Prevent known spammers

phpVMS Legacy Add-Ons (v2/v5) Code Snippets
21

Try it like this, I adjusted the structure some so it should work on any phpvms site.

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $data)
{
	if($data == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'Your Email Here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check
22

Hi Dave

I tried your code works, but in the mail that i have received the spam email is not present

“Spam pilot registration rejected using email and IP address 79.4.191.124 on 05/09/2012 at 11:58am”

many thanks

23

I had changed some things from pulling it out of my VA and inadvertently reassigned the $data variable. Try this;

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
	if($row == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'your email here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check
1 Like
24

Many thanks Dave now works perfectly!!!

25

the code works great

26

I have updated since. Forgot to back up. Forgot exactly where in the Registration.php do I put the code.

27

Hello,

Last post in this topic is from 6 years ago but a must for us now.

I still not get this thing working. Is anybody using this code and wehre do I have to put it.

tnx 

Cor

28

Yes, I’m using it and it’s working well. I’m using simpilots code in his last reply in this thread.

It’s inserted just after line 99, but this might be a little different to your registration.php

29

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()
     *
     * @return
     */
    protected function ProcessRegistration()
    {
    
           // Yes, there was an error
        if(!$this->VerifyData()) {
            $this->ShowForm();
            return;
        }
        
        $vbv=“VBV”;
        
        $data = array(
            ‘firstname’ => $this->post->firstname,
            ‘lastname’ => $this->post->lastname,
            ‘email’ => $this->post->email,
            ‘password’ => $this->post->password1,
            ‘code’ => $vbv,
            ‘location’ => $this->post->location,
            ‘hub’ => $this->post->hub,
            ‘confirm’ => false
        );
        
    
        if(CodonEvent::Dispatch(‘registration_precomplete’, ‘Registration’, $_POST) == false) {
            return false;
        }
        
                // Check email for known spammer
$url = ‘http://www.stopforumspam.com/api?email=‘.$data[‘email’].’&ip='.$\_SERVER['REMOTE\_ADDR’];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
    if($row == ‘yes’){$reject = TRUE;}
}
if($reject == TRUE){
        $this->set(‘message’, ‘Your email or IP address appears on our spam database, we therefore assume
            you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.’);
        $this->render(‘core_error.tpl’);
        //send email that spam registration rejected
        $email = ‘your email here’;
        $sub = ‘Spam Registration Rejected’;;
        $message = 'Spam pilot registration rejected using email ‘.$data[‘email’].’ and
            IP address ‘.$_SERVER[‘REMOTE_ADDR’].’ on ‘.date(‘m/d/Y’, time()).’ at '.date(‘g:ia’, time());
        Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check
        

        $ret = RegistrationData::CheckUserEmail($data[‘email’]);

        if($ret) {
            $this->set(‘error’, Lang::gs(‘email.inuse’));
            $this->render(‘registration_error.tpl’);
            return false;
        }

30

1 hour ago, Cor said:

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()

This is mine (core/modules/registration/registration.php) - feel free to have it.  It’s cut out all the spam for us.

