comment spam) should try one or several of the other methods to fight spam (Aksimet, captcha etc.). Use the board search to find the threads that discuss those mods/plugins instead of cluttering this very thread. Thanks.
Logged
Pages: [1]   Go Up
 

Page created in 0.216 seconds with 21 queries.