I apologize in advance if this isn't the correct forum to post this in; it seemed the most applicable one that I saw.
Due to the rather aggressive increase in bot activity that I've seen across many of my forums, I've developed "bot buster" mod and I'm offering it to the Snitz community (and several of the other major message boards as well).
I've bundled up a drop-in BotBuster mod for Snitz that people are welcome to use. Technically it's not 100% "drop-in", but it's very, very close. It's all self-contained in one file, requires NO database modifications, and should require only one minor edit to the registration file. (You'll also want to set a couple of very simple configuration options in the BotBuster file, but that's it.)
It uses the http://BotScout.com API to check registration emails and reject known bots. Because it uses the BotScout API you don't have to host anything, change your database, or do any complicated modifications to your code. BoutScout.com keeps a list of emails, IPs, and user names that bots use and makes them available through a simple API (as well as manual searches).
Full Disclosure: I'm the owner/operator of http://BotScout.com. What we do is trap bots by using a large number of "bot honeypot" forms located on a bunch of our sites. We then publish that information so people can use it to screen registration attempts. smile
I've included configuration options for SMF, VBulletin, phpBB, Phorum, PunBB, Invision Power Board, FUDForum, Ikonboard, Snitz, and W-Agora. It can be used on virtually any kind of forum, contact page, or web form.
The code and a ReadMe file are available for download here: http://www.botscout.com/code.htm (click the "Download BotScout BotBuster ver. 1.10" link). If you use it I'd love to hear about it.
If anyone would like to write up specific installation instructions for the Snitz Forum code, I'll gladly include it in the ReadMe.txt file.
Also, if anyone would like to create a Snitz-specific mod or plugin using the BotScout API, I'd be very interested in helping and would be happy to publish the code or a link to the mod on the BotScout site. The API is simple and easy-to-use, and the API details can be found here: http://botscout.com/api.htm.
Its an easy enough thing to do to write a mod to take advantage of either BotScouts API or StopForumSpam's API. It will require use of the XMLHTTP component to do the GET request though.
I'll have a go later and see what I come up with.<
I've it nearly finished but I'm waiting on an API key before I can test it properly.
Ah, great. Please let me know if you don't receive the API key. We'd be glad to post your mod on the BotScout site in the downloads section when you have it done (or a link to it if you prefer).
I'm not sure about the XMLHTTP component (is that for IIS, perhaps?), but the sample code uses cURL which is included with most PHP installs these days. We had/have another person looking at doing one with fopen() but I'm not sure what the advantage(s), if any, would be.
We'd be interested in any ASP code that you get working- we don't have an ASP server available to us so we can't do any development on that platform. <
Got it. At work at the moment so I'll have a look at it in a few hours when I get home.
At the moment its designed to stop registrations only. Should I include code that tests posts as well in case spammers register on a forum before the mod is applied ?
I'm also going to design an admin page so that features can be turned on and off.
quote:Originally posted by PodgeGot it. At work at the moment so I'll have a look at it in a few hours when I get home.
Super.
I have to say, the response from the Snitz, phpBB, FUDForum, and SMF communities has been very positive, with a lot of interest and people contributing code and ideas.
The PunBB community wasn't too excited, but they said it looked nice, while the nice folks at Phorum basically told me to piss off and accused me of attacking them, lol.
On another note, we're working hard on a very naughty "Bot Baffler" trapping service. :) People will be able to place a tiny snippet of code on their page (like in a footer file) and have it dynamically pull a bot-trapping form from our site. The form is completely dynamic- the fields change every time, including the field lengths and names. It's pure evil for bots to mess with and it'll be nearly impossible for a bot to "know" that it's a trap and avoid it. :)
This will allow people to contribute new bots to the BotScout database without having to do anything besides placing a small include() statement in their page. Mwuahahaha.<
Edited by - MrMike2000 on 21 January 2009 17:18:11
Well, I've got to admit that my initial reaction to your first post was "is this legit or is this spam?" That was largely due to your very first post sounding more like an ad than anything else. Add in the links and that you're not a "known member" - as in someone who's contributed/participated other things around here before - and it raised a few of my personal red flags. Just FYI.<
I've used two different methods to parse the responses and need some volunteers to test the code.
