Jump to content
Tom

Prevent known spammers

Recommended Posts

This code prevents known spammers (checked against the stopforumspam.com email database) from registering.

I've used it in core/modules/Registration/Registration.php within the ProcessRegistration function, as so:

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);

if($response->appears == 'yes'){
$spammer = true;
} else {
$spammer = false;
}			

if($spammer){
$this->set('message', 'Your email appears on our spam database, we therefore assume you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
$this->render('core_error.tpl');
return false;
}

It could be condensed a little, but I feel this makes it easier to understand.

  • Like 2

Share this post


Link to post
Share on other sites

Warning this will g et overwritten in an update, so keep a backup of it on your computer, so maybe nabeel can put this in there for the next update.

Share this post


Link to post
Share on other sites

great :) where in ProcessRegistration function should that code pasted?

I put it directly after the following:

$data = array(
			'firstname' => $this->post->firstname,
			'lastname' => $this->post->lastname,
			'email' => $this->post->email,
			'password' => $this->post->password1,
			'code' => $this->post->code,
			'location' => $this->post->location,
			'hub' => $this->post->hub,
			'confirm' => false
		);

As long as it's after this part it's fine, but don't put it too far down because it'll create the user before checking...

Share this post


Link to post
Share on other sites

getting this although registration works

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 8: parser error : Premature end of data in tag html line 1 in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/flyeurop/public_html/core/modules/Registration/Registration.php on line 89

so something is setup wrong I guess

thanks in advance

Thomas

Share this post


Link to post
Share on other sites

Odd, I think I've been receiving the same error...

When I go to the page I get a normal response:

<response success="true">
<type>email</type>
<appears>no</appears>
<frequency>0</frequency>
</response>

yet it seems we're being sent something completely different when it's loaded in the script :S

Will go see if they've made changes to their API terms or something.

Update: I just printed the contents and I'm getting a 403 Forbidden error...

Are you on fivedev?

Share this post


Link to post
Share on other sites

I have a feeling they may have blocked the fivedev server IP. I wouldn't know why seeing as we'd only be using it for registrations which is ok (they block if you use it too regularly - every visit to your site).

Either that or for some reason it's a problem with our end?

Share this post


Link to post
Share on other sites

it might not be working... I see that they have the API Usage limits.

I'll write something up some kind of a status checker tonight to see if the feature is actually working.

Share this post


Link to post
Share on other sites

I done that as well, I can get the code together and post it here in later tonight. :D

the blocking IP won't be that realistic since it would require a core change. I won't go into it.

Share this post


Link to post
Share on other sites

If you were being use limited it would return a 403... that's what the problem was before ^^^

It's purely down to whether the person has been reported as a spammer yet or not. Obviously you're getting them before they've been added...

Share this post


Link to post
Share on other sites

Put in the same place what Tom said on the first post.

IP Check to see if spammer.

 // Check IP
 $getIP = $_SERVER['REMOTE_ADDR'];
 $url = 'http://www.stopforumspam.com/api?ip='.$getIP;
 $file = new CodonWebService();
 $contents = $file->get($url);
 $response = simplexml_load_string($contents);
 if($response->appears == 'yes'){
	$spammer = true;
 } else {
	$spammer = false;
 }					  
 if($spammer == true){
	$this->set('message', 'Your IP Address appears to be in our spam\'s provider\'s database, if you think this is not correct, please contact us.');
	$this->render('core_error.tpl');
	return false;
 }

Share this post


Link to post
Share on other sites

A more effective solution is to check BOTH email and IP:

// Check email & IP for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$spammer = false;

foreach($response->appears as $appears){
if($appears == 'yes'){
	$spammer = true;
}
}				  

if($spammer){
$this->set('message', 'Your email address or IP appears on our spam database, we therefore assume you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
$this->render('core_error.tpl');
return false;
}

(Not tested)

Share this post


Link to post
Share on other sites

I have added this script to my VA as well as I was getting the same problem with the roster filling up with spam accounts and have not had a real issue since. I also added a quick email function to send me an email each time a registration is rejected just to see if it was working and it is rejecting on average 10 a day from my site. No matter how detailed you get there will always be something that gets through but that is what website management is all about.

