Spammer trap code Spammer trap code
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Spammer trap code

Started by Deus, July 24, 2009, 11:54:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Deus

I've been using this code for a few weeks now and spammer activity has dropped off almost completely.
It's not 100%, some still get through, but instead of 5-6 spammer registrations per day, I get 2-3 per month.
It also sends you an email to confirm that it's blocked a spammer, (if you enable it).
It checks with stopforumspam.com to verify the ip, and if they are listed, they are redirected to a new page, telling them how to unlist their ip.

The code consists of 2 files, and one line to edit into a page of your choice.
It works on all types of software, including forums, galleries, blogs, portals, and much much more.
Please check all links in the code otherwise it will fail.


spammertrap.php

<?php
// SpammerTrap - JACP - endtimesroundtable.com / etrtmedia.com / watcherspace.com
// Using http://www.bin-co.com/php/scripts/load/
// Version : 1.00.A Curl/Fsockets Routine
// ==============================
// Turn on (=1) or off (=0) email notification
$nudgeme 0;

// Get IP from client
$whitetest ipCheck();

// Begin Whitelist
$whiteskip 0;
// Add this test section for each IP to force acceptance
if ($whitetest == "0.0.0.0")
{
$whiteskip 1;
}
// End of test section

// Do the rest if nothing found on whitelist

if ($whiteskip == 0)
{
// Use StopForumSpam API
$contents load("http://www.stopforumspam.com/api?ip=$whitetest");
// Check for a positive result, which means a spammer IP has been detected
$mycheck stripos($contents"<appears>yes</appears>");
if ($mycheck !== false)
{
// Send them far away from here
header('Location: http://www.yourdomain/linkto/spammertrap.html');
// Change the above URL to a localized webpage, or use the one provided

if ($nudgeme == 1)
{
// If the $nudgeme is set to 1, send an email alert

// Recipient - change to your notification email address
$to "your-email@yourdomain.com";

// Subject
$subject 'SpammerTrap Alert.';

// Message
$message "
<html>
<head>
  <title>SpammerTrap Alert</title>
</head>
<body>
$whitetest has been detected by the Stop Forum Spam API as being a spammer.
</body>
</html>
"
;

// To send HTML mail, the Content-type header must be set
$headers  'MIME-Version: 1.0' "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' "\r\n";

// Additional headers - change this to be the main webmaster email for your board
$headers .= 'From: youremail@yourdomain.com' "\r\n";

// Mail it
mail($to$subject$message$headers);
}
}
// Not found, back to normal activities
}

// End of program code, functions follow

function ipCheck()
{
if (getenv('HTTP_CLIENT_IP')) {
$ip getenv('HTTP_CLIENT_IP');
}
elseif (getenv('HTTP_X_FORWARDED_FOR')) {
$ip getenv('HTTP_X_FORWARDED_FOR');
}
elseif (getenv('HTTP_X_FORWARDED')) {
$ip getenv('HTTP_X_FORWARDED');
}
elseif (getenv('HTTP_FORWARDED_FOR')) {
$ip getenv('HTTP_FORWARDED_FOR');
}
elseif (getenv('HTTP_FORWARDED')) {
$ip getenv('HTTP_FORWARDED');
}
else {
$ip $_SERVER['REMOTE_ADDR'];
}
return $ip;
}

function 
load($url,$options=array('method'=>'get','return_info'=>false)) {
    
$url_parts parse_url($url);
    
$info = array(//Currently only supported by curl.
        
'http_code'    => 200
    
);
    
$response '';

    
$send_header = array(
        
'Accept' => 'text/*',
        
'User-Agent' => 'BinGet/1.00.A (http://www.bin-co.com/php/scripts/load/)'
    
);

    
///////////////////////////// Curl /////////////////////////////////////
    //If curl is available, use curl to get the data.
    
if(function_exists("curl_init"
                and (!(isset(
$options['use']) and $options['use'] == 'fsocketopen'))) { //Don't user curl if it is specifically stated to user fsocketopen in the options
        
if(isset($options['method']) and $options['method'] == 'post') {
            
$page $url_parts['scheme'] . '://' $url_parts['host'] . $url_parts['path'];
        } else {
            
$page $url;
        }

        
$ch curl_init($url_parts['host']);

        
curl_setopt($chCURLOPT_URL$page);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue); //Just return the data - not print the whole thing.
        
curl_setopt($chCURLOPT_HEADERtrue); //We need the headers
        
curl_setopt($chCURLOPT_NOBODYfalse); //The content - if true, will not download the contents
        
if(isset($options['method']) and $options['method'] == 'post' and $url_parts['query']) {
            
curl_setopt($chCURLOPT_POSTtrue);
            
curl_setopt($chCURLOPT_POSTFIELDS$url_parts['query']);
        }
        
//Set the headers our spiders sends
        
curl_setopt($chCURLOPT_USERAGENT$send_header['User-Agent']); //The Name of the UserAgent we will be using ;)
        
