Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Yet another anti spam MOD...

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Check here to subscribe to this topic.
   

T O P I C    R E V I E W
SPulley Posted - 05 February 2007 : 13:48:23
I was getting sick of going in and deleting 15 to 20 spam users per day in my pending accounts section. Leaving them there really makes helping people who are having trouble registering a chore. I was also getting sick of getting several bounced emails in my mailbox from bogus forum registrations. I already have the bandomains mod installed and that cut back on some, but I was still getting way too many spam registrations. So here it is in all it's glory..

This mod uses a "donationware" asp component that actually takes an email address and validates it at the remote server. If the email is rejected, the registration process is halted. If the mail server MX lookup fails, the email is rejected.

To install, first download and install the ASP component at:

http://www.internext.co.za/stefan/aspmx/

Drop the guy a few clams while you're there...

Next create a file called inc_validate_email.asp and copy and paste the following code into it:
<%
   Dim DNSMX
   Dim A

   Set DNSMX = Server.CreateObject("ASPMX.Resolver")
   DNSMX.TimeOutValue = 30
   DNSMX.Sender = strSender
   A = DNSMX.ValidateEMail(Request.Form("Email"))
   If Len(A) = 0 Then
		'do nothing email appears to be valid
   Else                                               
     Err_Msg = Err_Msg & "<li>We were unable to validate your email address!  Choose another email address.</li>"
	 Err_Msg = Err_Msg &  A & "<BR>"  
	 '#############  Un comment out the below lines to see the full SMTP session for troublshooting.
     'A = DNSMX.ViewConversation()                     
     'A = Replace(A,vbcrlf,"<BR>")                     
     'Err_Msg = Err_Msg &  "The error might be due to an "   
     'Err_Msg = Err_Msg &  "SMTP error. The last "
     'Err_Msg = Err_Msg &  "conversation went as follows:"
     'Err_Msg = Err_Msg &  "<BR>" & A
   End If
   Set DNSMX = Nothing
%>


Next go to about line 290 in register.asp.. You're looking for:
		If strAutoLogon <> 1 then
			if Request.Form("Email") = "" then
				Err_Msg = Err_Msg & "<li>You Must give an e-mail address</li>"
			end if
			if Request.Form("Email") <> Request.Form("Email3") then
				Err_Msg = Err_Msg & "<li>Your E-mail Addresses didn't match.</li>"
			end if


Or something very similar to that. Add the following lines after the first "end if".
	
			%>
<!--#INCLUDE FILE="inc_validate_email.asp" -->
			<%
		


So your code now looks like this:
		If strAutoLogon <> 1 then
			if Request.Form("Email") = "" then
				Err_Msg = Err_Msg & "<li>You Must give an e-mail address</li>"
			end if
			%>
<!--#INCLUDE FILE="inc_validate_email.asp" -->
			<%
			if Request.Form("Email") <> Request.Form("Email3") then
				Err_Msg = Err_Msg & "<li>Your E-mail Addresses didn't match.</li>"
			end if


That's it... Pretty simple.. A couple caveats... You must have remote desktop access to the server to install the ASP component. If you don't you will have to ask your host to install it. Some may, some may not. Second, if the server that the spammer uses accepts all email as valid to the domain and then later rejects it (because of a gateway or some other device), you will still get spam users from that domain. I tested it with AOL, hotmail, and Gmail to name a few and they all rejected a bad email address. So you should be ok.

I've been running this mod for a couple days now and haven't had any problems. Let me know if you have any questions.

**** spammers!!.. Do they really think pissing people off gets them business?<
8   L A T E S T    R E P L I E S    (Newest First)
martindelange Posted - 09 April 2007 : 04:25:19
I also had a couple of bots working me over by creating ghost accounts with false email addresses. I added graphically displayed random security code that needs to be reentered become submitting the new user form. Have a zip with description and mods in it but where do I upload it to?<
borge Posted - 21 March 2007 : 17:48:23
quote:
Originally posted by SPulley

Most forum spammers do things pretty consistently. They use bogus email addresses, their mailboxes are full, they put all the same information in fields.. urls all the same, first name & last name the same, city and state the same, etc.. If I can filter on these habits, then I'm already ahead of the curve.

I have noticed a new trend just lately, instead of entering the same names in the username, first name and last name fields, they have started to vari the first letter, giving results like Amerlin, Bmerlin, Cmerlin. These people will work hard to find a way to get their spam spread!<
SPulley Posted - 21 March 2007 : 16:18:29
I am pleased to report that my 'Check for identical links' mod has been wildly successful. In the past month, I've had less than 15 bogus 'spammer' registrations. It seems that I'm on to something here. Of the few that did get through, they had different variations of the same url, different pages etc. The common thread between the ones that get through is that 1st name and last name are the same. So, I may make additional modifications to the validation to check for this commonality.

Here is the code to check for identical URL entries.

