Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Anti-Bot Modification for Snitz Forum		  New Topic  Reply to Topic
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 4

MrMike2000
Starting Member

16 Posts
Posted - 17 January 2009 :  21:01:20  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
I apologize in advance if this isn't the correct forum to post this in; it seemed the most applicable one that I saw.

Due to the rather aggressive increase in bot activity that I've seen across many of my forums, I've developed "bot buster" mod and I'm offering it to the Snitz community (and several of the other major message boards as well).

I've bundled up a drop-in BotBuster mod for Snitz that people are welcome to use. Technically it's not 100% "drop-in", but it's very, very close. It's all self-contained in one file, requires NO database modifications, and should require only one minor edit to the registration file. (You'll also want to set a couple of very simple configuration options in the BotBuster file, but that's it.)

It uses the http://BotScout.com API to check registration emails and reject known bots. Because it uses the BotScout API you don't have to host anything, change your database, or do any complicated modifications to your code. BoutScout.com keeps a list of emails, IPs, and user names that bots use and makes them available through a simple API (as well as manual searches).

Full Disclosure:
I'm the owner/operator of http://BotScout.com. What we do is trap bots by using a large number of "bot honeypot" forms located on a bunch of our sites. We then publish that information so people can use it to screen registration attempts. smile

I've included configuration options for SMF, VBulletin, phpBB, Phorum, PunBB, Invision Power Board, FUDForum, Ikonboard, Snitz, and W-Agora. It can be used on virtually any kind of forum, contact page, or web form.

The code and a ReadMe file are available for download here: http://www.botscout.com/code.htm (click the "Download BotScout BotBuster ver. 1.10" link). If you use it I'd love to hear about it.

If anyone would like to write up specific installation instructions for the Snitz Forum code, I'll gladly include it in the ReadMe.txt file.

Also, if anyone would like to create a Snitz-specific mod or plugin using the BotScout API, I'd be very interested in helping and would be happy to publish the code or a link to the mod on the BotScout site. The API is simple and easy-to-use, and the API details can be found here: http://botscout.com/api.htm.

MrMike
http://BotScout.com
<
Edited by - MrMike2000 on 17 January 2009 21:02:48

Classicmotorcycling
Development Team Leader

Australia
2084 Posts
Posted - 18 January 2009 :  01:12:13  Show Profile  Reply with Quote
Don't know how this relates to Snitz due to the code that you show on your site requires PHP. Snitz is an ASP based forum.<
Cheers,

David Greening
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 20 January 2009 :  09:21:32  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
Its an easy enough thing to do to write a mod to take advantage of either BotScouts API or StopForumSpam's API. It will require use of the XMLHTTP component to do the GET request though.

I'll have a go later and see what I come up with.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 20 January 2009 :  14:34:12  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
I've it nearly finished but I'm waiting on an API key before I can test it properly.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 20 January 2009 :  18:29:53  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
quote:
Originally posted by Podge

I've it nearly finished but I'm waiting on an API key before I can test it properly.

Ah, great. Please let me know if you don't receive the API key. We'd be glad to post your mod on the BotScout site in the downloads section when you have it done (or a link to it if you prefer).

I'm not sure about the XMLHTTP component (is that for IIS, perhaps?), but the sample code uses cURL which is included with most PHP installs these days. We had/have another person looking at doing one with fopen() but I'm not sure what the advantage(s), if any, would be.

We'd be interested in any ASP code that you get working- we don't have an ASP server available to us so we can't do any development on that platform.
<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 20 January 2009 :  19:17:53  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
I haven't gotten the API key yet. I used my username here (Podge) and a yahoo.com email address.

How many lookups do you get before you must register ?<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Edited by - Podge on 20 January 2009 19:18:27
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 20 January 2009 :  20:12:20  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
quote:
Originally posted by Podge

I haven't gotten the API key yet. I used my username here (Podge) and a yahoo.com email address.
I sent you a PM/email with the key.

quote:
Originally posted by Podge
How many lookups do you get before you must register ?
Right now I think it's 20, but we'll probably raise that depending on the load and demand.<
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 20 January 2009 :  20:27:52  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
Christ, it's been one of those days. I inadvertently deleted your API key (yes, I'm an idiot). If you would, please sign up once more. (sigh)<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 21 January 2009 :  07:12:29  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
Done.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 21 January 2009 :  08:16:20  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
Thank you. I also sent it to you manually in case the automated email doesn't show up for some reason.

