More Spam Prevention for PunBB

Since my last post I’ve now started filtering for “.com” in the message field on some forums I run (its an easy addition to the code I posted last time). However I’ve noticed that a few bots/people were typing these into the Name (if you have guests enabled) and Subject fields. Even though PunBB won’t render that as a link, it still could promote someone’s spammy site. So I wrote some more hacks to prevent this from happening.

This assumes you added some variables to lang/English/post.php but I’ll post the code again. Feel Free to skip this part if you already did it.

Open up \lang\English\post.php and after

'Edit redirect' => 'Post updated. Redirecting . . .'

Add a comma at the end of that line and then add

'New Member spam protection' => 'New Members can not post links, images or email addresses until they become more active.',
'Guest spam protection' => 'Guests can not post links, images or email addresses.'

Ok, now for the new stuff… We are going to filter out the subject for guests and members that have less than 6 posts

Now open up post.php (the one at the root of your forums) and after this line

else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD)
$subject = ucwords(strtolower($subject));

add the following:

if (($pun_user['is_guest']) || ($pun_user['num_posts'] <= 5))
{
$temp_subject = strtolower($subject);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_subject, 'http://') !== false) || (strpos($temp_subject, 'https://') !== false) || (strpos($temp_subject, 'www.') !== false) || (strpos($temp_subject, '@') !== false) || (strpos($temp_subject, '.com') !== false))
{
if ($pun_user['is_guest'])
$errors[] = $lang_post['Guest spam protection'];
else if ($pun_user['num_posts'] <= 5)
$errors[] = $lang_post['New Member spam protection'];
else
$errors[] = $lang_post['Post errors'];//this message already exists
}
}

Now we need to prevent guests from using a spam-ilicious name, so again in post.php look for:

if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
$errors[] = $lang_prof_reg['Username BBCode'];

Now after that add:

$temp_username = strtolower($username);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_username, 'http://') !== false) || (strpos($temp_username, 'https://') !== false) || (strpos($temp_username, 'www.') !== false) || (strpos($temp_username, '@') !== false) || (strpos($temp_username, '.com') !== false))
$errors[] = $lang_post['Guest spam protection'];

Now we need to protect edit.php from spam-otrocious subjects by members with less than 6 posts (guests can’t edit pages so no need to worry about them). So look for:


else if ($pun_config['p_subject_all_caps'] == '0' && strtoupper($subject) == $subject && $pun_user['g_id'] > PUN_MOD)
$subject = ucwords(strtolower($subject));

And add this afterwards

if ($pun_user['num_posts'] < = 5)
{
$temp_subject = strtolower($subject);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_subject, 'http://') !== false) || (strpos($temp_subject, 'https://') !== false) || (strpos($temp_subject, 'www.') !== false) || (strpos($temp_subject, '@') !== false) || (strpos($temp_subject, '.com') !== false))
{
if ($pun_user['num_posts'] <= 5)
$errors[] = $lang_post['New Member spam protection'];
else
$errors[] = $lang_post['Post errors'];//this message already exists
}
}

The war on spam continues. 🙂 So far my hacks have been made it so I get no spam, even with allowing guests to post. 8) I’ve noticed in my logs that they are trying though, some of my top ranked pages are register.php and post.php. 😀

However if you are using any kind of these hacks, you will notice that you will get tons of registrations still. I recommend you set the option to require validation.

When enabled, users are e-mailed a random password when they register. They can then log in and change the password in their profile if they see fit. This feature also requires users to verify new e-mail addresses if they choose to change from the one they registered with. This is an effective way of avoiding registration abuse and making sure that all users have “correct” e-mail addresses in their profiles.

The best way to deal with too many registered users from bots is to use one of the following Captcha plugins/hacks for PunBB.

Tags: , ,

Leave a Comment

Comments are reviewed before publishing to prevent spam.