Symphony.

A new extension, "Stop Forum Spam" is now available for download. Comments and feedback can be left here but if you discover any issues, please post it on the Github issue tracker.

Don’t be put off by the name of this extension, it isn’t just for furums! It will work for any user registration or comment system

Stop Forum Spam

This event filter will check any user registration, or blog/forum comment with the Stop Forum Spam service to see if it has been registered as a spammer.

The filter will perform an ip address check, and check the posted fields for a username and email (neither field are required). If neither fields are available, the filter will return dependent on the ip address only. The more data provided, the more chance of catching spammers! Note that if one of the three checks fails, the whole event fails. All three are displayed so you can reference which one failed if you wish.

The filter doesn’t expect you to provide hidden fields specifically for this service, and will use your standard username and email inputs. If you want to set the names of the fields, they are hardcoded at the top of the extension (this will be updated to provide translations correctly in an update). The IP is generated by the extension for you.

Any ideas to make this better? Let me know!

Very useful. I’m going to test this one out! Thanks

This has been made in an attempt to help Craig and the Symphony team battle spam registrations on this forum.

Any help or advice to strengthen and better this plugin is happily requested.

This is awesome, John, thanks. Will go ahead and test soon.

@designermonkey - very nice!!

The development and desired results.

The intention was (during my whole day of development) that I would produce three $context['messages'], one per check, although I found this to not work, as when one of the messages returned true, the event passed and saved data (even if others returned false).

This is obviously undesirable if one of the checks fails. Also when I was trying this method, a random filter was returned of ‘version’ which I have no idea where it came from.

As you can tell, I’m quite new to this, and would like to know if it is even possible to return more filter results from one filter?

The future…

There’s so much more I want to do with this, like adding the possibility of logging possible spam, as the Askimet service does in Wordpress, so that site authors can allow or disallow when checking the list, but as this would depend on very specifically laid out sections, and my poor development skills to date, this is probably a pipe dream.

I have already commenced development of integrating the API to submit spammers to Stop Form Spam, it should be along soon ;o)

When I try this extension, I get a 400 Bad Request error back as XML response from stopforumspam.com.

I tried going direct to the URL, and it shows the correct XML, but as soon as CURL tries it, I get the error.

Any ideas about what might be going wrong?

Ah, found it!

Turns out CURL needs it's URL url-encoded. I suggest you change line 122 from

if($value) $urloptions .= '&' . $key . '=' . $value;

to:

if($value) $urloptions .= '&' . urlencode($key) . '=' . urlencode($value);

you log it on Github for me? Cheers.

Hi,

I adjusted/improved your extension a bit:

• configuration is now in an external config.php-file
• I added 2 additional methods of spam detection: the hidden-field method, where there can be sent a hidden field to the server, and the 3-second-rule, where there needs to be a delay of at least 3 seconds between loading the page with the form and submitting the event. Both of these extra methods are optional.

I just sent you a pull request on GitHub

This extension has been moved to the Symphonists organisation on Github: https://github.com/symphonists/stopforumspam

Please update your repo paths to here.

Hi guys,

(this might be slightly off-topic since it also concerns the ETF extension and Symphony entry creation in general, but I thought it relevant as a follow-up to Kanduvisla's additions to this extension)

I am about to install this extension since I am still getting spam entries in the db. I am using Email Template Filter and implemented the canofspam extension and a simple custom honeypot-method. I have modified my (ETF) event to fail (does not continue to __trigger()) when the honeypot field == "".

The crazy thing is that the spam entries are not logged by ETF (and no mail is sent I believe) but the Symphony entries are created. So somehow the Symphony entry creation triggers before (ETF) event validation(?)

The IP addresses of the spammers are clear from the logs and they appear in the http://www.stopforumspam.com DB so this extension by @designermonkey will probably catch them all right.

But: will this also prevent the entries to be created or will I run into the same issues as I currently have?

Also: is this extension compatible with ETF?

Le Bump? ;)

Just an update: I have added the stopforumspam extension so now run: canofspam, stopforumspam with the honeypot addition...

While I do not receive (much) spam by e-mail, spam still comes through the Symphony event and gets stored as entries (I use ETF). Positive messages come through and get emailed so it is not a huge issue but I am a bit annoyed spam is still being processed and entries are stored in Symphony.

Any thoughts on my previous questions re: Symphony (ETF) event handling and entry creation?

You're never going to fully eradicate spam, especially if they're already spamming your site.

This is more a question for the ETF extension, or generally about Event execution order, which can be set via a constant, I believe.

@John. I did not expect never to get spammed again. What I am surprised about is the fact that "[…] spam is still being processed and entries are stored in Symphony."

I guess you are right and this is an ETF- or general Event Execution discussion. However: when I attach an event filter I assume(d) this would prevent (filter) certain events from executing. In other words: is it not logical to assume that the entry-creating logic only triggers when event filters have not prevented this from happening?

Yes, that's correct. The EventPreSaveFilter delegate (which Stop Forum Spam uses), can abort the Event execution if the extensions adds a message to the $messages array.

A message is an array with up to four values ($name, $status, $message, $attributes). If the $status is false, execution should halt.

Now from a quick look over the code for SFS looks like it's using this delegate correctly. The ETF hooks onto the EventFinalSaveFilter delegate, which doesn't get fired if EventPreSaveFilter aborts.

So I guess one thing we can check is that these lines are correctly returning true/false.

Hi @brendo and thanks for answering my question.

Basically I need to run this check for $messages on a live site for a while, to pick up spam messages and see how they get handled :/

This is exactly why I believe there's a need for better logging functionality.

Anyway, thanks a lot.

Without deviating too much into ETF territory in the wrong thread.. It's not possible to store failures with ETF because if things are working as they should, ETF will never be called if a filter fails.

If you look at the TOOLKIT/events/event.section.php file, you'll see that it's meant to return a good 200 lines before EventFinalSaveFilter even gets called ;)