\<?php /\*\* \* phpVMS - Virtual Airline Administration Software \* Copyright (c) 2008 Nabeel Shahzad \* For more information, visit www.phpvms.net \* Forums: http://www.phpvms.net/forum \* Documentation: http://www.phpvms.net/docs \* \* phpVMS is licenced under the following license: \* Creative Commons Attribution Non-commercial Share Alike (by-nc-sa) \* View license.txt in the root, or visit http://creativecommons.org/licenses/by-nc-sa/3.0/ \* \* @author Nabeel Shahzad \* @copyright Copyright (c) 2008, Nabeel Shahzad \* @link http://www.phpvms.net \* @license http://creativecommons.org/licenses/by-nc-sa/3.0/ \*/ class Registration extends CodonModule { public function HTMLHead() { /\*Show our password strength checker \*/ if($this-\>get-\>page == 'register') { $this-\>renderTemplate('registration\_javascript.tpl'); } } public function index() { //updated to Google noCaptcha 1/15 require\_once CORE\_LIB\_PATH.'/recaptcha/recaptchalib.php'; if(Auth::LoggedIn()) { // Make sure they don't over-ride it $this-\>render('login\_already.tpl'); return; } if(isset($\_POST['submit'])) { $this-\>ProcessRegistration(); } else { $this-\>ShowForm(); } } protected function ShowForm() { //Google reCaptcha //updated to Google noCaptcha 1/15 $this-\>set('sitekey', RECAPTCHA\_PUBLIC\_KEY); $this-\>set('lang', 'en'); $field\_list = RegistrationData::GetCustomFields(); $this-\>set('extrafields', $field\_list); $this-\>set('field\_list', $field\_list); $airline\_list = OperationsData::getAllAirlines(true); $this-\>set('allairlines', $airline\_list); $this-\>set('airline\_list', $airline\_list); $hub\_list = OperationsData::getAllHubs(); $this-\>set('allhubs', $hub\_list); $this-\>set('hub\_list', $hub\_list); $country\_list = Countries::getAllCountries(); $this-\>set('countries', $country\_list); $this-\>set('country\_list', $country\_list); $this-\>render('registration\_mainform.tpl'); } /\*\* \* Registration::ProcessRegistration() \* \* @return \*/ protected function ProcessRegistration() { // Yes, there was an error if(!$this-\>VerifyData()) { $this-\>ShowForm(); return; } $data = array( 'firstname' =\> $this-\>post-\>firstname, 'lastname' =\> $this-\>post-\>lastname, 'email' =\> $this-\>post-\>email, 'password' =\> $this-\>post-\>password1, 'code' =\> $this-\>post-\>code, 'location' =\> $this-\>post-\>location, 'hub' =\> $this-\>post-\>hub, 'confirm' =\> false ); // Check email for known spammer $url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$\_SERVER['REMOTE\_ADDR']; $file = new CodonWebService(); $contents = $file-\>get($url); $response = simplexml\_load\_string($contents); $reject = FALSE; foreach($response-\>appears as $row) { if($row == 'yes'){$reject = TRUE;} } if($reject == TRUE){ $this-\>set('message', 'Your email or IP address appears on our spam database, we therefore assume you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.'); $this-\>render('core\_error.tpl'); //send email that spam registration rejected $email = '[email protected]'; $sub = 'Spam Registration Rejected';; $message = 'Spam pilot registration rejected using email '.$data['email'].' and IP address '.$\_SERVER['REMOTE\_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time()); Util::SendEmail($email, $sub, $message); return false; } //end spam check if(CodonEvent::Dispatch('registration\_precomplete', 'Registration', $\_POST) == false) { return false; } $ret = RegistrationData::CheckUserEmail($data['email']); if($ret) { $this-\>set('error', Lang::gs('email.inuse')); $this-\>render('registration\_error.tpl'); return false; } $val = RegistrationData::AddUser($data); if($val == false) { $this-\>set('error', RegistrationData::$error); $this-\>render('registration\_error.tpl'); return; } else { $pilotid = RegistrationData::$pilotid; /\* Automatically confirm them if that option is set \*/ if(Config::Get('PILOT\_AUTO\_CONFIRM') == true) { PilotData::AcceptPilot($pilotid); RanksData::CalculatePilotRanks(); $pilot = PilotData::getPilotData($pilotid); $this-\>set('pilot', $pilot); $this-\>render('registration\_autoconfirm.tpl'); } else { /\* Otherwise, wait until an admin confirms the registration \*/ RegistrationData::SendEmailConfirm($email, $firstname, $lastname); $this-\>render('registration\_sentconfirmation.tpl'); } } CodonEvent::Dispatch('registration\_complete', 'Registration', $\_POST); // Registration email/show user is waiting for confirmation $sub = 'A user has registered'; $message = "The user {$data['firstname']} {$data['lastname']} ({$data['email']}) has registered, and is awaiting confirmation."; $email = Config::Get('EMAIL\_NEW\_REGISTRATION'); if(empty($email)) { $email = ADMIN\_EMAIL; } Util::SendEmail($email, $sub, $message); // Send email to user $this-\>set('firstname', $data['firstname']); $this-\>set('lastname', $data['lastname']); $this-\>set('userinfo', $data); $message = Template::Get('email\_registered.tpl', true); Util::SendEmail($data['email'], 'Registration at '.SITE\_NAME, $message); $rss = new RSSFeed('Latest Pilot Registrations', SITE\_URL, 'The latest pilot registrations'); $pilot\_list = PilotData::GetLatestPilots(); foreach($pilot\_list as $pilot) { $rss-\>AddItem('Pilot '.PilotData::GetPilotCode($pilot-\>code, $pilot-\>pilotid) . ' ('.$pilot-\>firstname .' ' . $pilot-\>lastname.')', SITE\_URL.'/admin/index.php?admin=pendingpilots','',''); } $rss-\>BuildFeed(LIB\_PATH.'/rss/latestpilots.rss'); } /\* \* Process all the registration data \*/ protected function VerifyData() { $error = false; //Google reCaptcha //updated to Google noCaptcha 1/15 $resp = null; $reCaptcha = new ReCaptcha(RECAPTCHA\_PRIVATE\_KEY); // Was there a reCAPTCHA response? if ($\_POST["g-recaptcha-response"]) { $resp = $reCaptcha-\>verifyResponse( $\_SERVER["REMOTE\_ADDR"], $\_POST["g-recaptcha-response"] ); } //check if reCaptcha response was valid if ($resp == null) { $error = true; $this-\>set('captcha\_error', 'reCaptcha Validation Error'); } //end Google reCaptcha /\* Check the firstname and last name \*/ if($this-\>post-\>firstname == '') { $error = true; $this-\>set('firstname\_error', true); } else { $this-\>set('firstname\_error', ''); } /\* Check the last name \*/ if($this-\>post-\>lastname == '') { $error = true; $this-\>set('lastname\_error', true); } else { $this-\>set('lastname\_error', ''); } /\* Check the email address \*/ if(filter\_var($this-\>post-\>email, FILTER\_VALIDATE\_EMAIL) == false) { $error = true; $this-\>set('email\_error', true); } else { $this-\>set('email\_error', ''); } /\* Check the location \*/ if($this-\>post-\>location == '') { $error = true; $this-\>set('location\_error', true); } else { $this-\>set('location\_error', ''); } // Check password length if(strlen($this-\>post-\>password1) \<= 5) { $error = true; $this-\>set('password\_error', 'The password is too short!'); } else { $this-\>set('password\_error', ''); } // Check is passwords are the same if($this-\>post-\>password1 != $this-\>post-\>password2) { $error = true; $this-\>set('password\_error', 'The passwords do not match!'); } else { $this-\>set('password\_error', ''); } //Get customs fields $fields = RegistrationData::getCustomFields(); if(count($fields) \> 0) { foreach ($fields as $field) { $value = Vars::POST($field-\>fieldname); $value1 = DB::escape($value); if ($field-\>required == 1 && $value1 == '') { $error = true; $this-\>set('custom\_'.$field-\>fieldname.'\_error', true); } else { $this-\>set('custom\_'.$field-\>fieldname.'\_error', ''); } } } if($error == true) { return false; } return true; } }

