You are not logged in.
This is a quick script I wrote in PHP which will grab the latest users registered on your phpBB2 forum and check the usernames/email addresses against the database here, via the API. It's an alternative to modifying your forum software, if you can't or prefer not to.
It can be run one of two ways, either manually via the web or automatically via cron. There's options for logging output to a file, or printing it out to the page itself.
It has the option to "shoot on sight", or delete accounts that match ether a found username/email address in the database. Or, just log the results so you can investigate later.
I wrote it this morning, and tested against a stock phpBB2 install, and it seems to work pretty good. I do plan on writing more versions for phpBB3, PunBB, SMF, etc. as soon as I have time.
Download it here: http://www.stopforumspam.com/downloads/scanner.zip
Offline
Version 1.2 is up now with phpBB3 compatibility, and improved regex matching.
http://www.stopforumspam.com/downloads/scanner.zip
Offline
This is EXACTLY the sort of thing i would like to incorporate into the Anti-Spam ACp. Do you mind if i pinch some of the code out of this and intergrate it into the next version? It seems a lot simpler than having a whole new database table on the users table, which is what i was planning to use 
Offline
Go for it!
Offline
Russ wrote:
Go for it!
I'll have to wait until i get my old hosting back. The stuff i'm on atm has crap MySql databases, and i foolishly bought 1 year's worth of it. Ah well, it means i had some backup hosting to put my site on when my other host de-activated my account 
Offline
Any chance you could include an fSpamlist check in this too please?
The fspamlist API is;
http://www.fspamlist.com/xml.php
Variables:
username={user}
ip={user_IP}
email={user_email}
http://www.fspamlist.com/blog/?p=32
Offline
MysteryFCM wrote:
Any chance you could include an fSpamlist check in this too please?
The fspamlist API is;
http://www.fspamlist.com/xml.php
Variables:
username={user}
ip={user_IP}
email={user_email}
http://www.fspamlist.com/blog/?p=32
Shouldn't be too hard. Hell, i might put in fSpamlist intergration into t too Better to be double protected, eh?
That is, if you were talking to me about the Anti-Spam ACP. If not, the scanner shouldn't be too hard to modify yourself.
Offline
Your module and Russ's scanner would be even better 
Offline
Hey Russ... How about writing something like this as a stand alone program? Something with a configuration file that you can specify the path to the files, the database name, username, password, table names, etc. That way it could be used with any website, whether it was a forum, a blog, or whatever. It could be just about anything with a member database.
Offline
Ax Slinger wrote:
Hey Russ... How about writing something like this as a stand alone program? Something with a configuration file that you can specify the path to the files, the database name, username, password, table names, etc. That way it could be used with any website, whether it was a forum, a blog, or whatever. It could be just about anything with a member database.
Wouldn't be hard to do... i'm sure...
Offline
Hi I'm new to this...so pardon my igornance....once I download this how does it help on my forums?
Offline
It allows you to check your reg'd users against the SFS database, and where a match is found either;
1. Delete 'em
2. Ignore 'em
From the first post in the thread;
It has the option to "shoot on sight", or delete accounts that match ether a found username/email address in the database. Or, just log the results so you can investigate later.
Offline
My pleasure
Offline
How do I use the software I just got a forum for the first time and recently it has been spammed allot.
Offline
I have found this incredibly useful
I have made a couple of small changes for my own use, as (a) I wanted to automate this, and I think checking against username has a reasonable chance of a false positive; and (b) although I am still on phpBB2, I am had already installed my own hack to save IP address against an unused User field, so I thought I may as well do the IP check.
Your code was easy to read and adapt to my use, so many thanks.
But that isn't why I am writing. I am guessing a lot of folk, like me, have a hosted website that doesn't allow them the luxury of a cron job to automate the scanner.
So I simply set up the forum scanner to run in manual mode, then on my Windows XP box at home, I configured a Schedule Task to run:
"C:\Program Files\Mozilla Firefox\firefox.exe" http://www.mywebsite.org/phpBB/scanner.php
which opens up firefox and loads the page automatically.
It works a treat - my machine is on 24 hours a day, so it will run every night. Note that in the Schedule Task settings you can also force Firefox to close afterwards, but I leave it running, so that I see the log when I next sit down in front of the box.
Many thanks for maintaining the fight against spammers.
Chris
Last edited by Chris__M (2008-07-17 9:22 am)
Offline
It's kind of cheeky to say "I've changed your script", then pick faults, but I ran into a problem, so have just referred back to your original script (1.2) and I think I can see an error.
If you get an ip match, you set $ip_found = true. Similarly for $user_found and $email_found.
However, I can't see anything in the script that sets these variables to "false" again.
My initial tests were with a "test spammer" being the latest user to be registered, and it all worked fine. However, I have just tried registering a user with spammer credentials, and then two other users that should be ok. Then I ran the script - it returned a FOUND for the spammer and "not found" for the other two, but removed all three of them, as once your $ip_found value is set to true, it remains set to true.
Apologies if I have missed something obvious! I've fixed it in my version of the script, simply by adding $ip_found = false to the "else" part of each if statement.
Chris
Offline