Please let me know if you have any questions or if there's anything I can do to help.
<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 21 January 2009 :  11:21:15  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
Got it. At work at the moment so I'll have a look at it in a few hours when I get home.

At the moment its designed to stop registrations only. Should I include code that tests posts as well in case spammers register on a forum before the mod is applied ?

I'm also going to design an admin page so that features can be turned on and off.

Any other features people would like ?<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Edited by - Podge on 21 January 2009 11:26:58
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 21 January 2009 :  13:59:06  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
quote:
Originally posted by PodgeGot it. At work at the moment so I'll have a look at it in a few hours when I get home.

Super.

I have to say, the response from the Snitz, phpBB, FUDForum, and SMF communities has been very positive, with a lot of interest and people contributing code and ideas.

The PunBB community wasn't too excited, but they said it looked nice, while the nice folks at Phorum basically told me to piss off and accused me of attacking them, lol.

On another note, we're working hard on a very naughty "Bot Baffler" trapping service. :) People will be able to place a tiny snippet of code on their page (like in a footer file) and have it dynamically pull a bot-trapping form from our site. The form is completely dynamic- the fields change every time, including the field lengths and names. It's pure evil for bots to mess with and it'll be nearly impossible for a bot to "know" that it's a trap and avoid it. :)

This will allow people to contribute new bots to the BotScout database without having to do anything besides placing a small include() statement in their page. Mwuahahaha.<
Edited by - MrMike2000 on 21 January 2009 17:18:11
Go to Top of Page

AnonJr
Moderator

United States
5768 Posts
Posted - 21 January 2009 :  17:54:07  Show Profile  Visit AnonJr's Homepage  Reply with Quote
Well, I've got to admit that my initial reaction to your first post was "is this legit or is this spam?" That was largely due to your very first post sounding more like an ad than anything else. Add in the links and that you're not a "known member" - as in someone who's contributed/participated other things around here before - and it raised a few of my personal red flags. Just FYI.<
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 21 January 2009 :  18:10:59  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
I've used two different methods to parse the responses and need some volunteers to test the code.

First save the following text as inc_func_spam.asp
<%
'#################################################################################
'## Snitz Forums 2000 v3.4.06
'#################################################################################
'## Copyright (C) 2000-06 Michael Anderson, Pierre Gorissen,
'##                       Huw Reddick and Richard Kinser
'##
'## This program is free software; you can redistribute it and/or
'## modify it under the terms of the GNU General Public License
'## as published by the Free Software Foundation; either version 2
'## of the License, or (at your option) any later version.
'##
'## All copyright notices regarding Snitz Forums 2000
'## must remain intact in the scripts and in the outputted HTML
'## The "powered by" text/logo with a link back to
'## http://forum.snitz.com in the footer of the pages MUST
'## remain visible when the pages are viewed on the internet or intranet.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program; if not, write to the Free Software
'## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
'##
'## Support can be obtained from our support forums at:
'## http://forum.snitz.com
'##
'## Correspondence and Marketing Questions can be sent to:
'## manderson@snitz.com
'##
'#################################################################################

function botCheck(ipAddress, emailAddress, Username)
  botCheck = 0
  strBotScoutAPIKey = "whatever_your_key_is" ' register at botscout to get your key
  Dim objXMLHTTP, xml
  Dim apiKey
  Dim responseArray
  Dim ipResponse, usernameResponse, emailResponse

  Set xml = Server.CreateObject("Microsoft.XMLHTTP")
  ' Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP")

    xml.Open "GET", "http://botscout.com/test/?multi&name=" & Username & "&mail=" & emailAddress & "&ip=" & ipAddress & "&key=" & strBotScoutAPIKey, False
    xml.Send
    
    responseArray = Split(xml.responseText, "|")
    
    ipResponse = responseArray(3)
    usernameResponse = responseArray(5)  
    emailResponse = responseArray(7)
    
    botCheck = CLng(ipResponse) + CLng(usernameResponse) + CLng(emailResponse)