Just change the email in the spam part - in the above code, it shows as [email protected]

31

Hi,

I have copied it except for this part

8 hours ago, shakamonkey88 said:

//Google reCaptcha //updated to Google noCaptcha 1/15 $resp = null; $reCaptcha = new ReCaptcha(RECAPTCHA_PRIVATE_KEY); // Was there a reCAPTCHA response? if ($_POST[“g-recaptcha-response”]) { $resp = $reCaptcha->verifyResponse( $_SERVER[“REMOTE_ADDR”], $_POST[“g-recaptcha-response”] ); } //check if reCaptcha response was valid if ($resp == null) { $error = true; $this->set(‘captcha_error’, ‘reCaptcha Validation Error’); } //end Google reCaptcha

that gave an error :slightly_smiling_face:

I then tried to register with an E-mail adres that was used for the spam and it still just register despite the outcome was if you put the url in another browser

Quote

<response success=“true”> <type>email</type> <appears>yes</appears> <lastseen>2019-11-28 03:26:30</lastseen> <frequency>1</frequency> <type>ip</type> <appears>no</appears> <frequency>0</frequency> </response>

So I am a little lost now 🙄

Regards,

Cor

 

32

Added as well and checking. 

33

I been using it for years. You get an email when a registration is blocked.

34

This has yet to catch someone, however Stop Forum Spam also produce a list, https://www.stopforumspam.com/downloads.

 

I grabbed the ip4 and ip6 180 day version and uploaded them to my deny list. (All 330,000.) 

 

I checked my logs and I can see where the BOTs have been knocking on my door at a rate of a few dozen times per minute and denied entry. 

 

A few other things I considered. Checking the firstname and lastname for spaces or a url , I am just not sure how to write that into the registration.php module. 

 

I guess this nuclear option of just ban a boat load of IP addresses will work for now at least until phpvms7 is ready.

35

A lot of registrations is done by automatic scripts and location is always Afghanistan.

Is there a code that checks the location and if this is Afghanistan the registration

will be blocked.

 

Regards,

 

Cor

36

If this catches the bots then you don’t need code for that, recaptcha should stop those bots registering, as they can’t only fill out forms, not perform a recaptcha test.

37

Recaptcha v2 has been busted a while back. It only keeps out the less sophisticated bots. 

38

On 7/31/2020 at 8:44 PM, Cor said:

A lot of registrations is done by automatic scripts and location is always Afghanistan.

Is there a code that checks the location and if this is Afghanistan the registration

will be blocked.

 

Regards,

 

Cor

I think Afghanistan is registred alot because its the default country on registration.

39

16 minutes ago, flyalaska said:

I think Afghanistan is registred alot because its the default country on registration.

 

BINGO!!!

 

Look in your server logs and find the IP addresses behind these registrations - and if you choose, block them.

40

7 hours ago, ProAvia said:

 

BINGO!!!

 

Look in your server logs and find the IP addresses behind these registrations - and if you choose, block them.

 

That is a solution if you have 1 a week orso, but if you have around 20 till 40 a week, you get a little bit tired of it and

I am looking for a way that if people “choosing” Afghanistan that it will be treated as spam.

 

I already blocked a range of IP addresses it getting ridiculous