TPU: Detect and Block Spam Registrations 1.6.6

[Xon]

That is baffling, this addon is fairly simple to get working. Especially as you run this on multiple sites!

@ProCom what addons do you have installed? (PM me if you would like). I've seen a couple of cases where some other addons do weird things.

 

[ProCom]

Ya, super puzzling, right!?!?

I've gone so extreme that I've pretty much disabled / uninstalled every other addon I have on the site. Right now, the only ones active are:

• TPU: Detect Spam Registrations 1.5.0
  
• Nodes As Tabs 1.2.2
• Unread Post Count 1.1.3

Those are all (I believe) pretty solid addons, so no idea why they would cause any problems... but hey, I'm happy to deactivate all those others too to test.

Today we had 5 other spammers register from Pakistan that should have been logged and blocked

Oh, there is one TINY thing that I see different from the site where TPU is running fine and the site where it isn't: The order of the addon options

Example:



Why on one site would the order of the options be different from the other? Both are version 1.5.0 and both are running on xF 1.4.5

 

[Xon]

After some further debugging this very likely appears to be the result of an old "disabled" Tapatalk installation which was allowing spam registrations to bypass the standard XenForo signup process and thus bypass this addon.

:edit: And additionally; the following line was in the config:

$config['enableListeners'] = false;

So, two problems.

 

[ProCom]

@Xon is my HERO!

A huge public THANK YOU to Xon for helping me to figure this out. I have no idea how or why enableListeners got turned off (I guess like that from when I purchased this site years ago), but I removed that line from my /library/config.php file and TPU is working PERFECTLY! You should see all the dirty spammers getting blocked!!!

I'm not sure how Xon was able to narrow it down to such an obscure problem and fix, but I'm thankful for his mad skills!!!

 

[jeffwidman]

Installed this the other day, and since then I've gotten several entries in the Spam Trigger log that are rather weird. They give the username followed by a dash and no further info.

When I click the item to get more details, it doesn't include any information about triggering a spam request. Just a url of the post and what they were trying to post. When I open the thread that they posted in, their post appears just fine in the public site.

Currently I've got it setup so that it says "minimum score required to moderate all posts" = 3 as well as "minimum score required to moderate user = 3"... could those be conflicting somehow?

I've also got the "Quick Reply for Guest" addon by Nobita installed, could this be conflicting?

It's rather weird, like to get it fixed so that the logs don't have useless info in them, and to make sure I'm not accidentally blocking posts from valid members.

 

[51463]

I don't want to block registrations. But instead I want to moderate registrations from a certain country.

For example I want to moderate all registrations from Russia ips. As soon as an ip from Russia registers I want want their account to be put in the moderation queue

Is it possible?

 

[Xon]

I don't want to block registrations. But instead I want to moderate registrations from a certain country.

For example I want to moderate all registrations from Russia ips. As soon as an ip from Russia registers I want want their account to be put in the moderation queue

Is it possible?

Assuming you have the latest version:

In "Visitor country" replace the standard "+1|RU" with:

moderate|RU
moderate|XX

Will do what you want.

The moderate|XX catches when it can't determine who the country is.

I have a private version which extends this functionality for the following sections:

• AS Name
• Email address
• Visitor hostname
• Open TCP port
• Username

I'm waiting for @W1zzard to accept the contibuted code which contains this functionality.

 

[51463]

ive never downloaded this add-on before. I just thought it wasn't capable of accomplishing that.

i will download and give it a try.

thank you sir!!

 

[XxUnkn0wnxX]

this needs to be fixed for IPV6 address:

