MyBB Community Forums

MyBBoard should use this ^^

My aim is to eventually have spam blocking stats tracked and displayed in the stat section and also have the ability to add spam members to the stop forum spam database but that will probably be a little while off.

I built my own MyBB plugin for StopForumSpam last year. If you are going to maintain this plugin, I have a few suggestions (that I use and found very effective)

1. Add a setting for minimum matches for each filter type. Since SFS API will return the number of entries for each item queried, you can reduce false positives by only rejecting registrations from say IPs that have been reported 3 or more times. I let the admin specify the min required for each filter type
   
2. Add AND/OR option, though I think that is what your last setting may be??
   
3. Add the ability to automatically add a user to the SFS database during the banning process via Admin > Users > Banning. I have four check boxes I added to that page. Registration IP, Last Known IP, Username, and Email
   
4. SFS is getting very busy and seeing a lot of server load. If the site using your plugin meets abuse criteria via API overuse, then they will be denied access and your plugin will fail. I built my plugin with a Cache First Then API option. What happens is that the entire SFS database gets downloaded and manually installed on the site's database. This can take a very long time and often means multiple phpMyAdmin imports (sinec SFS only allows CVS export). After that, a MyBB task downloads the previous days SFS updates (since you can specify dates during the search) and appends those to the cache on the users system. The plugin will search the cache first and if the criteria for denial is met, then the registration is banned and the SFS site is not hit. If the criteria is not met, then it will hit the SFS site via the API.
   
5. Do not send admin emails and track the denials. I do not send the admin notes. My plugin has a 'catch' table that will dump the denied registration info with which rule tripped. "EMAIL", "IP", "USERNAME" plus the value of that rule that was entered and the date attempted. What is also captured is the number of attempts a specific rule and value have been attempted (via update query with attempts=attempts+1, and if that has no affects rows, then do an insert query)
   

My cache table has nearly 350,000 records with IP, username and email of reported spammers. Many are repeated, so I filter and count on each field independently.

My catch table has 1,450 records, but 5,800 total attempts that have been blocked since I started tracking with my new MyBB install (I converted my 1+ million post forum to MyBB in Oct 2009)

I have had to ban a dozen or so spammers since I started using it, and those spammers were not listed at all in the SFS database, so it was not an issue of not meeting the denial criteria.

Wow, this is cool...I'm really going to be using this. My current forum I have to go to the website look and then reject..this will make life easier.

http://www.stopforumspam.com/apis Wrote:API queries against my server are currently limited to 5000 per day.

What happens if the limit is reached? Then spammers will not be blocked through the plugin on this day...

EDIT:

http://www.stopforumspam.com/apis Wrote:Your use of this data [...] is non-commercial

So you are not allowed to use this plugin for any commercial site!

@querschlaeger I assume you will be denied service however all three queries are passed via one request to try and reduce the queries per day. Remember though, a query is only made when someone tries to register, 5000 registrations per day is a lot. About the commercial thing, I think your misinterpreting what they mean (or maybe I am), I think they are saying that the service they are providing is non-commercial, therefore service and support is not guaranteed. In my next version though I'll have to put something to handle cases where the 5000 query limit is reached, maybe I'll make them all awaiting activation in this case.

@pavemen

Point 1: Thats a good idea, I'll add that in the future.

Point 2: Yes thats what that last option is, I didn't explain it very well I suppose.

Point 3: As I said in a previous post I do plan on adding something like this, possibly in a version 2. It wont happen automatically with bans as banned people are not always spammers but I will probably have a separate button on the postbit for spammers that bans them and adds them to the stopforumspam database.

Point 4: Having a complete cache of all 600,000 database entries is a bit to much for a simple plugin thats going to be used on small sites with a small moderation team most of the time. What I might do though is do as you said and have a table to track denials but then use this as a cache as well so a cache will be built as the site grows. Currently though it makes all queries through one URL request which means it would take a true 5000 registrations before you would be denied though which is a lot.

Point 5: Mine currently does not send any emails though it doesn't keep any logs either. Logs are certainly something I will implement soon.

Thanks for the advice

Nice work with this TimB. It will come in handy a lot especially with the wave of spammers hitting forums all over recently.

Regarding point 3, two lines of code added to the banning.php module (yes it requires a core edit) will let you add check boxes to the user ban page and then your plugin can process the SFS ban if you had checked the boxes. The admin_ban_commit hook (i think that is it) can be used to check if the admin checked the SFS boxes and then process accordingly.

i agree that the cache version is a lot of effort for most sites, but a busy site can benefit from it, especially if there are connectivity issues with the SFS site or you do reach that limit and get a 403.

I had posted my plugin to the mods page months ago, but it was never looked at so it was not approved and i removed it and kept it to myself. glad to see someone else tackling a public version.

Is there any information about how stopforumspam.com treats the data it receives?
Everyone not in the database is possibly a valid e-mail adress and could be used or sold in spam lists...

Nice plugin! Installed it to my forum. Hope it prevents spammer to spam my forum.