[TAC] Any Spam API

[TAC] Any Spam API 1.0.9

No permission to download
Overview Updates (9) Reviews (5) History Discussion
I still think this is one of the most impressive anti-spam addons

Sure the core has sfs and such, but this can work with any API you can imagine on registration
Not just the ones that are configured by default, you can configure it with any new APIs looking at anything you like (username/emails/ips)
I use it with foolbothoneypot, this is a bit overkill (it's good to demonstrate other mechanism are working as the should):

upload_2017-2-13_12-12-21.webp
 
Since Update nobody can register anymore:
ErrorException: Undefined variable: fieldMap - library/Tac/AnyApi/ControllerPublic/Register.php:50

Do you have an Idea? Need to disable the Addon until fixed...
 
what version of xenforo are you using, and are you using is with the other tac products or on it's own?
 
okay, I'll test it as a stand alone and see what that is (no, it should work fine as a stand alone, I haven't tested it like that in a while though, I always use it as part of the TAC pack)

_ will fix within the hour if I can reproduce it
 
ondsen said:
you mean uninstalling any api and simple installing your spam collection?
Click to expand...

Okay, fixed.

Don't know how I didnt see that, I've been using it without an issue
I think the other tac plugins override register, so it may have only been a bug if used as the stand alone, anyway fixed now

You can use it as a standalone, it's fine
 
thanks for the quick fix :)
this is still the best security addon yet. never got a spam message anymore on the page. without captcha!
 
Well, I would say AnyAPI is useful for adding rare APIs you want that xenforo doesn't use (totally any api, even ones that I'm not aware of)

It's also very customisation, for instance, the core checks stopforumspam usernames (which I find crazy), you can customise AnyApi to not do that (which I believe is the default setup)

But API's never catch 100% of bots, and they never will. A lot of botters use clean IP address, and don't do their spam work until they reach a registration threshold, so they avoid API detection

FBHP is really the best thing for stopping 100% of bots
StopHumanSpan does the rest

both of these are available in the free pack:
https://xenforo.com/community/resou...-spam-collection-anti-spam-free-version.1474/
 
It's still a pretty damn good addon, being able to use any api period, for registration

.. so you can do email look ups for disposable emails
.. you can look up fraud ips/emails
.. you can look up spam ips/emails

etc, the limit is only your imagination and how you want to use anyApi
 
actually, are there any APIS that people want added to the default list, it currently has these as defaults
  • Stop Forum Spam
  • FSpamlist
  • Bot Scout
  • Spam Busted << dead, will remove
  • Project Honey Pot Http:BL
  • Block Disposable Email
You can customise it to add any api you want and define the logic the way you want, but I guess it's easier for people if I add default set ups (so they just have to tick a box to activate it)

Theres a bunch here https://www.programmableweb.com/category/spam/api
Any of these wanted by people?
 
Last edited:
I've personaly just added some very simple API logic to check against a tor API for my forums

- No need for an update, you can manually add this logic your self (you can add any api by your self, the defaults are there to help you)

API Name: Tor Setgetgo
API URL: http://www.setgetgo.com/istorexitnode/get.php?ip={$ip}
Returned Data Type: JSON
Rule1: {$response} contains 'true' = true
Prevent Registration If: (Rule1)

upload_2017-3-25_22-48-38.webp
 
It would be very useful to be able to Search IPs in the log. Sometimes we get support tickets with only an IP to go on.

I encountered this bug: if FBH blocks the registration then a search for the account in anyAPI will still say that FBH has allowed registration. It doesn't seem to register all FBH log entries.

What I am really missing here is an automatic ban of IP ranges.
Spammers can just keep registering new accounts on the same IP ranges previously blocked.
I have just manually checked the IPs of users in the spam cleaner and there are loads of spammer accounts found this way.

Please add rules for IP ranges, so that ranges found repeatedly in the various blacklists and in the spam cleaner log are blocked from registering and suspect accounts already registered are reported.

We are still getting hammered with spam. 2 to 7 spam runs per day. Every day.
 
Last edited:
Suggestion:
If a host is used by spammers more than 1 time then automatically add the host to the bad hosts list for a month.
If a host is used by spammers more than 3 times then automatically add the host to the bad hosts list permanently.
 
Well, permanent is never a great idea, IP alone is not a good way of detecting people

IP addresses get renewed, not to mention people on the same network sharing the IP address. I own a (less well known but extremely effective) API, I would never keep an IP address more than a couple of days, I'm not a fan of IP address targeting, it's the next big method to go (after no-captcha recaptcha has completely died).... to tell you the truth, API's have already been significantly impacted with the latest bots

They now get register and remain hidden/inactive on your site for a while
The bots then keep registering on other sites
... they remain unknown by all the APIs

once they have reached a threshold, they start doing their automation work, the API's don't get a chance to track them down

Thus API's becomes less and less effective


Although, your point about IP ranges it valid, it would be usefull to include something related to ranges, botters will sometimes (not always, and maybe not that often) buy blocks of IP addresses
 
Last edited:
You must log in or register to reply here.
Top Bottom