ErrorException: geoip_country_code_by_name() [<a href='/phpmanual/function.geoip-country-code-by-name.html'>function.geoip-country-code-by-name.html</a>]: Host 2a02:8071:2c86:eb00:d9fb:277:86fe:122 not found - library/TPUDetectSpamReg/IPCountry.php:11
Generated By: Unknown Account, Yesterday at 11:05 PM
Stack Trace
#0 [internal function]: XenForo_Application::handlePhpError(8, 'geoip_country_c...', '/home/admin/p...', 11, Array)
#1 /home/admin/public_html/forums/library/TPUDetectSpamReg/IPCountry.php(11): geoip_country_code_by_name('2a02:8071:2c86:...')
#2 /home/admin/public_html/forums/library/TPUDetectSpamReg/IPCountry.php(38): TPUDetectSpamReg_IPCountry::getIPCountry('2a02:8071:2c86:...')
#3 [internal function]: TPUDetectSpamReg_IPCountry::getRegSpamScore(Array, Array, '1', '0', Object(TPUDetectSpamReg_ModelSpamPrevention))
#4 /home/admin/public_html/forums/library/XenForo/CodeEvent.php(90): call_user_func_array(Array, Array)
#5 /home/admin/public_html/forums/library/TPUDetectSpamReg/ModelSpamPrevention.php(67): XenForo_CodeEvent::fire('tpu_detect_spam...', Array)
#6 /home/admin/public_html/forums/library/XenForo/ControllerPublic/Register.php(1408): TPUDetectSpamReg_ModelSpamPrevention->allowRegistration(Array, Object(Zend_Controller_Request_Http))
#7 /home/admin/public_html/forums/library/XenForo/ControllerPublic/Register.php(401): XenForo_ControllerPublic_Register->_runSpamCheck(Object(LiveUpdate_DataWriter_User), Array)
#8 /home/admin/public_html/forums/library/Nobita/AccountDetection/XenForo/ControllerPublic/Register.php(11): XenForo_ControllerPublic_Register->actionRegister()
#9 /home/admin/public_html/forums/library/Tac/DeDos/ControllerPublic/Register.php(51): Nobita_AccountDetection_XenForo_ControllerPublic_Register->actionRegister()
#10 /home/admin/public_html/forums/library/XenForo/FrontController.php(347): Tac_DeDos_ControllerPublic_Register->actionRegister()
#11 /home/admin/public_html/forums/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#12 /home/admin/public_html/forums/index.php(13): XenForo_FrontController->run()
#13 {main}
Request State
array(3) {
  ["url"] => string(49) "http://portalcentric.net/forums/register/register"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(15) {
    ["username"] => string(0) ""
    ["ce50707283304e9a60a6d47b0cba0454"] => string(4) "Nils"
    ["0e559f6dae2b2fcd176dce5d7799bdac"] => string(0) ""
    ["3b59c91eadf578f950c490db8401a5e5"] => string(17) "arndt-nils@gmx.de"
    ["c0778f25578c9f200f7e8e8e7e0c1d0f"] => string(4) "male"
    ["dob_month"] => string(1) "3"
    ["dob_day"] => string(1) "5"
    ["dob_year"] => string(4) "1990"
    ["6aa687d0b9fe76b158304f405fafccec"] => array(1) {
      ["ztc4ztdjmzc4mdhmzmi0"] => string(0) ""
    }
    ["custom_fields_shown"] => array(1) {
      [0] => string(20) "ztc4ztdjmzc4mdhmzmi0"
    }
    ["c569a0ad78a430b83c55e563f5f7507e"] => string(16) "Europe/Amsterdam"
    ["g-recaptcha-response"] => string(441) "03AHJ_VuuXHuVtk66tKQe7QJYGwrYsFuZt-dTD3qY_NGRbdf62KBDiPtJSHragTmls_lzNfAvpy19w5QTfJEda4Xp_uWbq0odkin7AvpOER32w1C2spQUfDJKPB0CpwovDBXwj3MIwl92RMtrlkobyObL2u0HpGzH4w2dR2w9udgUnLEMajMjsW9HBn7ka4E7Fi512P_sYjlL9ninWkmxZummAdXY4eMLOX6faqOpzThzY7C_FwJClBxSrSJe91FwVlDLfR0ufrmvJdH3JuuyXPpIP4QlPVwuaOa3-er8WaiuOtS1qZvl50qGWizKacwcDu1oFk72d6YUSuvosJBATYUhUenmMSYsRvNLBmy5QBrc6blpOm4AMVqaby_kCIJ5nIA3tDM52eVz4rBn58QugFvAFZQthRt6uVJMcuXtXAlUSZXYYWihAAik"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "e78e7c37808ffb4bcb55a51fce134a59"
  }
}

 

[Xon]

@XxUnkn0wnxX, the php geoip extension doesn't support ipv6. But it should failover and user a different detection method.

 

[XxUnkn0wnxX]

well is their a way to add ipv6 support? i know geoip the new one supports it..
GeoIP2
but shame it aint free..
well is there a way to stop these annoying logs hoping up.. or atlas update the add one to ignore such errors..

 

[Xon]

well is their a way to add ipv6 support? i know geoip the new one supports it..
GeoIP2
but shame it aint free..
well is there a way to stop these annoying logs hoping up.. or atlas update the add one to ignore such errors..

You can unload the geoip module if nothing uses it; or edit the file "IPCountry.php" and comment out geoip_country_code_by_name so it uses the other methods.