First save the following text as inc_func_spam.asp
<%
'#################################################################################
'## Snitz Forums 2000 v3.4.06
'#################################################################################
'## Copyright (C) 2000-06 Michael Anderson, Pierre Gorissen,
'## Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################
function botCheck(ipAddress, emailAddress, Username)
botCheck = 0
strBotScoutAPIKey = "whatever_your_key_is" ' register at botscout to get your key
Dim objXMLHTTP, xml
Dim apiKey
Dim responseArray
Dim ipResponse, usernameResponse, emailResponse
Set xml = Server.CreateObject("Microsoft.XMLHTTP")
' Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")
xml.Open "GET", "http://botscout.com/test/?multi&name=" & Username & "&mail=" & emailAddress & "&ip=" & ipAddress & "&key=" & strBotScoutAPIKey, False
xml.Send
responseArray = Split(xml.responseText, "|")
ipResponse = responseArray(3)
usernameResponse = responseArray(5)
emailResponse = responseArray(7)
botCheck = CLng(ipResponse) + CLng(usernameResponse) + CLng(emailResponse)
Set xml = Nothing
end function
function stopForumSpamCheck(ipAddress, emailAddress, Username)
stopForumSpamCheck = 0
Dim xmlDoc
Set xmlDoc = Server.CreateObject("Microsoft.XMLDOM")
xmlDoc.async=false
xmlDoc.setProperty "ServerHTTPRequest", true
xmlDoc.load("http://www.stopforumspam.com/api?ip=" & ipAddress & "&username=" & Username & "&email=" & emailAddress)
if xmlDoc.parseError.errorcode <> 0 then
'Response.Write("XML Error...<br>" & xmlDoc.parseError.reason)
else
set oNode = xmlDoc.documentElement.selectSingleNode("frequency")
if not oNode is nothing then
ipResponse = cLng(oNode.text)
end if
end if
set nodeCol = xmlDoc.documentElement.selectNodes("frequency")
for each oNode in nodeCol
stopForumSpamCheck = stopForumSpamCheck + CLng(oNode.text)
next
Set myXml = Nothing
end function
%>
You must register with BotScout to receive an api key. Change the following line in inc_func_spam.asp to include your api key
strBotScoutAPIKey = "whatever_your_key_is" ' register at botscout to get your key
UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if UserIPAddress = "" then
UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
end if
replace with
UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
if UserIPAddress = "" then
UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
end if
Response.write botCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) & "<br />"
Response.write stopForumSpamCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) & "<br />"
if botCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) > 3 then
Err_Msg = Err_Msg & "<li>BotCheck: you have a spam score of:" & botCheck & "</li>"
end if
if stopForumSpam(UserIPAddress, Request.Form("Email"), Request.Form("Name")) > 3 then
Err_Msg = Err_Msg & "<li>StopForumSpam: you have a spam score of:" & stopForumSpam & "</li>"
end if
MrMike2000, I've included code for both BotScount and StopForumSpam above. Once the code is tested and finished I'll package a zip file containing only the code you need.<
Well, I've got to admit that my initial reaction to your first post was "is this legit or is this spam?" That was largely due to your very first post sounding more like an ad than anything else. Add in the links and that you're not a "known member" - as in someone who's contributed/participated other things around here before - and it raised a few of my personal red flags. Just FYI.
I understand. I didn't want to sound like a spammer, but I think anytime someone who's unknown (like me) pops up and starts promoting something, the alarm bells go off. My apologies for that.
For what it's worth, I've been running forums and building sites for quite a while, going on 10 years now. I've dealt with forum trolls and spammers for years but in the last year or so it's gone through the roof, so to speak. They're ruining the net for everyone and the worst part is, they're succeeding.
I remember when I didn't get spam, now I get over a 1,000 emails a day and all but 4 or 5 are spam. The days of running an open forum are long gone...allowing guests to post is risky and it's certain to be abused if you don't take measures in advance.
One of my forums is "open" for guests to post in and I've had to add code that prevents posting unless the user has 30 "real" posts to his or her name. And still they try, by s p a c i n g o u t the URLs, posting in unicode, etc etc. Now they post spam in their signatures and don't even post on the board.
BotScout is my contribution to helping try to keep a lid on things. It's my way of helping push their filthy little heads under the water and making their life miserable. If enough people implemented the Bot Buster code it would really cramp their style, and if people use the bot trapping service it'll hurt them even more.
Anti-Bot Modification for Snitz Forum
Posted - 17 January 2009 : 21:01:20
<
