# HG changeset patch # User Gerard Krijgsman # Date 1450019549 -3600 # Sun Dec 13 16:12:29 2015 +0100 # Node ID bb11e405a95522aeaec31e8435f47f9fc5aa1c19 # Parent 0000000000000000000000000000000000000000 Initial commit; registration check finished, working on being able to submit profile spammers from the Admin CP diff --git a/upload/admincp/checkspam.php b/upload/admincp/checkspam.php new file mode 100644 --- /dev/null +++ b/upload/admincp/checkspam.php @@ -0,0 +1,11 @@ + 'Cogent Communications', + 8100 => 'QuadraNet, Inc', + 11029 => 'Border Technology, LLC', + 12284 => 'Computer Solutions, Inc.', + 12989 => 'Eweka Internet Services B.V.', + 13739 => 'Datacenter IP, LLC', + 15003 => 'Nobis Technology Group, LLC', + 16276 => 'OVH SAS', + 16509 => 'Amazon.com, Inc.', + 18779 => 'EGIHosting', + 18978 => 'Enzu Inc', + 20360 => 'OppoBox', + 20473 => 'Choopa, LLC', + 20860 => 'Iomart', + 21840 => 'Sago Networks', + 26496 => 'GoDaddy.com, LLC', + 29073 => 'Ecatel LTD', + 29550 => 'Simply Transit Ltd', + 30094 => 'Giganews, Inc.', + 30475 => 'Handy Networks, LLC', + 30693 => 'Eonix Corporation', + 32748 => 'Steadfast Networks', + 34989 => 'ServeTheWorld AS', + 35017 => 'Swiftway Sp. z o.o.', + 36351 => 'SoftLayer Technologies Inc.', + 36352 => 'ColoCrossing', + 39451 => 'Melbourne Server Hosting Ltd', + 40676 => 'Psychz Networks', + 42831 => 'UK Dedicated Servers Limited', + 42910 => 'Hosting Internet Hizmetleri Sanayi ve Ticaret Anonim Sirketi', + 46261 => 'QuickPacket, LLC', + 46664 => 'VolumeDrive', + 47447 => '23Media GmbH', + 47869 => 'Netrouting', + 48095 => 'XT GLOBAL NETWORKS LTD.', + 49544 => 'i3d B.V.', + 50896 => 'Trusov Ilya Igorevych', + 51430 => 'AltusHost B.V.', + 53755 => 'Input Output Flood LLC', + 53889 => 'Micfo, LLC.', + 54290 => 'Hostwinds LLC.', + 54334 => 'Roya Hosting LLC', + 54600 => 'PEG TECH INC', + 54945 => 'RACK59 Partners, LLC', + 55286 => 'B2 Net Solutions Inc.', + 62217 => 'VooServers Ltd', + 62904 => 'Eonix Corporation', + 200557 => 'REGION40 LLC', + 201789 => 'NETOPS LTD.', + 393406 => 'Digital Ocean, Inc.' +); + +/* + +CREATE TABLE `vb_checkspam` ( + `date` datetime NOT NULL, + `ip` varchar(100) NOT NULL, + `email` varchar(250) NOT NULL, + `username` varchar(250) NOT NULL, + `message` varchar(250) NOT NULL, + `blocked` tinyint(1) NOT NULL DEFAULT '0' +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +ALTER TABLE `vb_checkspam` + ADD KEY `ip` (`ip`), + ADD KEY `email` (`email`); + +*/ + +function CheckSpam() +{ + global $vbulletin; + + $ip = $vbulletin->session->vars['host']; + $name = $vbulletin->userinfo['username']; + $email = $vbulletin->GPC['email']; + + CS_CheckLog($ip, $name, $email); + CS_LimitRegistration($ip, $name, $email); + CS_GeoIPLookup($ip, $name, $email); + CS_CheckDNSBL($ip, $name, $email); + CS_StopForumSpam($ip, $name, $email); + CS_BlockNetwork($ip, $name, $email); + + // Finally + CS_Log(false, 'Passed checks. Registration allowed.', $ip, $name, $email); +} + +/** + * Logs filter result (also used for caching) + */ +function CS_Log($blocked = true, $message, $ip, $name, $email) +{ + global $vbulletin, $CS_logfile; + $sql = 'INSERT INTO '.TABLE_PREFIX.'checkspam (`date`, `ip`, `email`, `username`, `message`, `blocked`) VALUES (NOW(), '. + "'".$vbulletin->db->escape_string($ip)."', ". + "'".$vbulletin->db->escape_string($email)."', ". + "'".$vbulletin->db->escape_string($name)."', ". + "'".$vbulletin->db->escape_string($message)."', ".intval($blocked).')'; + $result = $vbulletin->db->query($sql); + if (!empty($CS_logfile)) + { + $fp = fopen($CS_logfile, 'a'); + fwrite($fp, $ip.' ['.date('Y-m-d H:i:s').'] "'.$email.'" "'.$name.'" "'.$message.'"'."\n"); + fclose($fp); + } +} + +/** + * Checks if IP and/or email address was already logged before. + */ +function CS_CheckLog($ip, $name, $email) +{ + global $vbulletin, $CS_log_timeout; + $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX."checkspam WHERE (ip = '".$vbulletin->db->escape_string($ip)."') AND (blocked = 1) AND (`date` > NOW() - INTERVAL ".$CS_log_timeout.')'; + $result = $vbulletin->db->query($sql); + $row = $vbulletin->db->fetch_array($result); + if ($row['total'] > 0) + { + CS_Log(true, 'Registration blocked: using same IP address as earlier attempt that was blocked', $ip, $name, $email); + standard_error(fetch_error('checkspam_checklog', $ip)); + } + $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX."checkspam WHERE (email = '".