 

[W1zzard]

this needs to be fixed for IPV6 address:

test build sent in private message

 

[rdn]

Most spammer now register thru facebook.
They are also check with this?
How about the default XenForo Spam option, will not conflict with this? or better disable it?

 

[rdn]

Since I installed this, I always got this error on admin log:

Mysqli statement execute error : Duplicate entry 'xxxxx' for key 'username'

Server Error Log

Error Info
Zend_Db_Statement_Mysqli_Exception: Mysqli statement execute error : Duplicate entry 'dxpro01' for key 'username' - library/Zend/Db/Statement/Mysqli.php:214
Generated By: Unknown Account, 11 minutes ago

Stack Trace
#0 /library/Zend/Db/Statement.php(297): Zend_Db_Statement_Mysqli->_execute(Array)
#1 /library/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)
#2 /library/Zend/Db/Adapter/Abstract.php(574): Zend_Db_Adapter_Abstract->query('INSERT INTO `xf...', Array)
#3 /library/XenForo/DataWriter.php(1624): Zend_Db_Adapter_Abstract->insert('xf_user', Array)
#4 /library/XenForo/DataWriter.php(1613): XenForo_DataWriter->_insert()
#5 /library/XenForo/DataWriter.php(1405): XenForo_DataWriter->_save()
#6 /library/XenForo/ControllerPublic/Register.php(416): XenForo_DataWriter->save()
#7 /library/Andy/NewUserConversation/ControllerPublic/Register.php(16): XenForo_ControllerPublic_Register->actionRegister()
#8 /library/XenForo/FrontController.php(347): Andy_NewUserConversation_ControllerPublic_Register->actionRegister()
#9 /library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#10 /index.php(13): XenForo_FrontController->run()
#11 {main}

Request State
array(3) {
  ["url"] => string(41) "/register/register"
  ["_GET"] => array(1) {
    ["/register/register"] => string(0) ""
  }
  ["_POST"] => array(14) {
    ["username"] => string(0) ""
    ["c188f1a6fdf841e36ecc4fe755996844"] => string(7) "dxpro01"
    ["c3cc2da83161f1ba6277a21ed73aedcf"] => string(0) ""
    ["f6061cfa50c6da8d78137d915479c380"] => string(17) "dxpro01@yahoo.com"
    ["password"] => string(8) "********"
    ["362bebdd2a022164b60604c0ac7cacf4"] => string(0) ""
    ["05a83d19e529d6a855316423ad86254e"] => string(4) "male"
    ["dob_month"] => string(1) "2"
    ["dob_day"] => string(2) "19"
    ["dob_year"] => string(4) "2000"
    ["2a7b7f205994de6285277acb0e2442d5"] => string(14) "Asia/Hong_Kong"
    ["agree"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["reg_key"] => string(32) "dddeda5e743319c3553e89f71c4c2b16"
  }
}

Though @AndyB 's addon is included on the log..

 

[The Grand Potentate]

@W1zzard Is there a way to manually bypass the filter for a new user? I've manually assigned them to the appropriate user groups that I've set up but I cannot for the life of me seem to get around the spam requirements of 3 posts to be able to post links.

 

[W1zzard]

@W1zzard Is there a way to manually bypass the filter for a new user? I've manually assigned them to the appropriate user groups that I've set up but I cannot for the life of me seem to get around the spam requirements of 3 posts to be able to post links.

Look in Admincp -> Users -> User Permission -> pick the user -> set "TPU: Detect Spam Reg - Moderate all posts" to "not set"

 

[W1zzard]

W1zzard updated TPU: Detect and Block Spam Registrations with a new update entry:

Update 1.6.0

• Fixed more IPV6 errors
• Options reject/moderate/moderateposts are now available for all checks, thanks Xon
  
• Added option to submit registration data to cloud service (no password, email anonymized), which could be used for improved spam checks in the future. Just collecting data for now to see if it's a viable project

Read the rest of this update entry...

 

[W1zzard]

W1zzard updated TPU: Detect and Block Spam Registrations with a new update entry:

1.6.1 - now really including all changes

I forgot to include some code in 1.6.0, which is included in this version.

The changes from 1.6.0 were:

• Fixed more IPV6 errors
• Options reject/moderate/moderateposts are now available for all checks, thanks Xon
• Added option to submit registration data to cloud service (no password, email anonymized), which could be used for improved spam checks in the future. Just collecting data for now to see if it's a viable project

Read the rest of this update entry...

 

[The Grand Potentate]

Look in Admincp -> Users -> User Permission -> pick the user -> set "TPU: Detect Spam Reg - Moderate all posts" to "not set"

Already set. Still its blocking links for this new user.