<%
'Check if any 2 links are the same
if Request.Form("Homepage") = "http://" or Request.Form("Homepage") = "" then
	InError = 0
else
	if Request.Form("Homepage") = Request.Form("LINK1") or _
		Request.Form("Homepage") = Request.Form("LINK2") or _
		Request.Form("Homepage") = Request.Form("Photo_URL") then
		InError = 1
	end if
end if
if Request.Form("LINK1") = "http://" or Request.Form("LINK1") = "" then
	InError = 0
else
	if Request.Form("LINK1") = Request.Form("LINK2") or _
		Request.Form("LINK1") = Request.Form("Photo_URL") then
		InError = 1
	end if
end if
if Request.Form("LINK2") = "http://" or Request.Form("LINK2") = "" then
	InError = 0
else
	if Request.Form("LINK2") = Request.Form("Photo_URL") then
		InError = 1
	end if
end if
if InError = 1 then
	Err_Msg = "<li>The homepage, favorite links and photo fields must all be different, or all blank.</li>" & Err_Msg
else 
	'do nothing
end if
%>
<
SPulley Posted - 13 February 2007 : 15:14:02
So this mod cut the bogus registrations in half to 5-7 per day. Great progress. I still wanted more. Of the ones that made it through, 95% of them had all 4 urls in the profile the same. Homepage, link1, link2, and photo_url.. I added a few more lines to register.asp that check to see if any of these urls are identical. If they are, it throws an error message. It's a simple fix, but I think will be very effective. Of the 30 or so accounts I deleted today, only 2 or 3 had different URLs in each of these fields. I'll report back my findings. I know some people are sitting here thinking "Why doesn't this idiot just institute a CAPTCHA system?" Personally, I hate them. It's one more illegible code I gotta figure out and enter into the form. If I can find ways to filter spammers without making most users take additional steps or making it harder for them, I'd rather go that route. Most forum spammers do things pretty consistently. They use bogus email addresses, their mailboxes are full, they put all the same information in fields.. urls all the same, first name & last name the same, city and state the same, etc.. If I can filter on these habits, then I'm already ahead of the curve.

I'll post the code after I've had some time to test it.<
pdrg Posted - 06 February 2007 : 15:12:52
I don't have my own mailserver, but if you want, I can give you a temporary domain so <anything>@thedomain will relay straight back to whatever account you like, that way you can try mylargescale1@, mylargescale2@ etc and let me know when you're done!.

I'm interested in some of the techniques you're trying though (although I'm not sure how scaleable the 'all the same' one is), and if I can help, do let me know. It may help, but there are a few different MODs around for dealing with spammers, CAPTCHAs, etc, if you want to try those first before researching new frontiers. If you fancy exploring the new territories, keep us updated and I for one will work with you to see if we can find different filtering algorithms.

edit - message me through Snitz if you want the domain/mail fw setup<
SPulley Posted - 06 February 2007 : 14:32:51
quote:
Originally posted by pdrg

Big warning - spammers use SMTP HELO, USER commands to harvest valid email accounts at a known domain - because of this many mail servers no longer support passing back a failure code for an invalid account on the mailserver, they just fail the username/password pair so as to not help address harvesters. For this reason, I suspect this will block many legitimate users too.

Just to proive the case, I just tried to register on mylargescale.com as cliff with an email addr of mylargescale at concurrency dot co dot uk (a valid email addr!) and got the reply

,There Was A Problem With Your Details
* We were unable to validate your email address! Choose another email address.
Unexpected response code from mail server on RCPT TO (451)

Shame, it's a nice idea, just spoiled by the very people you're trying to keep out :(



I did some looking into grey listing.. It seems that it's mostly smaller ISPs that use it. So much for sticking to RFCs. Do you have a server that I could test against? I just tried with the same address you did and it went through. Is this your server? What is the anti spam configuration? Most server software I have seen will only stop responding to RCPT TO commands if it's getting flooded with requests. We're talking one small request here. I'm sure there are cowboys out there that are blocking them all, but the majors?

I suppose that there would be a way of looking for this response and dealing with it in code. I'd just need a server configured this way to test against.

Over the last 24 hours, my bad registrations have gone down considerably.. Only those having valid email addresses have come in, and that was only 2.. I can deal with 1 or 2 per day.. In addition, if someone really wants to get on my forum, they generally contact me through my feedback form and I can walk them through registering.

My next spam registration filter will look for the words 'cialis, 'viagra', 'rape', and 'incest' in the urls of the user home pages.. Alternately, I might just check to see if they are all the same, as that is a big red flag.

Ultimately, the solution is to move to a different forum solution all together, but i've got a lot of work ahead of me for that to happen.<
pdrg Posted - 06 February 2007 : 12:54:32
Big warning - spammers use SMTP HELO, USER commands to harvest valid email accounts at a known domain - because of this many mail servers no longer support passing back a failure code for an invalid account on the mailserver, they just fail the username/password pair so as to not help address harvesters. For this reason, I suspect this will block many legitimate users too.

Just to proive the case, I just tried to register on mylargescale.com as cliff with an email addr of mylargescale at concurrency dot co dot uk (a valid email addr!) and got the reply

There Was A Problem With Your Details
* We were unable to validate your email address! Choose another email address.
Unexpected response code from mail server on RCPT TO (451)

Shame, it's a nice idea, just spoiled by the very people you're trying to keep out :(<
HuwR Posted - 05 February 2007 : 14:20:34
be careful as this may reject addresses that are valid because the recipient mail server uses greylisting<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.04 seconds. Powered By: Snitz Forums 2000 Version 3.4.07