Jump to content

Prevent known spammers


Tom

Recommended Posts

This code prevents known spammers (checked against the stopforumspam.com email database) from registering.

I've used it in core/modules/Registration/Registration.php within the ProcessRegistration function, as so:

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);

if($response->appears == 'yes'){
$spammer = true;
} else {
$spammer = false;
}			

if($spammer){
$this->set('message', 'Your email appears on our spam database, we therefore assume you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
$this->render('core_error.tpl');
return false;
}

It could be condensed a little, but I feel this makes it easier to understand.

  • Like 2
Link to comment
Share on other sites

  • 5 weeks later...

great :) where in ProcessRegistration function should that code pasted?

I put it directly after the following:

$data = array(
			'firstname' => $this->post->firstname,
			'lastname' => $this->post->lastname,
			'email' => $this->post->email,
			'password' => $this->post->password1,
			'code' => $this->post->code,
			'location' => $this->post->location,
			'hub' => $this->post->hub,
			'confirm' => false
		);

As long as it's after this part it's fine, but don't put it too far down because it'll create the user before checking...

Link to comment
Share on other sites

  • 2 months later...

getting this although registration works

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 8: parser error : Premature end of data in tag html line 1 in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

so something is setup wrong I guess

thanks in advance

Thomas

Link to comment
Share on other sites

Odd, I think I've been receiving the same error...

When I go to the page I get a normal response:

<response success="true">
<type>email</type>
<appears>no</appears>
<frequency>0</frequency>
</response>

yet it seems we're being sent something completely different when it's loaded in the script :S

Will go see if they've made changes to their API terms or something.

Update: I just printed the contents and I'm getting a 403 Forbidden error...

Are you on fivedev?

Link to comment
Share on other sites

I have a feeling they may have blocked the fivedev server IP. I wouldn't know why seeing as we'd only be using it for registrations which is ok (they block if you use it too regularly - every visit to your site).

Either that or for some reason it's a problem with our end?

Link to comment
Share on other sites

  • 4 months later...
  • 3 months later...
  • Moderators

it might not be working... I see that they have the API Usage limits.

I'll write something up some kind of a status checker tonight to see if the feature is actually working.

Link to comment
Share on other sites

  • Moderators

I done that as well, I can get the code together and post it here in later tonight. :D

the blocking IP won't be that realistic since it would require a core change. I won't go into it.

Link to comment
Share on other sites

If you were being use limited it would return a 403... that's what the problem was before ^^^

It's purely down to whether the person has been reported as a spammer yet or not. Obviously you're getting them before they've been added...

Link to comment
Share on other sites

  • Moderators

Put in the same place what Tom said on the first post.

IP Check to see if spammer.

 // Check IP
 $getIP = $_SERVER['REMOTE_ADDR'];
 $url = 'http://www.stopforumspam.com/api?ip='.$getIP;
 $file = new CodonWebService();
 $contents = $file->get($url);
 $response = simplexml_load_string($contents);
 if($response->appears == 'yes'){
	$spammer = true;
 } else {
	$spammer = false;
 }					  
 if($spammer == true){
	$this->set('message', 'Your IP Address appears to be in our spam\'s provider\'s database, if you think this is not correct, please contact us.');
	$this->render('core_error.tpl');
	return false;
 }

Link to comment
Share on other sites

A more effective solution is to check BOTH email and IP:

// Check email & IP for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$spammer = false;

foreach($response->appears as $appears){
if($appears == 'yes'){
	$spammer = true;
}
}				  

if($spammer){
$this->set('message', 'Your email address or IP appears on our spam database, we therefore assume you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
$this->render('core_error.tpl');
return false;
}

(Not tested)

Link to comment
Share on other sites

  • Administrators

I have added this script to my VA as well as I was getting the same problem with the roster filling up with spam accounts and have not had a real issue since. I also added a quick email function to send me an email each time a registration is rejected just to see if it was working and it is rejecting on average 10 a day from my site. No matter how detailed you get there will always be something that gets through but that is what website management is all about.

The code I am using including the email function

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);

if($response->email == 'yes' || $response->ip == 'yes'){
  $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
	you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
  $this->render('core_error.tpl');

	//send email that spam registration rejected
	$email = 'your email address';
	$sub = 'Spam Registration Rejected';
	$message = 'Spam pilot registration rejected using email '.$data['email'].' and
		 IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
	Util::SendEmail($email, $sub, $message);

return false;
}
//end spam check

Link to comment
Share on other sites

  • Administrators

Try it like this, I adjusted the structure some so it should work on any phpvms site.

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $data)
{
	if($data == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'Your Email Here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check

Link to comment
Share on other sites

  • Administrators

I had changed some things from pulling it out of my VA and inadvertently reassigned the $data variable. Try this;

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
	if($row == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'your email here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check

  • Like 1
Link to comment
Share on other sites

  • 9 months later...
  • 6 years later...