The code I am using including the email function

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);

if($response->email == 'yes' || $response->ip == 'yes'){
  $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
	you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
  $this->render('core_error.tpl');

	//send email that spam registration rejected
	$email = 'your email address';
	$sub = 'Spam Registration Rejected';
	$message = 'Spam pilot registration rejected using email '.$data['email'].' and
		 IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
	Util::SendEmail($email, $sub, $message);

return false;
}
//end spam check

Share this post


Link to post
Share on other sites

Try it like this, I adjusted the structure some so it should work on any phpvms site.

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $data)
{
	if($data == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'Your Email Here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check

Share this post


Link to post
Share on other sites

Hi Dave

I tried your code works, but in the mail that i have received the spam email is not present

"Spam pilot registration rejected using email and IP address 79.4.191.124 on 05/09/2012 at 11:58am"

many thanks

Share this post


Link to post
Share on other sites

I had changed some things from pulling it out of my VA and inadvertently reassigned the $data variable. Try this;

// Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
	if($row == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
		$this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
			you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
		$this->render('core_error.tpl');
		//send email that spam registration rejected
		$email = 'your email here';
		$sub = 'Spam Registration Rejected';;
		$message = 'Spam pilot registration rejected using email '.$data['email'].' and
			IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
		Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check

  • Like 1

Share this post


Link to post
Share on other sites

Hello,

Last post in this topic is from 6 years ago but a must for us now.

I still not get this thing working. Is anybody using this code and wehre do I have to put it.

tnx 

Cor

Share this post


Link to post
Share on other sites

Yes, I'm using it and it's working well. I'm using simpilots code in his last reply in this thread.

It's inserted just after line 99, but this might be a little different to your registration.php

Share this post


Link to post
Share on other sites

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()
     *
     * @return
     */
    protected function ProcessRegistration()
    {
    
           // Yes, there was an error
        if(!$this->VerifyData()) {
            $this->ShowForm();
            return;
        }
        
        $vbv="VBV";
        
        $data = array(
            'firstname' => $this->post->firstname,
            'lastname' => $this->post->lastname,
            'email' => $this->post->email,
            'password' => $this->post->password1,
            'code' => $vbv,
            'location' => $this->post->location,
            'hub' => $this->post->hub,
            'confirm' => false
        );
        
    
        if(CodonEvent::Dispatch('registration_precomplete', 'Registration', $_POST) == false) {
            return false;
        }
        
                // Check email for known spammer
$url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
$file = new CodonWebService();
$contents = $file->get($url);
$response = simplexml_load_string($contents);
$reject = FALSE;
foreach($response->appears as $row)
{
    if($row == 'yes'){$reject = TRUE;}
}
if($reject == TRUE){
        $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
            you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
        $this->render('core_error.tpl');
        //send email that spam registration rejected
        $email = 'your email here';
        $sub = 'Spam Registration Rejected';;
        $message = 'Spam pilot registration rejected using email '.$data['email'].' and
            IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
        Util::SendEmail($email, $sub, $message);
return false;
}
//end spam check
        

        $ret = RegistrationData::CheckUserEmail($data['email']);

        if($ret) {
            $this->set('error', Lang::gs('email.inuse'));
            $this->render('registration_error.tpl');
            return false;
        }

Share this post


Link to post
Share on other sites
1 hour ago, Cor said:

This is how I have it now:

 

/**
     * Registration::ProcessRegistration()

.....

This is mine (core/modules/registration/registration.php) - feel free to have it.  It's cut out all the spam for us.

<?php
/**
 * phpVMS - Virtual Airline Administration Software
 * Copyright (c) 2008 Nabeel Shahzad
 * For more information, visit www.phpvms.net
 *	Forums: http://www.phpvms.net/forum
 *	Documentation: http://www.phpvms.net/docs
 *
 * phpVMS is licenced under the following license:
 *   Creative Commons Attribution Non-commercial Share Alike (by-nc-sa)
 *   View license.txt in the root, or visit http://creativecommons.org/licenses/by-nc-sa/3.0/
 *
 * @author Nabeel Shahzad
 * @copyright Copyright (c) 2008, Nabeel Shahzad
 * @link http://www.phpvms.net
 * @license http://creativecommons.org/licenses/by-nc-sa/3.0/
 */