  Set xml = Nothing
end function

function stopForumSpamCheck(ipAddress, emailAddress, Username)
    stopForumSpamCheck = 0
    Dim xmlDoc
    Set xmlDoc = Server.CreateObject("Microsoft.XMLDOM")
    xmlDoc.async=false 
    xmlDoc.setProperty "ServerHTTPRequest", true
    
    xmlDoc.load("http://www.stopforumspam.com/api?ip=" & ipAddress & "&username=" & Username & "&email=" & emailAddress)
    if xmlDoc.parseError.errorcode <> 0 then
        'Response.Write("XML Error...<br>" & xmlDoc.parseError.reason)
    else
        set oNode = xmlDoc.documentElement.selectSingleNode("frequency")
            if not oNode is nothing then   
                ipResponse = cLng(oNode.text)   
            end if      
    end if
    
    set nodeCol = xmlDoc.documentElement.selectNodes("frequency")   

    for each oNode in nodeCol   
        stopForumSpamCheck = stopForumSpamCheck + CLng(oNode.text)
    next

  Set myXml = Nothing
end function
%>


You must register with BotScout to receive an api key. Change the following line in inc_func_spam.asp to include your api key
strBotScoutAPIKey = "whatever_your_key_is" ' register at botscout to get your key


register.asp

Around line 35 find
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<!--#INCLUDE FILE="inc_func_member.asp" -->
<!--#INCLUDE FILE="inc_func_posting.asp"-->
<!--#INCLUDE FILE="inc_profile.asp"-->
<%
replace with 
%>
<!--#INCLUDE FILE="config.asp"-->
<!--#INCLUDE FILE="inc_sha256.asp"-->
<!--#INCLUDE FILE="inc_header.asp" -->
<!--#INCLUDE FILE="inc_func_member.asp" -->
<!--#INCLUDE FILE="inc_func_posting.asp"-->
<!--#INCLUDE FILE="inc_profile.asp"-->
<!--#INCLUDE FILE="inc_func_spam.asp"-->
<%

Around line 408 find
			UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
			if UserIPAddress = "" then
				UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
			end if
replace with 
			UserIPAddress = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
			if UserIPAddress = "" then
				UserIPAddress = Request.ServerVariables("REMOTE_ADDR")
			end if
			
			Response.write botCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) & "<br />"
			Response.write stopForumSpamCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) & "<br />"
			
			if botCheck(UserIPAddress, Request.Form("Email"), Request.Form("Name")) > 3 then 
			    Err_Msg = Err_Msg & "<li>BotCheck: you have a spam score of:" & botCheck & "</li>"
			end if
			
			if stopForumSpam(UserIPAddress, Request.Form("Email"), Request.Form("Name")) > 3 then 
			    Err_Msg = Err_Msg & "<li>StopForumSpam: you have a spam score of:" & stopForumSpam & "</li>"
			end if
<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Edited by - Podge on 21 January 2009 18:19:21
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts
Posted - 21 January 2009 :  18:21:23  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message  Reply with Quote
MrMike2000, I've included code for both BotScount and StopForumSpam above. Once the code is tested and finished I'll package a zip file containing only the code you need.<
Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

MrMike2000
Starting Member

16 Posts
Posted - 21 January 2009 :  20:36:01  Show Profile  Visit MrMike2000's Homepage  Reply with Quote
quote:
Originally posted by AnonJr

Well, I've got to admit that my initial reaction to your first post was "is this legit or is this spam?" That was largely due to your very first post sounding more like an ad than anything else. Add in the links and that you're not a "known member" - as in someone who's contributed/participated other things around here before - and it raised a few of my personal red flags. Just FYI.
I understand. I didn't want to sound like a spammer, but I think anytime someone who's unknown (like me) pops up and starts promoting something, the alarm bells go off. My apologies for that.

For what it's worth, I've been running forums and building sites for quite a while, going on 10 years now. I've dealt with forum trolls and spammers for years but in the last year or so it's gone through the roof, so to speak. They're ruining the net for everyone and the worst part is, they're succeeding.

I remember when I didn't get spam, now I get over a 1,000 emails a day and all but 4 or 5 are spam. The days of running an open forum are long gone...allowing guests to post is risky and it's certain to be abused if you don't take measures in advance.

One of my forums is "open" for guests to post in and I've had to add code that prevents posting unless the user has 30 "real" posts to his or her name. And still they try, by s p a c i n g o u t the URLs, posting in unicode, etc etc. Now they post spam in their signatures and don't even post on the board.

BotScout is my contribution to helping try to keep a lid on things. It's my way of helping push their filthy little heads under the water and making their life miserable. If enough people implemented the Bot Buster code it would really cramp their style, and if people use the bot trapping service it'll hurt them even more.

<
Go to Top of Page
Page: of 4 Previous Topic Topic Next Topic  
Next Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.26 seconds. Powered By: Snitz Forums 2000 Version 3.4.07