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()
     *
     * @return
     */
    protected function ProcessRegistration()
    {
    
           // Yes, there was an error
        if(!$this->VerifyData()) {
            $this->ShowForm();
            return;
        }
        
        $vbv="VBV";
        
        $data = array(
            'firstname' => $this->post->firstname,
            'lastname' => $this->post->lastname,
            'email' => $this->post->email,
            'password' => $this->post->password1,
            'code' => $vbv,
            'location' => $this->post->location,
            'hub' => $this->post->hub,
            'confirm' => false
        );
        
    
        if(CodonEvent::Dispatch('registration_precomplete', 'Registration', $_POST) == false) {
            return false;
        }
        
                // Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
    if($row == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
        $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
            you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
        $this->render('core_error.tpl');
        //send email that spam registration rejected
        $email = 'your email here';
        $sub = 'Spam Registration Rejected';;
        $message = 'Spam pilot registration rejected using email '.$data['email'].' and
            IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
        Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check
        

        $ret = RegistrationData::CheckUserEmail($data['email']);

        if($ret) {
            $this->set('error', Lang::gs('email.inuse'));
            $this->render('registration_error.tpl');
            return false;
        }

Link to comment
Share on other sites

  • Moderators
1 hour ago, Cor said:

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()

.....

This is mine (core/modules/registration/registration.php) - feel free to have it.  It's cut out all the spam for us.

<?php
/**
 * phpVMS - Virtual Airline Administration Software
 * Copyright (c) 2008 Nabeel Shahzad
 * For more information, visit www.phpvms.net
 *	Forums: http://www.phpvms.net/forum
 *	Documentation: http://www.phpvms.net/docs
 *
 * phpVMS is licenced under the following license:
 *   Creative Commons Attribution Non-commercial Share Alike (by-nc-sa)
 *   View license.txt in the root, or visit http://creativecommons.org/licenses/by-nc-sa/3.0/
 *
 * @author Nabeel Shahzad
 * @copyright Copyright (c) 2008, Nabeel Shahzad
 * @link http://www.phpvms.net
 * @license http://creativecommons.org/licenses/by-nc-sa/3.0/
 */

class Registration extends CodonModule
{
	public function HTMLHead() {
		/*Show our password strength checker
			*/
		if($this->get->page == 'register') {
			$this->renderTemplate('registration_javascript.tpl');
		}
	}


	public function index()
	{
                //updated to Google noCaptcha 1/15
		require_once CORE_LIB_PATH.'/recaptcha/recaptchalib.php';

		if(Auth::LoggedIn()) { // Make sure they don't over-ride it
			$this->render('login_already.tpl');
			return;
		}


		if(isset($_POST['submit'])) {
			$this->ProcessRegistration();
		} else {
			$this->ShowForm();
		}
	}

	protected function ShowForm()
	{
                //Google reCaptcha
                //updated to Google noCaptcha 1/15
                $this->set('sitekey', RECAPTCHA_PUBLIC_KEY);
                $this->set('lang', 'en');

		$field_list = RegistrationData::GetCustomFields();
		$this->set('extrafields', $field_list);
                $this->set('field_list', $field_list);

                $airline_list = OperationsData::getAllAirlines(true);
		$this->set('allairlines', $airline_list);
                $this->set('airline_list', $airline_list);

                $hub_list = OperationsData::getAllHubs();
                $this->set('allhubs', $hub_list);
                $this->set('hub_list', $hub_list);

                $country_list = Countries::getAllCountries();
		$this->set('countries', $country_list);
		$this->set('country_list', $country_list);

		$this->render('registration_mainform.tpl');
	}

	/**
	 * Registration::ProcessRegistration()
	 *
	 * @return
	 */
	protected function ProcessRegistration()
	{

		// Yes, there was an error
		if(!$this->VerifyData()) {
			$this->ShowForm();
            return;
        }

		$data = array(
			'firstname' => $this->post->firstname,
			'lastname' => $this->post->lastname,
			'email' => $this->post->email,
			'password' => $this->post->password1,
			'code' => $this->post->code,
			'location' => $this->post->location,
			'hub' => $this->post->hub,
			'confirm' => false
		);

        // Check email for known spammer
        $url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
        $file = new CodonWebService();
        $contents = $file->get($url);
        $response = simplexml_load_string($contents);
        $reject = FALSE;
        foreach($response->appears as $row)
        {
            if($row == 'yes'){$reject = TRUE;}
        }
        if($reject == TRUE){
            $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
								 you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
            $this->render('core_error.tpl');
            //send email that spam registration rejected
            $email = 'YOUR@EMAILHERE.COM';
            $sub = 'Spam Registration Rejected';;
            $message = 'Spam pilot registration rejected using email '.$data['email'].' and
								 IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
            Util::SendEmail($email, $sub, $message);
            return false;
        }
        //end spam check

		if(CodonEvent::Dispatch('registration_precomplete', 'Registration', $_POST) == false) {
			return false;
		}

