Welcome, Guest!!
follow us on... rss

Author Topic: Implementing into a form  (Read 11318 times)

n2rga

  • Newbie
  • *
  • Posts: 4
    • View Profile
Implementing into a form
« on: March 09, 2009, 12:58:11 AM »
I would like to use BotScout for my contact form.
on the contact form I use FormMail PHP script from Tectite.com
called by <form method="post" action=
I do get a few bots each day and have a anti spam device in use on the e-mail address but its very annoying to get the requests.

I  will be using the custom fields
   $XUSER = $_POST['user'];
   $XMAIL = $_POST['email'];

What I'm at a loss is how do I call the botscout.php file
Do I use
   ////////////////////////////////////////////////////
   // BotScout.com "BotBuster" check
   include('/path/to/your/forum/Sources/BotScout.php');
   ////////////////////////////////////////////////////

in my FormMail PHP script from Tectite.com or on the contact form and if so where do I put it?
If not how do I call botscout.php.

and after that is working I would like to get the fake form working to trap these B@st@rds
Thanks
Mitch

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Implementing into a form
« Reply #1 on: March 09, 2009, 04:22:14 AM »
Yes, the include statement should be placed in your form handler (in the FormMail PHP script). Put it after the the spot in the code where custom fields are grabbed so that those fields are populated when the BotBuster file is loaded.

The Fake Form system is still under text and not yet available.



What I'm at a loss is how do I call the botscout.php file
Do I use
   ////////////////////////////////////////////////////
   // BotScout.com "BotBuster" check
   include('/path/to/your/forum/Sources/BotScout.php');
   ////////////////////////////////////////////////////

in my FormMail PHP script from Tectite.com or on the contact form and if so where do I put it?
Please don't PM me for assistance- post your questions in the forum where others can see them.

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #2 on: December 19, 2009, 07:11:21 AM »
I realize this is an old post, but this is the only topic I found on what I need...

I implemented botscout in my formmail.php script as outlined here, and it doesn't seem to function

had a spammer get through with an IP that is flagged in your database.

any thoughts?


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Implementing into a form
« Reply #3 on: December 19, 2009, 07:30:17 AM »
I realize this is an old post, but this is the only topic I found on what I need...
I implemented botscout in my formmail.php script as outlined here, and it doesn't seem to function
had a spammer get through with an IP that is flagged in your database.

any thoughts?

Hard to say without more information.

  • Are you seeing any error messages?
  • Have you turned on the "email alert" function?
  • Are you perhaps exceeding a daily limit, either for an API Key or an IP address?
  • Most importantly, are you sure you're providing the BotScout code with the correct variables?

Post your code here, maybe we can spot something.

Please don't PM me for assistance- post your questions in the forum where others can see them.

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #4 on: December 19, 2009, 05:52:22 PM »
I have seen no error messages, when I submit submit something, it acts normal and takes me to the thank you page, and the email is sent.
Diag and alerts are both set to 1

I am using the latest formmail.php from tectite.com
I used the absolute path for the include,

Code: [Select]
include('/www/botbuster/BotScout.php');
my botscout script is a custom install,
Code: [Select]
/////////////////
2-19-2009: Changed default test type to 'MULTI' for speed
and efficiency.
/////////////////
*/


/////////////////////////////////////////////////////

////////////////////////
// init vars
$diag='';
$bs_data='';
$botdata='';
$apptype='';
$send_alerts='';
$toText='';
$fromText='';
$subjectText='';
$msgText='';
////////////////////////

/////////////////////////////////////////////////////
// CONFIGURATION START

// use diagnostic output? ('1' to use, '0' to suppress)
// NORMALLY set to '0'
$diag = '1';

// send email notices when a bot is stopped?
// use '1' to send, '0' to skip.
$send_alerts = '1';

// if sending alerts, send them to what email address?
$toText = "REMOVED FOR POSTING";

////////////////////////
// Use BotScout with what application?
// message board or application type...
// uncomment ONE (and ONLY ONE) of these!

