Here is one not yet on the list.

OFxLedzeplin · 2007-12-28 5:36 pm

Got this sign up on my phpNuke site today, looks like a winner for a forum spammer's info.

dfghzhzh
hgsfhsfghfhgf@mail333.com

BTW I use the API here to further validate signups on my site, hope thats cool, checks to see if thier on the list, and if they are, no signup!

Thanks for helping the community fight these dispicable spammers.

OFxLedzeplin
www.TEAMOFX.net

Russ · 2007-12-31 6:46 pm

mail333.com seems to be a spammer favorite.

http://www.stopforumspam.com/search?q=%40mail333.com

Do you have IP address info as well? Also, it's fine to use the API to validate signups. In fact if you've written any code you'd like to share that would be fantastic as well.

OFxLedzeplin · 2008-01-02 6:08 pm

How likely is it for any legitimate emails to be using these domains?
Im hesitant to block signups on my site based on domain, although it would likely be much more effective. The procedure I use could easily be modified accordingly.

I must admit Forum spam in itself hasnt been an issue on my site, it was at one time, until I set all forums to require registration, and then began tweaking my registration to fool the reg/spam bots by changing things from the phpNuke 'norm' that these bot scripts etc prey upon. Even if a registration is accepted by my site most of these accounts seldom find thier way to be "authenticated" and authorized to do anything on my site in the first place.

To be honest, my biggest concern as of late has come from me reviewing my site logs and seeing alot of entries that I believe are related to generation of spam, botnets etc.

Perhaps a little off subject here, but does anyone know of one place a webmaster may go to report websites that are hosting nefarious scripts? I can look up each, contact each administrator, but this is very time consuming, and doesnt seem to be very effective considering I find new sites hosting these scripts each day, and usually these sites are legitmately hosted, but have been hacked themselves.

Regarding the code I use on my site making use of your API here to somewhat filter signups on my site is as follows:

The code that I use currently on my phpNuke website, I inserted into a standard phpNuke procedure that phpNuke uses to check signup validity/completion (please keep in mind im not a php pro hehe).

In the "Your_Account" module/index.php towards the top, there is a procedure called "userCheck" which starts thusly:

function userCheck($username, $user_email)

It initially checks the validity of the email address to make sure its a valid email. Then it would move on to check other things normally, however this is where I inserted my additional function/code.

function userCheck($username, $user_email) {
    global $stop, $user_prefix, $db;
    if ((!$user_email) || ($user_email=="") || (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,6}$",$user_email))) $stop = "<center>"._ERRORINVEMAIL."</center><br>";
    if (strrpos($user_email,' ') > 0) $stop = "<center>"._ERROREMAILSPACES."</center>";

/* INSERTED CODE STARTS HERE */
    function is_spammer($email2check){
        $emailcheckurl = "http://www.stopforumspam.com/api?email=".$email2check;
        $handle = fopen($emailcheckurl, "rb");
        $content = "";
        do {
           $data = fread($handle, 8192);
           if (strlen($data) == 0) {
                   break;
           }
           $content .= $data;
        } while (true);
        fclose($handle);

        if(stristr($content, 'yes') === FALSE) {
            return 0;
        }else{
            return 1;
        }
    }
    if ( is_spammer($user_email ) ) $stop = "<center>"._EMAILFORBIDDEN."</center>"; 

/* INSERTED CODE STOPS HERE */

    if ((!$username) || ($username=="") || (ereg("[^a-zA-Z0-9_-]",$username))) $stop = "<center>"._ERRORINVNICK."</center><br>";

I also added to the "Your_Account" language files:

define("_EMAILFORBIDDEN","ERROR: The email domain you used is not allowed on this site.");

This basically checks the API here to see if the email used is a spammer email, and if yes, tells thems its forbidden, and stops.

Anyone that starts editing thier files..
PLEASE BACK UP YOUR FILES FIRST

Additionally, I have actually renamed my "Your_Account" module to something else to throw off bots written for standard phpNuke configurations.

PEACE
OFxLedzeplin

Last edited by OFxLedzeplin (2008-01-02 6:10 pm)

OFxLedzeplin · 2008-01-02 7:39 pm

I was checking into cross referencing the domain name instead of full email address.

If the API here itself had a domain check option, it would be easy to implement. Otherwise, I would have to keep a list of domains, that I would have to manually update to check against.

Might it be possible in the future to update the "API" to do a domain cross check as well as IP/Username/Email?

PEACE
OFxLedzeplin

OFxLedzeplin · 2008-01-02 7:41 pm

I didnt answer your original question, my mistake.

Russ wrote:

mail333.com seems to be a spammer favorite.
http://www.stopforumspam.com/search?q=%40mail333.com
Do you have IP address info as well? Also, it's fine to use the API to validate signups. In fact if you've written any code you'd like to share that would be fantastic as well.

Unfortunately the phpNuke portal does not capture/retain the IP of the registration request, so I do not have that available.

You'll see what code i've used reflected in the above posts.

PEACE
OFxLedzeplin

Last edited by OFxLedzeplin (2008-01-02 7:41 pm)

#1 2007-12-28 5:36 pm

Here is one not yet on the list.

#2 2007-12-31 6:46 pm

Re: Here is one not yet on the list.

#3 2008-01-02 6:08 pm

Re: Here is one not yet on the list.

#4 2008-01-02 7:39 pm

Re: Here is one not yet on the list.

#5 2008-01-02 7:41 pm

Re: Here is one not yet on the list.

Board footer