$custom_headers = array("Accept: " $send_header['Accept'] );
        if(isset(
$options['modified_since']))
            
array_push($custom_headers,"If-Modified-Since: ".gmdate('D, d M Y H:i:s \G\M\T',strtotime($options['modified_since'])));
        
curl_setopt($chCURLOPT_HTTPHEADER$custom_headers);

        
curl_setopt($chCURLOPT_COOKIEJAR"cookie.txt"); //If ever needed...
        
curl_setopt($chCURLOPT_FOLLOWLOCATION1);
        
curl_setopt($chCURLOPT_SSL_VERIFYPEERFALSE);

        if(isset(
$url_parts['user']) and isset($url_parts['pass'])) {
            
$custom_headers = array("Authorization: Basic ".base64_encode($url_parts['user'].':'.$url_parts['pass']));
            
curl_setopt($chCURLOPT_HTTPHEADER$custom_headers);
        }

        
$response curl_exec($ch);
        
$info curl_getinfo($ch); //Some information on the fetch
        
curl_close($ch);

    
//////////////////////////////////////////// FSockOpen //////////////////////////////
    
} else { //If there is no curl, use fsocketopen
        
if(isset($url_parts['query'])) {
            if(isset(
$options['method']) and $options['method'] == 'post')
                
$page $url_parts['path'];
            else
                
$page $url_parts['path'] . '?' $url_parts['query'];
        } else {
            
$page $url_parts['path'];
        }

        
$fp fsockopen($url_parts['host'], 80$errno$errstr30);
        if (
$fp) {
            
$out '';
            if(isset(
$options['method']) and $options['method'] == 'post' and isset($url_parts['query'])) {
                
$out .= "POST $page HTTP/1.1\r\n";
            } else {
                
$out .= "GET $page HTTP/1.0\r\n"//HTTP/1.0 is much easier to handle than HTTP/1.1
            
}
            
$out .= "Host: $url_parts[host]\r\n";
            
$out .= "Accept: $send_header[Accept]\r\n";
            
$out .= "User-Agent: {$send_header['User-Agent']}\r\n";
            if(isset(
$options['modified_since']))
                
$out .= "If-Modified-Since: ".gmdate('D, d M Y H:i:s \G\M\T',strtotime($options['modified_since'])) ."\r\n";

            
$out .= "Connection: Close\r\n";

            
//HTTP Basic Authorization support
            
if(isset($url_parts['user']) and isset($url_parts['pass'])) {
                
$out .= "Authorization: Basic ".base64_encode($url_parts['user'].':'.$url_parts['pass']) . "\r\n";
            }

            
//If the request is post - pass the data in a special way.
            
if(isset($options['method']) and $options['method'] == 'post' and $url_parts['query']) {
                
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
                
$out .= 'Content-Length: ' strlen($url_parts['query']) . "\r\n";
                
$out .= "\r\n" $url_parts['query'];
            }
            
$out .= "\r\n";

            
fwrite($fp$out);
            while (!
feof($fp)) {
                
$response .= fgets($fp128);
            }
            
fclose($fp);
        }
    }

    
//Get the headers in an associative array
    
$headers = array();

    if(
$info['http_code'] == 404) {
        
$body "";
        
$headers['Status'] = 404;
    } else {
        
//Seperate header and content
        
$separator_position strpos($response,"\r\n\r\n");
        
$header_text substr($response,0,$separator_position);
        
$body substr($response,$separator_position+4);

        foreach(
explode("\n",$header_text) as $line) {
            
$parts explode(": ",$line);
            if(
count($parts) == 2$headers[$parts[0]] = chop($parts[1]);
        }
    }

    if(
$options['return_info']) return array('headers' => $headers'body' => $body'info' => $info);
    return 
$body;
}
?>



This is the redirction page.
spammertrap.html

<html>
<head>
<title>Spammer IP Address Detected</title>
</head>
<body bgcolor="red">
<h1>Attention!</h1>
<h2>Your IP address has been identified as belonging to a known spammer.</h2>
<hr>
<p>If you feel this is in error, please contact the webmaster of the site you were just viewing.</p>
<br>
<p>Also, please contact the <u>Stop Forum Spam</u> website using their help form <a href="http://www.stopforumspam.com/contact">HERE.</a></p>
<p>Inform them that your IP address is being incorrectly flagged as a spammer, and you'd like to have it removed.</p>
<br>
<center>
<i>Thank You!</i>
</center>
</body>
</html>


And this is the single line of code needed in your template, you can out this line just about anywhere on your site.
<script type="text/javascript" src="http://www.yourdomain.com/linkto/spammertrap.php"></script>


I've posted the code, as I only have winrar installed and I cant post RAR files. Sorry.
Thanks to Stoker at http://www.phpbb3bbcodes.com/portal.php for posting it originally.
Sorry if it's a dupe, i could'nt find it in search, so i think i'm the first with this.
https://daz-stuff.uk
DJ tutorials, E-Bikes, Movies and videogames.
(https://daz-stuff.uk/daz/signature.png)

Nibbler


Deus

Hi Nibbler, it grabs a visitors IP and checks it against http://www.stopforumspam.com database.
If they're listed as a spammer, it redirects to a local holding page, preventing them from progressing any further.