class Registration extends CodonModule
{
	public function HTMLHead() {
		/*Show our password strength checker
			*/
		if($this->get->page == 'register') {
			$this->renderTemplate('registration_javascript.tpl');
		}
	}


	public function index()
	{
                //updated to Google noCaptcha 1/15
		require_once CORE_LIB_PATH.'/recaptcha/recaptchalib.php';

		if(Auth::LoggedIn()) { // Make sure they don't over-ride it
			$this->render('login_already.tpl');
			return;
		}


		if(isset($_POST['submit'])) {
			$this->ProcessRegistration();
		} else {
			$this->ShowForm();
		}
	}

	protected function ShowForm()
	{
                //Google reCaptcha
                //updated to Google noCaptcha 1/15
                $this->set('sitekey', RECAPTCHA_PUBLIC_KEY);
                $this->set('lang', 'en');

		$field_list = RegistrationData::GetCustomFields();
		$this->set('extrafields', $field_list);
                $this->set('field_list', $field_list);

                $airline_list = OperationsData::getAllAirlines(true);
		$this->set('allairlines', $airline_list);
                $this->set('airline_list', $airline_list);

                $hub_list = OperationsData::getAllHubs();
                $this->set('allhubs', $hub_list);
                $this->set('hub_list', $hub_list);

                $country_list = Countries::getAllCountries();
		$this->set('countries', $country_list);
		$this->set('country_list', $country_list);

		$this->render('registration_mainform.tpl');
	}

	/**
	 * Registration::ProcessRegistration()
	 *
	 * @return
	 */
	protected function ProcessRegistration()
	{

		// Yes, there was an error
		if(!$this->VerifyData()) {
			$this->ShowForm();
            return;
        }

		$data = array(
			'firstname' => $this->post->firstname,
			'lastname' => $this->post->lastname,
			'email' => $this->post->email,
			'password' => $this->post->password1,
			'code' => $this->post->code,
			'location' => $this->post->location,
			'hub' => $this->post->hub,
			'confirm' => false
		);

        // Check email for known spammer
        $url = 'http://www.stopforumspam.com/api?email='.$data['email'].'&ip='.$_SERVER['REMOTE_ADDR'];
        $file = new CodonWebService();
        $contents = $file->get($url);
        $response = simplexml_load_string($contents);
        $reject = FALSE;
        foreach($response->appears as $row)
        {
            if($row == 'yes'){$reject = TRUE;}
        }
        if($reject == TRUE){
            $this->set('message', 'Your email or IP address appears on our spam database, we therefore assume
								 you are a spammer and are rejecting your registration request. If you feel this is incorrect please contact us.');
            $this->render('core_error.tpl');
            //send email that spam registration rejected
            $email = 'YOUR@EMAILHERE.COM';
            $sub = 'Spam Registration Rejected';;
            $message = 'Spam pilot registration rejected using email '.$data['email'].' and
								 IP address '.$_SERVER['REMOTE_ADDR'].' on '.date('m/d/Y', time()).' at '.date('g:ia', time());
            Util::SendEmail($email, $sub, $message);
            return false;
        }
        //end spam check

		if(CodonEvent::Dispatch('registration_precomplete', 'Registration', $_POST) == false) {
			return false;
		}

		$ret = RegistrationData::CheckUserEmail($data['email']);

		if($ret) {
			$this->set('error', Lang::gs('email.inuse'));
			$this->render('registration_error.tpl');
			return false;
		}

		$val = RegistrationData::AddUser($data);
		if($val == false) {
			$this->set('error', RegistrationData::$error);
			$this->render('registration_error.tpl');
			return;
		} else {

			$pilotid = RegistrationData::$pilotid;

			/* Automatically confirm them if that option is set */
			if(Config::Get('PILOT_AUTO_CONFIRM') == true) {
				PilotData::AcceptPilot($pilotid);
				RanksData::CalculatePilotRanks();

