Initial commit; registration check finished, working on being able to submit profile spammers from the Admin CP
2 files changed, 276 insertions(+), 0 deletions(-)

A => upload/admincp/checkspam.php
A => upload/includes/functions_checkspam.php
A => upload/admincp/checkspam.php +11 -0
@@ 0,0 1,11 @@ 
+<?php
+
+// CheckSpam v1.0 - Submit user to StopForumSpam
+
+require_once('./global.php');
+require_once(DIR . '/includes/adminfunctions.php');
+
+if (isset($_REQUEST['do']) && ($_REQUEST['do'] == 'cs-sfs-confirm'))
+{
+    print_confirmation('Are you sure?', 'checkspam.php', 'cs-sfs-submit');
+}
  No newline at end of file

          
A => upload/includes/functions_checkspam.php +265 -0
@@ 0,0 1,265 @@ 
+<?php
+
+// CheckSpam v1.0
+
+// NOTICE! This code does not support IPv6 at this time.
+
+$CS_logfile = '';
+$CS_log_timeout = '1 DAY';
+$CS_registration_timeout = 86400; // 1 day
+$CS_banned_country_codes = array('a1', 'cn');
+$CS_server_address = $_SERVER['SERVER_ADDR'];
+$CS_server_port = 80; // HTTP
+$CS_stopforumspam_timeout = 15552000; // 6 months
+$CS_banned_networks = array(
+    174 => 'Cogent Communications',
+    8100 => 'QuadraNet, Inc',
+    11029 => 'Border Technology, LLC',
+    12284 => 'Computer Solutions, Inc.',
+    12989 => 'Eweka Internet Services B.V.',
+    13739 => 'Datacenter IP, LLC',
+    15003 => 'Nobis Technology Group, LLC',
+    16276 => 'OVH SAS',
+    16509 => 'Amazon.com, Inc.',
+    18779 => 'EGIHosting',
+    18978 => 'Enzu Inc',
+    20360 => 'OppoBox',
+    20473 => 'Choopa, LLC',
+    20860 => 'Iomart',
+    21840 => 'Sago Networks',
+    26496 => 'GoDaddy.com, LLC',
+    29073 => 'Ecatel LTD',
+    29550 => 'Simply Transit Ltd',
+    30094 => 'Giganews, Inc.',
+    30475 => 'Handy Networks, LLC',
+    30693 => 'Eonix Corporation',
+    32748 => 'Steadfast Networks',
+    34989 => 'ServeTheWorld AS',
+    35017 => 'Swiftway Sp. z o.o.',
+    36351 => 'SoftLayer Technologies Inc.',
+    36352 => 'ColoCrossing',
+    39451 => 'Melbourne Server Hosting Ltd',
+    40676 => 'Psychz Networks',
+    42831 => 'UK Dedicated Servers Limited',
+    42910 => 'Hosting Internet Hizmetleri Sanayi ve Ticaret Anonim Sirketi',
+    46261 => 'QuickPacket, LLC',
+    46664 => 'VolumeDrive',
+    47447 => '23Media GmbH',
+    47869 => 'Netrouting',
+    48095 => 'XT GLOBAL NETWORKS LTD.',
+    49544 => 'i3d B.V.',
+    50896 => 'Trusov Ilya Igorevych',
+    51430 => 'AltusHost B.V.',
+    53755 => 'Input Output Flood LLC',
+    53889 => 'Micfo, LLC.',
+    54290 => 'Hostwinds LLC.',
+    54334 => 'Roya Hosting LLC',
+    54600 => 'PEG TECH INC',
+    54945 => 'RACK59 Partners, LLC',
+    55286 => 'B2 Net Solutions Inc.',
+    62217 => 'VooServers Ltd',
+    62904 => 'Eonix Corporation',
+    200557 => 'REGION40 LLC',
+    201789 => 'NETOPS LTD.',
+    393406 => 'Digital Ocean, Inc.'
