You are not logged in.
Here's a little details on what I've been doing to automagically detect and report spammers. I do some mods on the registration page to detect first, by including some hidden form elements. They're usually hidden by HTML comments. This ensures they won't be seen in visual browsers but a dumb spambot that just sucks the HTML down and parses out fields can't tell the difference.
This is all done on PunBB, but it would be similar with other board software.
So in the HTML section of register.php I include this inside an HTML comment.
<!-- Spam control
<div class="inform">
<fieldset class="profile-extra">
<legend>Profile Info</legend>
<div class="infldset">
<label><strong>Real name</strong><br />
<input type="text" name="realname" size="50" maxlength="50" /><br /></label>
<label><strong>Interests</strong><br />
<input type="text" name="interests" size="50" maxlength="50" /><br /></label>
<label><strong>Website</strong><br />
<input type="text" name="website" size="50" maxlength="50" /><br /></label>
</fieldset>
</div>
-->They're also things that spammers typically can't resist filling out, too, especially website.
Now, when the form is posted I added a little bit to check if these fields are filled out. If they are, I know it can't be a legit registrant.
if($_POST['realname'] != '' || $_POST['website'] != '' || $_POST['interests'] != '')
{
function PostToHost($host, $path, $data_to_send) {
$fp = fsockopen($host,80);
fputs($fp, "POST $path HTTP/1.1\n" );
fputs($fp, "Host: $host\n" );
fputs($fp, "Content-type: application/x-www-form-urlencoded\n" );
fputs($fp, "Content-length: ".strlen($data_to_send)."\n" );
fputs($fp, "Connection: close\n\n" );
fputs($fp, $data_to_send);
fclose($fp);
}
PostToHost("www.stopforumspam.com", "/post.php", "username=" . $_POST['req_username'] . "&ip_addr=" . $_SERVER['REMOTE_ADDR'] . "&email=" . $_POST['req_email1'] . "&api_key=ZZZZZZZZZZZZZZZ");
echo "bye";
die();
}There's a little function in there that opens up a socket connection to the site on port 80 in order to post the form, obviously my API key isn't ZZZZZ but this is just an example. After that's done, the script is killed.
This is how 100% of my entries are handled. If you feel like modifying your own boards to do the same, feel free.
Offline
I've modified the Anti-Spam ACP for my forums to incorporate an easy-upload feature that inputs info coutesy of your little bit of PHP. All i have to do now is click "Report Spammers" and it sends all the entries to your database without any hassle from me 
Thanks for that Russ
Offline
I'll need to work on adding that to my site.
Your database has been very useful, I got about 50 bad new users in the last 3 days.
Sarg
Offline
Hi Rush and the123king, could you please see if you can give me some detail instruction how to make a 'button' that can automatically upload spammer details into this website data base?
Currently I have to copy and paste everything by hand. It is ok, I can overcome the tiredness to fight those moron spammers. But if there is a quicker way to do it, that would be so great.
I am using IPB forum. I know nearly nothing about coding stuffs but if you can give some easy instructions I am sure I can follow.
Offline
kurtcobainvn wrote:
Hi Rush and the123king, could you please see if you can give me some detail instruction how to make a 'button' that can automatically upload spammer details into this website data base?
Currently I have to copy and paste everything by hand. It is ok, I can overcome the tiredness to fight those moron spammers. But if there is a quicker way to do it, that would be so great.
I am using IPB forum. I know nearly nothing about coding stuffs but if you can give some easy instructions I am sure I can follow.
I know absolutely nothing about the code of IPB, sorry.
Offline
Just like to thank Russ for the function.
I run SMF forum software and have just added an include to the members profile page containing the (slightly modified) function in conjunction with a form for the necessary info and made accessable to Admins only.
I chose this method because I do not allow moderators to delete accounts, only to ban members.
Again, thanks Russ.
Offline
I've just created a C# version of this, hopefully it helps someone:
http://guyellisrocks.com/coding/stop-forum-spam/
Offline
Lol, that's a great way to detect spammers! :-)
Value less hidden fields... haha.
Offline
Russ - have you addressed the glaring bug that I emailled you about, the one that allows a user to completely bypass checking on emails when submitted to the API for testing?
Online
here's another one through PHP and cURL
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"http://www.stopforumspam.com/post.php"); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS,"username=" . $_POST['username'] . "&ip_addr=" . $_SERVER['remote_addr'] . "&email=" . $_POST['email'] . "&api_key=your_key_here"); curl_exec ($ch); curl_close ($ch);
Notes
1)This code deals with stopforumspam.com only ...
2) be carefull with $_SERVER['remote_addr'] that you do not submit your own ip to the blacklist !!
3)this code needs the cURL extension for PHP if a phpinfo(); call mentions a cURL section you have it otherwise you don't and this code won't work.To enable cURL PHP must be recompiled with appriciate options to enable cURL
Last edited by Erik (2008-09-18 11:37 am)
Offline
Hi, Russ!
I have a question for your code in the first post. Does it work in phpBB2? I have tested many variants but it don't send nothing.
I have installed Stop Spambot Registration mod - works like your first <!-- Spam control
MOD Description: This MOD stops spambots that provide Profile Information during registration in spite of a message saying "leave the Profile Information blank". An e-mail notification will be send every time there was a spambot registration attempt.
## NOTE: the e-mail notification can easily be left out if you wish.
I remake a little your second code and place it in my usercp_register:
if($_POST['icq'] != '' || $_POST['aim'] != '' || $_POST['msn'] != '' || $_POST['yim'] != '' || $_POST['skype'] != '' || $_POST['website'] != '' ||
$_POST['location'] != '' || $_POST['occupation'] != '' || $_POST['interests'] != '' || $_POST['signature'] != '')
{
function PostToHost($host, $path, $data_to_send) {
$fp = fsockopen($host,80);
fputs($fp, "POST $path HTTP/1.1\n" );
fputs($fp, "Host: $host\n" );
fputs($fp, "Content-type: application/x-www-form-urlencoded\n" );
fputs($fp, "Content-length: ".strlen($data_to_send)."\n" );
fputs($fp, "Connection: close\n\n" );
fputs($fp, $data_to_send);
fclose($fp);
}
PostToHost("www.stopforumspam.com", "/post.php", "username=" . $_POST['req_username'] . "&ip_addr=" . $_SERVER['REMOTE_ADDR'] .
"&email=" . $_POST['req_email1'] . "&api_key=Here is my API");
// echo "bye";
// die();
}I commented the last two lines because Stop Spambot Registration give similar message "Die, robot!"
I make my codes with Zend Studio 5.5 and it don't find error in code but the mod don't send nothing in your DB.
Maybe function PostToHost don't work in phpbb2 or ... I don't know.
Help me please!
Thanks in advance!
P.S. I don't want to use cURL - it works but my cURL .dlls are from version with security problems and I don't want to risk.
Last edited by diabolic.bg (2008-11-09 9:28 am)
Offline