		$ret = RegistrationData::CheckUserEmail($data['email']);

		if($ret) {
			$this->set('error', Lang::gs('email.inuse'));
			$this->render('registration_error.tpl');
			return false;
		}

		$val = RegistrationData::AddUser($data);
		if($val == false) {
			$this->set('error', RegistrationData::$error);
			$this->render('registration_error.tpl');
			return;
		} else {

			$pilotid = RegistrationData::$pilotid;

			/* Automatically confirm them if that option is set */
			if(Config::Get('PILOT_AUTO_CONFIRM') == true) {
				PilotData::AcceptPilot($pilotid);
				RanksData::CalculatePilotRanks();

				$pilot = PilotData::getPilotData($pilotid);
				$this->set('pilot', $pilot);
				$this->render('registration_autoconfirm.tpl');
			} else { /* Otherwise, wait until an admin confirms the registration */
				RegistrationData::SendEmailConfirm($email, $firstname, $lastname);
				$this->render('registration_sentconfirmation.tpl');
			}
		}

		CodonEvent::Dispatch('registration_complete', 'Registration', $_POST);

		// Registration email/show user is waiting for confirmation
		$sub = 'A user has registered';
		$message = "The user {$data['firstname']} {$data['lastname']} ({$data['email']}) has registered, and is awaiting confirmation.";

		$email = Config::Get('EMAIL_NEW_REGISTRATION');
		if(empty($email)) {
			$email = ADMIN_EMAIL;
		}

		Util::SendEmail($email, $sub, $message);

		// Send email to user
		$this->set('firstname', $data['firstname']);
		$this->set('lastname', $data['lastname']);
		$this->set('userinfo', $data);

		$message = Template::Get('email_registered.tpl', true);
		Util::SendEmail($data['email'], 'Registration at '.SITE_NAME, $message);

		$rss = new RSSFeed('Latest Pilot Registrations', SITE_URL, 'The latest pilot registrations');

        $pilot_list = PilotData::GetLatestPilots();
		foreach($pilot_list as $pilot) {
			$rss->AddItem('Pilot '.PilotData::GetPilotCode($pilot->code, $pilot->pilotid)
							. ' ('.$pilot->firstname .' ' . $pilot->lastname.')',
							SITE_URL.'/admin/index.php?admin=pendingpilots','','');
		}

		$rss->BuildFeed(LIB_PATH.'/rss/latestpilots.rss');

	}

	/*
	 * Process all the registration data
	 */
	protected function VerifyData()
	{
		$error = false;

                //Google reCaptcha
                //updated to Google noCaptcha 1/15
                $resp = null;
                $reCaptcha = new ReCaptcha(RECAPTCHA_PRIVATE_KEY);
                // Was there a reCAPTCHA response?
                if ($_POST["g-recaptcha-response"]) {
                        $resp = $reCaptcha->verifyResponse(
                        $_SERVER["REMOTE_ADDR"],
                        $_POST["g-recaptcha-response"]
                    );
                }

                //check if reCaptcha response was valid
                if ($resp == null) {
                     $error = true;
                     $this->set('captcha_error', 'reCaptcha Validation Error');
                }
                //end Google reCaptcha

		/* Check the firstname and last name
		 */
		if($this->post->firstname == '') {
			$error = true;
			$this->set('firstname_error', true);
		} else {
		  $this->set('firstname_error', '');

		}

		/* Check the last name
		 */
		if($this->post->lastname == '') {
			$error = true;
			$this->set('lastname_error', true);
		}
		else {
		      $this->set('lastname_error', '');
		}

		/* Check the email address
		 */
		if(filter_var($this->post->email, FILTER_VALIDATE_EMAIL) == false) {
			$error = true;
			$this->set('email_error', true);
		} else {
            $this->set('email_error', '');
		}


		/* Check the location
		 */
		if($this->post->location == '') {
			$error = true;
			$this->set('location_error', true);
		} else {
            $this->set('location_error', '');
		}

		// Check password length
		if(strlen($this->post->password1) <= 5) {
			$error = true;
			$this->set('password_error', 'The password is too short!');
		} else {
            $this->set('password_error', '');
		}

		// Check is passwords are the same
		if($this->post->password1 != $this->post->password2) {
			$error = true;
			$this->set('password_error', 'The passwords do not match!');
		} else {
            $this->set('password_error', '');
		}
		
		//Get customs fields
		$fields = RegistrationData::getCustomFields();

		if(count($fields) > 0) {
		    foreach ($fields as $field) {
			$value = Vars::POST($field->fieldname);
			$value1 = DB::escape($value);
			if ($field->required == 1 && $value1 == '') {
				$error = true;
				$this->set('custom_'.$field->fieldname.'_error', true);
			} else {
				$this->set('custom_'.$field->fieldname.'_error', '');
			}
		    }
		}

		if($error == true) {
			return false;
		}

		return true;
	}
}

Just change the email in the spam part - in the above code, it shows as YOUR@EMAILHERE.COM

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...