+);
+
+/*
+
+CREATE TABLE `vb_checkspam` (
+  `date` datetime NOT NULL,
+  `ip` varchar(100) NOT NULL,
+  `email` varchar(250) NOT NULL,
+  `username` varchar(250) NOT NULL,
+  `message` varchar(250) NOT NULL,
+  `blocked` tinyint(1) NOT NULL DEFAULT '0'
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+ALTER TABLE `vb_checkspam`
+  ADD KEY `ip` (`ip`),
+  ADD KEY `email` (`email`);
+
+*/
+
+function CheckSpam()
+{
+    global $vbulletin;
+    
+    $ip = $vbulletin->session->vars['host'];
+    $name = $vbulletin->userinfo['username'];
+    $email = $vbulletin->GPC['email'];
+
+    CS_CheckLog($ip, $name, $email);
+    CS_LimitRegistration($ip, $name, $email);
+    CS_GeoIPLookup($ip, $name, $email);
+    CS_CheckDNSBL($ip, $name, $email);
+    CS_StopForumSpam($ip, $name, $email);
+    CS_BlockNetwork($ip, $name, $email);
+    
+    // Finally
+    CS_Log(false, 'Passed checks. Registration allowed.', $ip, $name, $email);
+}
+
+/**
+ * Logs filter result (also used for caching)
+ */
+function CS_Log($blocked = true, $message, $ip, $name, $email)
+{
+    global $vbulletin, $CS_logfile;
+    $sql = 'INSERT INTO '.TABLE_PREFIX.'checkspam (`date`, `ip`, `email`, `username`, `message`, `blocked`) VALUES (NOW(), '.
+            "'".$vbulletin->db->escape_string($ip)."', ".
+            "'".$vbulletin->db->escape_string($email)."', ".
+            "'".$vbulletin->db->escape_string($name)."', ".
+            "'".$vbulletin->db->escape_string($message)."', ".intval($blocked).')';
+    $result = $vbulletin->db->query($sql);    
+    if (!empty($CS_logfile))
+    {
+        $fp = fopen($CS_logfile, 'a');
+        fwrite($fp, $ip.' ['.date('Y-m-d H:i:s').'] "'.$email.'" "'.$name.'" "'.$message.'"'."\n");
+        fclose($fp);
+    }
+}
+
+/**
+ * Checks if IP and/or email address was already logged before.
+ */
+function CS_CheckLog($ip, $name, $email)
+{
+    global $vbulletin, $CS_log_timeout;
+    $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX."checkspam WHERE (ip = '".$vbulletin->db->escape_string($ip)."') AND (blocked = 1) AND  (`date` > NOW() - INTERVAL ".$CS_log_timeout.')';
+    $result = $vbulletin->db->query($sql);
+    $row = $vbulletin->db->fetch_array($result);
+    if ($row['total'] > 0)
+    {
+        CS_Log(true, 'Registration blocked: using same IP address as earlier attempt that was blocked', $ip, $name, $email);
+        standard_error(fetch_error('checkspam_checklog', $ip));
+    }
+    $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX."checkspam WHERE (email = '".$vbulletin->db->escape_string($email)."') AND (blocked = 1) AND  (`date` > NOW() - INTERVAL ".$CS_log_timeout.')';
+    $result = $vbulletin->db->query($sql);
+    $row = $vbulletin->db->fetch_array($result);
+    if ($row['total'] > 0)
+    {
+        CS_Log(true, 'Registration blocked: using same email address as earlier attempt that was blocked', $ip, $name, $email);
+        standard_error(fetch_error('checkspam_checklog', $ip));
+    }
+}
+
+/**
+ * Limits how often a user can be registered from the same IP address.
+ */
+function CS_LimitRegistration($ip, $name, $email)
+{
+    global $vbulletin, $CS_registration_timeout;
+    $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX.'user WHERE ipaddress="'.$ip.'" AND joindate > (UNIX_TIMESTAMP() - '.$CS_registration_timeout.')';
+    $result = $vbulletin->db->query($sql);
+    $row = $vbulletin->db->fetch_array($result);
+    if ($row['total'] > 0)
+    {
+        CS_Log(true, 'Registration blocked: account already registered by same IP address in timeout period', $ip, $name, $email);
+        standard_error(fetch_error('checkspam_limitregistration', $ip));
+    }
+}
+
+/**
+ * Performs GeoIP lookup and bans by country.
