So here I present two very simple modifications to punBB that have helped to stem the spambot tide. The first is integrating the captcha service provided by recaptcha into the punBB registration form. To use this service, you will need to register. You will also need to insert your recaptcha public and private keys into the mod code provided below.
The second method employs the spambot blacklist at http://www.stopforumspam.com/. It will check the email and ip address of any newly registered forum user, denying them registration if they are found to be on the blacklist.
Finally, I recommend turning on punBB's email validation feature.
While extremely simple, these measures seem to have reduced the number of spambot registrations on our forum quite substantially.
The mod code is below. As I have ranted about previously, the university's hosting server only has php4, so some parts of the code are a little kludgy (php4 lacks decent exception handling). Note also, that the code has only been tested on punBB 1.2.16, though it should work fine on any other version in the 1.2 series.
Instructions
- Register an account with recaptcha, and then register your site's domain. Take note of your private and public keys
- Download recaptchalib.php, and upload it to the root directory of your punBB forum.
- Open the punBB file "register.php". Locate (around line 80) the lines
else if (isset($_POST['form_sent']))
{
After, add the following code, remembering to insert your recaptcha private key where required:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28//Validate CAPTCHA entry
require_once('recaptchalib.php');
$privatekey = "INSERT YOUR RECAPTCHA PRIVATE KEY HERE";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
message ("You have failed the human test. Please re-enter the CAPTCHA. Unless you are a bot. If that is the case, then bugger off!" .
"(reCAPTCHA said: " . $resp->error . ")");
} //end validate CAPTCHA entry
//check the users ip and email against the www.stopforumspam.com database. This code is really awkward, since it has to run on php4.
//check ip
$xml_string = file_get_contents('http://www.stopforumspam.com/api?ip='.get_remote_address());
if ($xml_string){ //make sure we degrade gracefully if stopforumspam.com is offline
if (strpos($xml_string, "<appears>yes</appears>")) //phps string handling is terrible, and normally we can't write code like this. This is ok, since if a match occurs, it will never be at the zeroeth character - the response from stopforumspam always begins with <response success="true">
message("You are trying to register from an ip address that has been used by a spambot. If you are a legitimate (human) user, please email us, so we can sort out your registration. If you are a spambot, then kindly die in a hole.");
}
//check email address
$email = strtolower(trim($_POST['req_email1']));
$xml_string = file_get_contents('http://www.stopforumspam.com/api?email='.$email);
if ($xml_string){ //make sure we degrade gracefully if stopforumspam.com is offline
if (strpos($xml_string, "<appears>yes</appears>")) //phps string handling is terrible, and normally we can't write code like this. This is ok, since if a match occurs, it will never be at the zeroeth character - the response from stopforumspam always begins with <response success="true">
message("Your email address seems to belong to a spammer. Please die in a hole. Thank you for your co-operation.");
} - Scroll down to about line 310, and find the following lines:
1
2
3
4
5
6
7
8
9
10
11
12<div class="inform">
<fieldset>
<legend><?php echo ($pun_config['o_regs_verify'] == '1') ? $lang_prof_reg['E-mail legend 2'] : $lang_prof_reg['E-mail legend'] ?></legend>
<div class="infldset">
<?php if ($pun_config['o_regs_verify'] == '1'): ?> <p><?php echo $lang_register['E-mail info'] ?></p>
<?php endif; ?> <label><strong><?php echo $lang_common['E-mail'] ?></strong><br />
<input type="text" name="req_email1" size="50" maxlength="50" /><br /></label>
<?php if ($pun_config['o_regs_verify'] == '1'): ?> <label><strong><?php echo $lang_register['Confirm e-mail'] ?></strong><br />
<input type="text" name="req_email2" size="50" maxlength="50" /><br /></label>
<?php endif; ?> </div>
</fieldset>
</div>.
After, add the following code, remembering to substitute in your own recaptcha public key where required:1
2
3
4
5
6
7
8
9
10
11
12
13
14<div class="inform">
<fieldset>
<legend>Human Test (CAPTCHA)</legend>
<div class="infldset">
This is to ensure you are not a horrible spambot. Please complete the CAPTCHA below
<?php
//display reCAPTCHA
require_once('recaptchalib.php');
$publickey = "INSERT YOUR RECAPTCHA PUBLIC KEY HERE";
echo recaptcha_get_html($publickey);
?>
</div>
</fieldset>
</div> - Save the modified version of register.php, and upload it to your hosting server
No comments:
Post a Comment