botscout for comments / replies

[dgswislon]

I have botscout on SMF forum. Works great. I recently turned off registration to allow guest comments. I do the same (no members) on wp/blogs. Less server energy, less emails (bot denied) and so on.

Recently I've noticed a new breed of spam. Spam that gets passed Askismet on wordpress that I had to read before I was sure it was spam. Like a canned comment looking for a matching blog post to reply to. There are also bots who've noticed that "guest reply" works on forum now.

It started me wondering, I have the botscout inserted at (or around) the register line in SMF code. Why not trigger API with reply, comment, (login) or whatever. I'd play around with this but I don't write PHP (passed echo Hello World) so I thought I'd see if anyone has experimented with this.

Wouldn't it just be "If you're here, then botscout?" Thanks, Doug

[MysteryFCM]

You certainly can restrict it, to only check on certain actions, but bear in mind, it won't do the full check on things like comments/replies, as email addresses aren't available (less so with guest comments).

If you're only wanting to do this with guests, then for example, for posting, open source/Post.php

Find;

Code: [Select]

// Are you... a guest?
if ($user_info['is_guest'])
{
$_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
$_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);

$_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']);
$context['name'] = $_REQUEST['guestname'];
$_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
$context['email'] = $_REQUEST['email'];

$user_info['name'] = $_REQUEST['guestname'];
}
Replace with;

Code: [Select]

// Are you... a guest?
if ($user_info['is_guest'])
{
$_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
$_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);

$_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']);
$context['name'] = $_REQUEST['guestname'];
$_REQUEST['email'] = htmlspecialchars($_REQUEST['email']);
$context['email'] = $_REQUEST['email'];

$user_info['name'] = $_REQUEST['guestname'];

////////////////////////////////////////////////////
// BotScout.com "BotBuster" check
include('./Sources/BotScout.php');
////////////////////////////////////////////////////
}

IMPORTANT: ALWAYS backup files before editing them

[dgswislon]

Thanks, Looking at SMF/sources/post.php mine is a little different - containing a few more lines. Thought I'd post the code here and see what you say before inserting botscout, This is the code from //are you a guest down to the next //commented statement:

Code: [Select]

// Are you... a guest?
if ($user_info['is_guest'])
{
$_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']);
$_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']);

// Validate the name and email.
if (!isset($_REQUEST['guestname']) || trim(strtr($_REQUEST['guestname'], '_', ' ')) == '')
$context['post_error']['no_name'] = true;
elseif ($func['strlen']($_REQUEST['guestname']) > 25)
$context['post_error']['long_name'] = true;
else
{
require_once($sourcedir . '/Subs-Members.php');
if (isReservedName(htmlspecialchars($_REQUEST['guestname']), 0, true, false))
{

$context['post_error']['bad_name'] = true;
}
}

if (empty($modSettings['guest_post_no_email']))
{
if (!isset($_REQUEST['email']) || $_REQUEST['email'] == '')
$context['post_error']['no_email'] = true;
elseif (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', stripslashes($_REQUEST['email'])) == 0)
$context['post_error']['bad_email'] = true;
}
}
Or maybe I'm on the wrong line# - ?

[MysteryFCM]

In the case of yours, pop the code AFTER;

Code: [Select]

if (empty($modSettings['guest_post_no_email']))
{
if (!isset($_REQUEST['email']) || $_REQUEST['email'] == '')
$context['post_error']['no_email'] = true;
elseif (preg_match('~^[0-9A-Za-z=_+\-/][0-9A-Za-z=_\'+\-/\.]*@[\w\-]+(\.[\w\-]+)*(\.[\w]{2,6})$~', stripslashes($_REQUEST['email'])) == 0)
$context['post_error']['bad_email'] = true;
}
Which version of SMF are you using?

[dgswislon]

Okay, thanks, I'll test tomorrow morning.

vs 1.1.16

[MysteryFCM]

Ah, the code I posted was for the latest SMF version. Should still work for that version too.

[dgswislon]

It's the same. I really appreciate it. I'll let you know how it goes

I just checked version:

Version Information:
Forum version: SMF 1.1.16
Current SMF version: SMF 1.1.16

I think I'm using the latest

[MysteryFCM]

No problem at all.

The latest is actually 2.0.2

http://download.simplemachines.org

This forum will be getting upgraded to it when Mike (owns BotScout) gets back.

[dgswislon]

No errors so far ....

Aren't there two SMF - I don't know the term - Cores? Versions?

When I installed from server software installer I installed smf 1.0

I know about 2,0 and even installed it on domain just to look at.

I get notices for security updates, upgrades etc. with 1.0. No ones ever said, "Okay, we're only doing 2.0 now so you need to switch". What do you suggest? Why?

[MysteryFCM]

We switched recently from 1.x to the latest 2.x over at MDL due primarily to 2.x improvements over 1.x;

http://www.simplemachines.org/community/index.php?topic=163438.0

However, as far as I know, whilst 1.x is still supported as far as updates, it is also nearing being discontinued (which is why it only appears in the "Download previous releases" on the SMF download page)

[dgswislon]

(still no errors - or spam posts)

After I replied last I downloaded and installed 2.0 just to have it done. I'll slowly migrate database and styles. I wonder why they didn't just merge into it instead of building a whole new system. Like wordpress going from 1.0 to 3.4+. Oh well, I'll get it moved over.

Speaking of wordpress, ever used botscout on it? ( wp/comment-post.php ? )

[MysteryFCM]

Thousands of people use Botscout on wordpress, both directly via the BotScout mod, and via the SBST;

http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtool

http://forum.hosts-file.net/viewtopic.php?f=69&t=1594

I use the SBST on WordPress (SBST also plugs into BotScout, amongst others), on the fSpamlist blog ( http://blog.fspamlist.com/ ).

The following is a modified version of the BotScout General Use PHP Code (v1.4), that includes support for WordPress.

http://temp.it-mate.co.uk/BotScout1.4.zip

To install it, place the botscout.php file included in the zip, in the WordPress root directory, then;

Open wp_comments-post.php

Find: (approx line #39)

Code: [Select]

$comment_author       = trim(strip_tags($_POST['author']));
$comment_author_email = trim($_POST['email']);
$comment_author_url   = trim($_POST['url']);
$comment_content      = trim($_POST['comment']);
ADD AFTER;

Code: [Select]

////////////////////////////////////////////////////
// BotScout.com "BotBuster" check
include('./BotScout.php');
////////////////////////////////////////////////////
If placing the BotScout.php file in another folder (e.g. {ROOT}/BotScout/BotScout.php, modify the path in the include() statement accordingly (e.g. include('./BotScout/BotScout.php');).

[MysteryFCM]

Just an FYI, I've updated the code in BotScout.php (inclusive of the WP support mentioned above, it also improves the $apptype selection code), and published a post on how to install it;

http://botscout.com/forum/index.php?topic=161.msg867#msg867

[dgswislon]

Got SMF 2.0 up and running, you're gonna like it.

Has better post and register moderation. Like answer this question and admin approval options

I'll grab all this insert here stuff and save it. Appreciate everything

[MysteryFCM]

No problem at all