+ */
+function CS_GeoIPLookup($ip, $name, $email)
+{
+    global $CS_banned_country_codes;
+    $cc = strtolower(geoip_country_code_by_name($ip));
+    if (in_array($cc, $CS_banned_country_codes))
+    {
+        CS_Log(true, 'Registration blocked: banned country '.$cc, $ip, $name, $email);
+        standard_error(fetch_error('checkspam_banned_country', $ip));
+    }
+}
+
+function CS_ReverseIP($ip)
+{
+    $p = explode('.', $ip);
+    return $p[3].'.'.$p[2].'.'.$p[1].'.'.$p[0];
+}
+
+/**
+ * Checks several DNS blacklists.
+ */
+function CS_CheckDNSBL($ip, $name, $email)
+{
+    global $CS_server_address, $CS_server_port;
+    $dnsbl = array('.bl.blocklist.de',
+                   '.sbl-xbl.spamhaus.org',
+                   '.'.$CS_server_port.'.'.CS_ReverseIP($CS_server_address).'.ip-port.exitlist.torproject.org');
+    $reverse = CS_ReverseIP($ip);
+    foreach($dnsbl as $bl)
+    {
+        $result = dns_get_record($reverse.$bl, DNS_A);
+        if (is_array($result) && (count($result) > 0))
+        {
+            CS_Log(true, 'Registration blocked: '.$reverse.$bl.' match found', $ip, $name, $email);
+            standard_error(fetch_error('checkspam_dnsbl', $ip));
+        }
+    }
+}
+
+function CS_GetURL($url)
+{
+    $curl = curl_init();
+    curl_setopt($curl, CURLOPT_URL, $url);
+    curl_setopt($curl, CURLOPT_HEADER, 0);
+    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($curl, CURLOPT_TIMEOUT, 10);
+    $result = curl_exec($curl);
+    curl_close($curl);
+    return $result;
+}
+
+/**
+ * Checks StopForumSpam
+ */
+function CS_StopForumSpam($ip, $name, $email)
+{
+    global $CS_stopforumspam_timeout;
+    $url = 'http://api.stopforumspam.org/api?ip='.urlencode($ip).'&email='.urlencode($email).'&f=serial';
+    $result = CS_GetURL($url);
+    if ($result)
+    {
+        $data = unserialize($result);
+        if (isset($data['ip']['appears']) && boolval($data['ip']['appears']) && isset($data['ip']['lastseen']))
+        {
+            $lastseen = strtotime($data['ip']['lastseen']);
+            if (time() - $lastseen < $CS_stopforumspam_timeout)
+            {
+                CS_Log(true, 'Registration blocked: IP address listed in StopForumSpam (frequency: '.$data['ip']['frequency'].'; last seen '.$data['ip']['lastseen'].')', $ip, $name, $email);
+                standard_error(fetch_error('checkspam_stopforumspam', 'IP' , $ip));
+            }
+        }
+        // No point in having timeout on an email address hit, if found = always blocked
+        if (isset($data['email']['appears']) && boolval($data['email']['appears']))
+        {
+            CS_Log(true, 'Registration blocked: email address listed in StopForumSpam (frequency: '.$data['email']['frequency'].'; last seen '.$data['email']['lastseen'].')', $ip, $name, $email);
+            standard_error(fetch_error('checkspam_stopforumspam', 'email' , $email));
+        }
+    }
+}
+
+/**
+ * Blocks users based on the network (ASN) they are using.
+ *
+ * If a network belongs to a data-center/hosting provider, chances are user is either using a proxy or VPN, or is a bot.
+ */
+function CS_BlockNetwork($ip, $name, $email)
+{
+    global $CS_banned_networks;
+    $reverse = CS_ReverseIP($ip);
+    $result = dns_get_record($reverse.'.origin.asn.cymru.com', DNS_TXT);
+    if (is_array($result) && (count($result) > 0))
+    {
+        $p = preg_split('/[\s]+/', $result[0]['txt']);
+        $asn = intval($p[0]);
+        if (isset($CS_banned_networks[$asn]))
+        {
+            CS_Log(true, 'Registration blocked: IP address belongs to banned network "AS'.$asn.' '.$CS_banned_networks[$asn].'"', $ip, $name, $email);
+            standard_error(fetch_error('checkspam_banned_network', $ip));
+        }
+    }
+}
  No newline at end of file