HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Ban strings from post titles

In battling spam I've added the stop forum spam add on, although it doesn't seem to register anything as spam - or at least if it does it's not showing up in the flagged content, change log, spam queue or moderation queue sections of the dashboard.

I've banned a lot of email domains from registration e.g. *@ovi.com but I get the most spam from @yahoo.com addresses and I can't really ban those from registering.

about 75% of the spam posts are titled 'I am the new one', 'I am the new girl', or 'I am the new guy' so I'm hoping to find a method of auto banning users who attempt to post a thread titled 'I am the new*' where * is a wildcard.

My activity page is also solely spam, as even the spam users who don't post have added some kind of comment or profile aspect formatted like so…
Also visit my webpage http://www.myspammysite.com/

So another feature I'm looking for would be preventing whatever action it is they're performing there or at least preventing URLs from being posted in that space.

Comments

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited March 2015

    @FabulousPanda

    For applicants, you can block specific phrases, addresses etc. using this plugin:

    http://vanillaforums.org/addon/registrationrestrictlogger-plugin

  • FabulousPandaFabulousPanda London New
    edited March 2015

    @whu606 is that not just for preventing people signing up? Would it work for preventing registered users from posting threads with specific phrases in their titles?

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP
    edited March 2015

    No, it is just for registrations.

    How are obvious spammers becoming registered users, and how are they still able to post?

    You could use phpMyAdmin or a similar tool to do a SQL search to find and delete users who have used that phrase on joining, or in posts.

  • I delete the users pretty quickly after signing up it's 1-10 fake users a day so unless that was on a regular cron job (and I'm not sure that's possible with my host who lacks ssh access) not sure it's a possibility

    I don't understand why obvious spammers would have a problem signing up and posting? Even mail confirmation doesn't help… Every user listed here is a spambot:
    http://fabulouspanda.co.uk/forum/activity

    Watching google analytics they're either using adblock or more likely using some kind of script for this.

    As I said they have mostly yahoo.com emails, though the names looks slightly inhuman I'm not sure what would have prevented them signing up. I also still have no idea what these website posts they're making (on the activity page) are unless it's just a result of filling in their profile… The only thing I notice is that they tend to have only 1 visit, and get a different register IP from their Last IP

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    I guess it depends on how you want to manage things.

    I use the Registration Restrict plugin alongside this: http://vanillaforums.org/addon/addregistrationquestion-plugin

    I use a forum specific question, which any genuine applicant would know, but which is not likely to be guessed by a bot.

    I have my registration set to Approval.

    I used to get loads of 'I'm the new...' type applicants.

    I don't get any spam bot applicants coming through for approval now. None.

    FabulousPanda
  • Thanks for the tip, I've added the question plugin with a relevant question, hopefully that'll be the end of it :)

  • JasonBarnabeJasonBarnabe Cynical Salamander ✭✭

    I have this in a custom plug-in:

        public function SpamModel_CheckSpam_Handler($Sender) {
            if ($Sender->EventArguments['RecordType'] != 'Discussion') {
                return;
            }
    
            if (preg_match('/[0-9]{10}/', $Sender->EventArguments['Data']['Name'])) {
                $Sender->EventArguments['IsSpam'] = true;
            }
        }
    

    This marks as spam any thread with 10 consecutive digits in the title (I had a spammer who was posting threads with phone numbers). If you're a little technical, you should be able to modify to suit your needs.

    BleistivtFabulousPanda
  • So to implement your solution I would change the preg_match to suit my purpose, and insert it in place of the commented line below? This is in the stopforumspam plugin:

       public function Base_CheckSpam_Handler($Sender, $Args) {
          // Your addition here
          if ($Sender->EventArguments['IsSpam'])
             return;
    
  • JasonBarnabeJasonBarnabe Cynical Salamander ✭✭

    I had this in my own, custom plugin, not as part of stopforumspam. It may work like that, but it's not how I use it.

  • Very handy, thank you! The registration restrict plugin seems to have done the trick, formerly I would have had a dozen spambots register but since implementing that I've only had legit user registration :)

    If I find myself experiencing problems with reoccurring thread title substrings I'll come back here and implement your code as it's own plugin, and maybe add a settings pane for entering strings to ban… Have you released this as an add on? Wouldn't feel right releasing a modified version without your permission but to be fair I haven't looked in to how much work it would take yet.

    R_J
  • JasonBarnabeJasonBarnabe Cynical Salamander ✭✭

    You (and anyone else) is free to use that snippet as you see fit, including releasing it as your own add-on. This was a one-time problem so I didn't expand it enough to be worth being its own add-on, but if you want to take that ball and run with it, that'd be great!

    R_J
Sign In or Register to comment.