$vbulletin->db->escape_string($email)."') AND (blocked = 1) AND (`date` > NOW() - INTERVAL ".$CS_log_timeout.')'; + $result = $vbulletin->db->query($sql); + $row = $vbulletin->db->fetch_array($result); + if ($row['total'] > 0) + { + CS_Log(true, 'Registration blocked: using same email address as earlier attempt that was blocked', $ip, $name, $email); + standard_error(fetch_error('checkspam_checklog', $ip)); + } +} + +/** + * Limits how often a user can be registered from the same IP address. + */ +function CS_LimitRegistration($ip, $name, $email) +{ + global $vbulletin, $CS_registration_timeout; + $sql = 'SELECT COUNT(*) AS total FROM '.TABLE_PREFIX.'user WHERE ipaddress="'.$ip.'" AND joindate > (UNIX_TIMESTAMP() - '.$CS_registration_timeout.')'; + $result = $vbulletin->db->query($sql); + $row = $vbulletin->db->fetch_array($result); + if ($row['total'] > 0) + { + CS_Log(true, 'Registration blocked: account already registered by same IP address in timeout period', $ip, $name, $email); + standard_error(fetch_error('checkspam_limitregistration', $ip)); + } +} + +/** + * Performs GeoIP lookup and bans by country. + */ +function CS_GeoIPLookup($ip, $name, $email) +{ + global $CS_banned_country_codes; + $cc = strtolower(geoip_country_code_by_name($ip)); + if (in_array($cc, $CS_banned_country_codes)) + { + CS_Log(true, 'Registration blocked: banned country '.$cc, $ip, $name, $email); + standard_error(fetch_error('checkspam_banned_country', $ip)); + } +} + +function CS_ReverseIP($ip) +{ + $p = explode('.', $ip); + return $p[3].'.'.$p[2].'.'.$p[1].'.'.$p[0]; +} + +/** + * Checks several DNS blacklists. + */ +function CS_CheckDNSBL($ip, $name, $email) +{ + global $CS_server_address, $CS_server_port; + $dnsbl = array('.bl.blocklist.de', + '.sbl-xbl.spamhaus.org', + '.'.$CS_server_port.'.'.CS_ReverseIP($CS_server_address).'.ip-port.exitlist.torproject.org'); + $reverse = CS_ReverseIP($ip); + foreach($dnsbl as $bl) + { + $result = dns_get_record($reverse.$bl, DNS_A); + if (is_array($result) && (count($result) > 0)) + { + CS_Log(true, 'Registration blocked: '.$reverse.$bl.' match found', $ip, $name, $email); + standard_error(fetch_error('checkspam_dnsbl', $ip)); + } + } +} + +function CS_GetURL($url) +{ + $curl = curl_init(); + curl_setopt($curl, CURLOPT_URL, $url); + curl_setopt($curl, CURLOPT_HEADER, 0); + curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($curl, CURLOPT_TIMEOUT, 10); + $result = curl_exec($curl); + curl_close($curl); + return $result; +} + +/** + * Checks StopForumSpam + */ +function CS_StopForumSpam($ip, $name, $email) +{ + global $CS_stopforumspam_timeout; + $url = 'http://api.stopforumspam.org/api?ip='.urlencode($ip).'&email='.urlencode($email).'&f=serial'; + $result = CS_GetURL($url); + if ($result) + { + $data = unserialize($result); + if (isset($data['ip']['appears']) && boolval($data['ip']['appears']) && isset($data['ip']['lastseen'])) + { + $lastseen = strtotime($data['ip']['lastseen']); + if (time() - $lastseen < $CS_stopforumspam_timeout) + { + CS_Log(true, 'Registration blocked: IP address listed in StopForumSpam (frequency: '.$data['ip']['frequency'].'; last seen '.$data['ip']['lastseen'].')', $ip, $name, $email); + standard_error(fetch_error('checkspam_stopforumspam', 'IP' , $ip)); + } + } + // No point in having timeout on an email address hit, if found = always blocked + if (isset($data['email']['appears']) && boolval($data['email']['appears'])) + { + CS_Log(true, 'Registration blocked: email address listed in StopForumSpam (frequency: '.$data['email']['frequency'].'; last seen '.$data['email']['lastseen'].')', $ip, $name, $email); + standard_error(fetch_error('checkspam_stopforumspam', 'email' , $email)); + } + } +} + +/** + * Blocks users based on the network (ASN) they are using. + * + * If a network belongs to a data-center/hosting provider, chances are user is either using a proxy or VPN, or is a bot. + */ +function CS_BlockNetwork($ip, $name, $email) +{ + global $CS_banned_networks; + $reverse = CS_ReverseIP($ip); + $result = dns_get_record($reverse.'.origin.asn.cymru.com', DNS_TXT); + if (is_array($result) && (count($result) > 0)) + { + $p = preg_split('/[\s]+/', $result[0]['txt']); + $asn = intval($p[0]); + if (isset($CS_banned_networks[$asn])) + { + CS_Log(true, 'Registration blocked: IP address belongs to banned network "AS'.$asn.' '.$CS_banned_networks[$asn].'"', $ip, $name, $email); + standard_error(fetch_error('checkspam_banned_network', $ip)); + } + } +} \ No newline at end of file