Thread

I’ve just reached my 5,000th member… whoppee-do you might think but all is not rosy in my expression engine garden. At least a couple of thousand members are due to registration spam. The main modus operandi these days is to register a user with a load of spam links in the bio. The bio url is then posted to blogs, this gets around Akismet and other tools flagging the links as spam because the URL is to my blog.

I had been aware of this problem for some time but finally decided to do clean out the Augean Stables. I wrote a small script that went through the EE database and checked every member entry against a registration spam blacklist and then checked against Akismet. It then flipped the member to “pending” (banned would also be good). I then deleted all the pending members. Akismet generates quite a few false positives so you have to be careful.

I probably should review manually anyone who has posted to the site and then also check manually anyone who had posted a bio or url in the registration.

Anyway if you haven’t stopped registration spam with a Captcha this could be of interest.

...was the word “this” in last sentence supposed to be a link to something? Perhaps to that script or an article. 😊

EE definitely needs some upgrades and help to prevent false registrations.
There are some other threads here which give hints….one member posted a script which lists your registrations and shows their profile URLs along with a delete button. That is working out fairly well for me, but I do have to manually check and I have went to manual activation for forum members.

It would be neat for someone to write an extensive security module or for EE to include one. It would be really nice to be able to exclude IP’s from certain countries or regions automatically….or at least have them have to qualify differently. It would also be nice to have IP location lookups built in….lots of possible features could be thought of.

A lot of forums are country or region specific. For instance, it is very unlikely that folks from Bangladesh are honestly wanting to post about the wood stoves on our forum.

It is not just EE…it is happening all around…any member + bio system. Definitely on a rise the abuse of the profile fields. Alternative to comment spam I guess.

Bangladesh has some super wood stoves 😊

I require manual review/approval of all registrations to my local community website and ban about 2 for every 1 I approve.  I don’t allow non-members to view member profiles so don’t see any benefit for these registration spams, but that’s what most of them were before I began banning them.  I check about once a month for spammers I let slip through the cracks.  I’ll have to lood for that script…sounds useful for what I do.  I also block IP addresses for registrants from countries that have proven troublesome.  Until within the last year I seldom had this problem!

...was the word “this” in last sentence supposed to be a link to something? Perhaps to that script or an article. 😊

I was waiting to see if anyone was interested - as a lot of people are already using reCaptcha to stop registration spam before it happens. I will post a the relevant code later with some explainations.

It would be neat for someone to write an extensive security module or for EE to include one. It would be really nice to be able to exclude IP’s from certain countries or regions automatically….

Yes, even given proxies in “friendly countries” I think that could be a really important feature to add to the User Banning of EE.

I’ve written a Java based CMS (with rather different aims to EE) which does a geo lookup on posts and puts any posts from the top 10 spammer countries into quarantine. In fact my Java based CMS uses Spring so you just write an Aspect to implement any new features to the post/registration chain.

Here is the code (see attached), basically it is a quick and dirty approach to rid my database of registration spam.

I connect to the db and do a select on the exp_members table, note the 4000 row limit. I suggest starting with the first 10 rows. I’ve ordered by newest user first

$host = 'localhost';
$user = '';
$pass = '';
$schema = '';

$link = mysql_connect($host,$user,$pass);
if (!$link) {
 die('Could not connect: '.mysql_error());
}
@mysql_select_db($schema) or die("Unable to select database $dbauth[db]: ".mysql_error());

$result = mysql_query("SELECT member_id, group_id, username, ip_address, email, url, bio FROM exp_members order by member_id desc limit 4000");
if (!$result) {
 die("Could not run query ($query) from DB: ".mysql_error());
}

I loop over the results (see attached) then for the first test make a call to the stopforumspam.com website. There are many such services and the APIs are similar. I’m interested in the IP address and email address. I don’t check on member name. If the result (in XML) has a “yes” in it the user gets set to pending (banned might be better). You can then review and clean up via the usual EE interfaces. In the attached code there is also a call to the Akismet service to check bio details etc. However this throws up a lot more false positives and should only be used with caution. I would suggest not banning people who have made a post or comment on the website. Akismet will not get all the BIO spam so it is a bit of a mixed bag.kk

$ch = curl_init();
 $furl = "http://www.stopforumspam.com/api?ip=".$ip."&email;=".$email;
 curl_setopt($ch, CURLOPT_URL,$furl);
 curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
 $output = curl_exec($ch);
 curl_close($ch);

 if (preg_match("/yes/", $output)) {
   echo "A match was found. ";
   print $ip." ";
   print $email." ";
   print $username."\n";
   print $output;
   print "\n";
   $update = mysql_query("UPDATE exp_members set group_id = '4' where member_id='".$id."'");
   print ("set member $member_id to pending ".$update."\n");
 }