				$pilot = PilotData::getPilotData($pilotid);
				$this->set('pilot', $pilot);
				$this->render('registration_autoconfirm.tpl');
			} else { /* Otherwise, wait until an admin confirms the registration */
				RegistrationData::SendEmailConfirm($email, $firstname, $lastname);
				$this->render('registration_sentconfirmation.tpl');
			}
		}

		CodonEvent::Dispatch('registration_complete', 'Registration', $_POST);

		// Registration email/show user is waiting for confirmation
		$sub = 'A user has registered';
		$message = "The user {$data['firstname']} {$data['lastname']} ({$data['email']}) has registered, and is awaiting confirmation.";

		$email = Config::Get('EMAIL_NEW_REGISTRATION');
		if(empty($email)) {
			$email = ADMIN_EMAIL;
		}

		Util::SendEmail($email, $sub, $message);

		// Send email to user
		$this->set('firstname', $data['firstname']);
		$this->set('lastname', $data['lastname']);
		$this->set('userinfo', $data);

		$message = Template::Get('email_registered.tpl', true);
		Util::SendEmail($data['email'], 'Registration at '.SITE_NAME, $message);

		$rss = new RSSFeed('Latest Pilot Registrations', SITE_URL, 'The latest pilot registrations');

        $pilot_list = PilotData::GetLatestPilots();
		foreach($pilot_list as $pilot) {
			$rss->AddItem('Pilot '.PilotData::GetPilotCode($pilot->code, $pilot->pilotid)
							. ' ('.$pilot->firstname .' ' . $pilot->lastname.')',
							SITE_URL.'/admin/index.php?admin=pendingpilots','','');
		}

		$rss->BuildFeed(LIB_PATH.'/rss/latestpilots.rss');

	}

	/*
	 * Process all the registration data
	 */
	protected function VerifyData()
	{
		$error = false;

                //Google reCaptcha
                //updated to Google noCaptcha 1/15
                $resp = null;
                $reCaptcha = new ReCaptcha(RECAPTCHA_PRIVATE_KEY);
                // Was there a reCAPTCHA response?
                if ($_POST["g-recaptcha-response"]) {
                        $resp = $reCaptcha->verifyResponse(
                        $_SERVER["REMOTE_ADDR"],
                        $_POST["g-recaptcha-response"]
                    );
                }

                //check if reCaptcha response was valid
                if ($resp == null) {
                     $error = true;
                     $this->set('captcha_error', 'reCaptcha Validation Error');
                }
                //end Google reCaptcha

		/* Check the firstname and last name
		 */
		if($this->post->firstname == '') {
			$error = true;
			$this->set('firstname_error', true);
		} else {
		  $this->set('firstname_error', '');

		}

		/* Check the last name
		 */
		if($this->post->lastname == '') {
			$error = true;
			$this->set('lastname_error', true);
		}
		else {
		      $this->set('lastname_error', '');
		}

		/* Check the email address
		 */
		if(filter_var($this->post->email, FILTER_VALIDATE_EMAIL) == false) {
			$error = true;
			$this->set('email_error', true);
		} else {
            $this->set('email_error', '');
		}


		/* Check the location
		 */
		if($this->post->location == '') {
			$error = true;
			$this->set('location_error', true);
		} else {
            $this->set('location_error', '');
		}

		// Check password length
		if(strlen($this->post->password1) <= 5) {
			$error = true;
			$this->set('password_error', 'The password is too short!');
		} else {
            $this->set('password_error', '');
		}

		// Check is passwords are the same
		if($this->post->password1 != $this->post->password2) {
			$error = true;
			$this->set('password_error', 'The passwords do not match!');
		} else {
            $this->set('password_error', '');
		}
		
		//Get customs fields
		$fields = RegistrationData::getCustomFields();

		if(count($fields) > 0) {
		    foreach ($fields as $field) {
			$value = Vars::POST($field->fieldname);
			$value1 = DB::escape($value);
			if ($field->required == 1 && $value1 == '') {
				$error = true;
				$this->set('custom_'.$field->fieldname.'_error', true);
			} else {
				$this->set('custom_'.$field->fieldname.'_error', '');
			}
		    }
		}

		if($error == true) {
			return false;
		}

		return true;
	}
}

Just change the email in the spam part - in the above code, it shows as YOUR@EMAILHERE.COM

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...