On a side note, it may also be worthwhile adding <script type="text/javascript" src="http://www.yourdomain.com/linkto/spammertrap.php"></script> to the register.php file, just incase they try to acess it directly.
https://daz-stuff.uk
DJ tutorials, E-Bikes, Movies and videogames.
(https://daz-stuff.uk/daz/signature.png)

Nibbler

But the redirect only applies to the javascript file itelf. This mod simply cannot work as you describe. I doubt it has any effect whatsoever.

rwozny

I am putting this lines to the test on two separate galleries. Will see the effects tomorrow, as almost everyday i get some spammer registrations.

Joe Carver

To expand a bit on Nibbler's comment......

What if the spammer/bot has no javascript? Is there a "stop" or other way to prevent them from spamming/registering?

[off topic]
You mention...
Quote from: Deus on July 24, 2009, 11:54:10 PM
It's not 100%, some still get through

Are they registering with (slightly obscured here) "s_t_u_v_123123" "j_k_l_m_9875" and the infamous y_y_d_b_e_y_o_n_d, fake email addresses and perhaps from certain southeast asian regions? The reason that I ask is that I see in my logs certain IP ranges always entering register.php with no referer, no javascript and also with odd looking user agents - thanks [/off topic]

Deus

You're right nibbler, I've spent a few hours looking into this, and there's no way that it can execute a php file when it's looking for .js resource.
But amazingly, I've still had emails from the script, telling me people have been bounced.

Well, I've added <!-- INCLUDE spammertrap.php --> to my forum, and it's not creating any errrors. Although the files need to be relative to the file you've included it into.

So, I will be able to see in the next day or two if it worked.
You need to copy the spammertrap.html and spammertrap.php file to the themes/youtheme folder for it to work.

https://daz-stuff.uk
DJ tutorials, E-Bikes, Movies and videogames.
(https://daz-stuff.uk/daz/signature.png)

Deus

Quote from: i-imagine on July 25, 2009, 03:46:58 PM
To expand a bit on Nibbler's comment......

What if the spammer/bot has no javascript? Is there a "stop" or other way to prevent them from spamming/registering?

[off topic]
You mention...
Are they registering with (slightly obscured here) "s_t_u_v_123123" "j_k_l_m_9875" and the infamous y_y_d_b_e_y_o_n_d, fake email addresses and perhaps from certain southeast asian regions? The reason that I ask is that I see in my logs certain IP ranges always entering register.php with no referer, no javascript and also with odd looking user agents - thanks [/off topic]

See my previous post for a fix.
Yes most seem to be from a very large Asian Country, and a large Eastern European country.
This time it's directly accessing the php file, so JS enabled/disabled shold'nt be an issue.

https://daz-stuff.uk
DJ tutorials, E-Bikes, Movies and videogames.
(https://daz-stuff.uk/daz/signature.png)

Joachim Müller

My guess is that you're preventing actual humans who drop spam manually to access instead of bots.
IP checking is pretty lame and can be circumvented comparatively easily. As soon as such code goes into the core packages of popular apps (or if there are enough people using that method as a mod), the spammers will adopt to it and change their attack patterns. IP address checking will not help against a botnet (a net of trojan-infected PC across the globe), but only against bot farms. I strongly doubt that this mod will stand a chance. It's wishfull thinking imo.
Don't get me wrong, I welcome your readiness to share. But I doubt that your mod will reduce comment spam dramatically.

wutacrock

will this block people from just doing regular comments? i don't want to block them, i only want to block people who are spamming.

Joachim Müller

Use the captcha plugin in a first attempt if you don't understand what has been posted in this thread. Of course this mod does not stop everybody to post comments - what would be the point of such a mod, as this could be accomplished without a mod in coppermine by just disabling the comment feature on the groups control panel?
This mod is suppossed to stop spammers by looking up their IP address. Although we (the coppermine dev team) welcome the contribution of this mod we're not sure that it will work as advertized, so you should consider this mod as a work in progress imo that only those should give a try who understand what is being discussed here. Everyone else (who is looking for a simple solution to fight comment spam) should try one or several of the other methods to fight spam (Aksimet, captcha etc.). Use the board search to find the threads that discuss those mods/plugins instead of cluttering this very thread. Thanks.