Code Authors

Newbie Joined: Aug 03, 2006 Posts: 7

Hi Guardian,

what is the best way to find out the domain of the spammer so I can add it to the ever growing list.
I used to get so many spam in my comments for article, I installed the spamlist module, but looks like the spammer domain is not blacklisted. I get so many Blocked abuse from 82.211.102.159 from sentinel, but only the IP shows up and the spammer keeps changing IP address everytime sentinel blocks the IP.
I install the caWho also, but sometimes the domain of the connected guest is not listed either, it shows up as unknown.

Posted: Thu Aug 03, 2006 8:47 pm

Unfortunately, nothing is ever foolproof but the next version will allow for blocking domains as well as keywords in the domain.

At some point I would like to 'hook' into the news comments etc so any comments posted are checked against the block list and any domains or keywords they tried to post inside the coments themselves, results in a block.

Likewise with account registration, there is no reason why theie email address or email domain cannot be checked against the list.

The only thing at the moment is to turn of news comments and make sure when you submit news that 'alow comments' is set to 'no' ( you may have to edit your existing posts to change that).

The next version will actually do a DNS back link check, if the 'visitor' has not come from a site thats reachable or has no referer they will get an automatic block.

I think VinDSL posted some test code on Ravens site for the reviews modul comments - it effectively removes any links from the comment, which is essential the next best thing if we cannot stop them making comments as if the links don't work, there spam efforts are in vain.
There is no reason why Vin's code could not be adapted for news comments, though I have not had a chance to look at it too deeply yet.

Posted: Thu Aug 03, 2006 8:54 pm

Oops, sorry I didn't even answer your question.
DNSStuff is useful for tracking IP's back, you can usually trace them back to a common source.

You say the IP keeps changing but is there anything common amongst them - for example, does Sentinel tell you they are al from the same country?

Newbie Joined: Aug 03, 2006 Posts: 7

I mean the IP is so random, you can't even tell, I see Latin America, Amsterdam etc...

I have install a MOD I found on nukecops that asks you to enter a security code before posting a comment, just like when you register. I have also installed a script called referrer karma in the News+comments module. Hopefully this will reduce it, I will let you know.

Posted: Thu Aug 03, 2006 9:13 pm

I have been meaning to check out that referer karma script for a while as it seems quite similar to what I'm actually using here at the moment as a means to build additional bad referers.
If you get chance, I'd love to know how you integrated it.

I'm using my script globally in the header.php so every visitors gets 'screened'.
I think the main difference between the one I'm using here is that all my incoming visitors are screen from three seperate lists, one at SpamCops, one at SpamHuas and I forget the other one before it even gets to my banned list.

Posted: Thu Aug 03, 2006 9:26 pm

Actually, a quick thought, you could turn OFF Sentinels 'allow proxies' as a temporary measure. It will block the likes of AOL users but it might be enough to get your spammer to reveal his true IP

Newbie Joined: Aug 03, 2006 Posts: 7

wow, no more spam since I installed karma referrer
I used to get about 36 mails per day from sentinel about Block Abuse from xx.xx.xx.xx scripts, but since I installed the script, I am getting any more mails.
I just followed the installation instruction from the author, then I added this to the index.php and comments.php files from the /News folder and index.php from the /Feedback folder

Code:

include_once ("/home/*********/public_html/referrer-karma.php"); check_referrer();

looks like it stopped it, I am crossing my fingers. I will test it further, I'll try to disable it again and see if the spamming start happening again.

Posted: Fri Aug 04, 2006 12:22 pm

You should be able to see where they are coming from in the karma admin page.

I have installed this this morning and think its great, I'm going to take some parts of the code and integrate into the Spamlist Module.
I see you can include different 'lists' too, so I need to find those and figure out how the list is constructed, whether it is pipe seperated, comma delimted etc and what fields it uses.
This might be really good!!

Newbie Joined: Aug 03, 2006 Posts: 7

I think this would be a great addition to your module, just the idea behind it. I havent received a single spam since I installed it

Posted: Wed Aug 09, 2006 3:48 am

I'm working on the integration now Smile

BTW You might want to remove the calling 'include' from index.php as that would onlu offer protection for that page. If they were to go to the forums or any of the modules, the file would not get loaded.

I am using the header.php to call the file as this gets loaded no matter where they are on the site.
If you use

Code:

require_once("path/referrer-karma.php");

this should also suppress any errors if it gets called more than once - for example if you called it in header.php and also in comments.php because it should have already be loaded in header.php when you are in the comments.php it wil simply ignore the extra call but if for some reason it isnt loaded, it will load it 'once'.

Posted: Thu Sep 14, 2006 8:58 pm

Just wanted to confirm that referer karma code has been included in the newly released Spam Stopper module v0.01 Beta

I'm working on some updates and a few minor bug fixes now for v0.02 Beta.
If you are using the module now, any feedback would be great!!

I have had quite a few downloads (over 30 in just a couple of days) but no one has bothered sending me any spam reports so it is hard to guage how beneficial the module is over a wide audience.