// for SimpleMachines Forum
//$apptype='SMF';

// for VBulletin
//$apptype='VBULLETIN';

// for phpBB
//$apptype='PHPBB';

// for PunBB
//$apptype='PUNBB';

// for Invision power Board
//$apptype='INVIS';

// for FUDForum
//$apptype='FUDF';

// for Ikonboard
//$apptype='IKON';

// for Phorum
//$apptype='PHRM';

// for Snitz
//$apptype='SNITZ';

// for W-Agora
//$apptype='AGORA';


// for custom settings or unlisted board type
// see documentation for setting the 'CUSTOM' fields
$apptype='CUSTOM';


////////////////////////


// your optional API key (if you don't have one
// you can get one here: http://botscout.com/)
$APIKEY = 'XXXXXXXXXXXXXXXXXX';



// CONFIGURATION END
/////////////////////////////////////////////////////
// get the IP address
$XIP = $_SERVER['REMOTE_ADDR'];

if($apptype=='SMF'){

global $apptype, $XUSER, $XMAIL;

// SMF specific values for reg form
$XUSER = $_POST['user'];
$XMAIL = $_POST['email'];

}elseif($apptype='VBULLETIN'){

$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];

}elseif($apptype='PHPBB'){

$XUSER = $data['username'];
$XMAIL = $data['email'];

}elseif($apptype='PUNBB'){

$XUSER = $_POST['req_username'];
$XMAIL = $_POST['req_email1'];

}elseif($apptype='INVIS'){

$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];

}elseif($apptype='FUDF'){

$XMAIL = $this->email;
$XNAME = $this->login;

}elseif($apptype='IKON'){

$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];

}elseif($apptype='PHRM'){

$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];

}elseif($apptype='SNITZ'){

$XUSER = $_POST['username'];
$XMAIL = $_POST['Name'];

}elseif($apptype='AGORA'){

$XUSER = $userid;
$XMAIL = $useraddress;

}elseif($apptype='CUSTOM'){

// create your own custom form fields here
// see documentation for more information
$XUSER = $_POST['realname'];
$XMAIL = $_POST['email'];

}else{
// no '$apptype' set!
print 'Please set the Application Type in the Configuration section.';
}

////////////////////////

// make the url compliant with urlencode()
$XMAIL =urlencode($XMAIL);


// run the API query...the default is to check the email address. It's usually the most
// reliable indicator or bot 'signature' field, but you can change this to use the Ip or
// the username if you like. You could check all three if you wanted, but usually the
// email address alone is sufficient.


// testing for an email address and IP
$apiquery = "http://botscout.com/test/?multi&mail=$XMAIL&ip=$XIP";


////////////////////////
if($APIKEY != ''){$apiquery = "$apiquery&key=$APIKEY";}


if($diag=='1'){print "Test String: $apiquery <br>";}


////////////////////////
// Use cURL or file_get_contents()?
// Use file_get_contents() unless not available

if(function_exists('file_get_contents')){
// Use file_get_contents
$returned_data = file_get_contents($apiquery);
}else{
$ch = curl_init($apiquery);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$returned_data = curl_exec($ch);
curl_close($ch);
}

// diagnostic output
if($diag=='1'){print "RETURNED DATA: $returned_data <p>";}

// sanity check
if($diag=='1'){
if($returned_data==''){
print 'Error: No return data from API query.';
exit;
}else{
print "API Data: $returned_data <br>";
}
}

// take the returned value and parse it (standard API, not XML)
$botdata = explode('|', $returned_data);

// sample 'MULTI' return string (standard API, not XML)
// Y|MULTI|IP|4|MAIL|26|NAME|30

// $botdata[0] - 'Y' if found in database, 'N' if not found, '!' if an error occurred
// $botdata[1] - type of test (will be 'MAIL', 'IP', 'NAME', or 'MULTI')
// $botdata[2] - descriptor field for item (IP)
// $botdata[3] - how many times the IP was found in the database
// $botdata[4] - descriptor field for item (MAIL)
// $botdata[5] - how many times the EMAIL was found in the database
// $botdata[6] - descriptor field for item (NAME)
// $botdata[7] - how many times the NAME was found in the database


if(substr($returned_data, 0,1) == '!'){
// if the first character is an exclamation mark, an error has occurred  
print "Error: $returned_data";
exit;
}


// this example tests the email address and IP to see if either of them appear
// in the database at all. Either one is a fairly good indicator of bot identity.
if($botdata[3] > 0 || $botdata[5] > 0){
print $data;

if($diag=='1'){
print "Bot signature found.";
print "Type of test was: $botdata[1]";
print "The {$botdata[2]} was found {$botdata[3]} times, the {$botdata[4]} was found {$botdata[5]} times";
}

if($send_alerts=='1'){
// send an email about the bot?
$fromText = "BotBuster System";
$subjectText = "Bot Attempt Stopped";
$msgText = "A bot tried to register, but was stopped from doing so.\n\nBot Name: $XUSER\nBot Email: $XMAIL\nIP Address: $XIP";
mail($toText, $subjectText, $msgText, "To: $toText <$toText>\n" . "From: $fromText <$fromText>\n X-Mailer: PHP 4.x");
}


// your 'rejection' code would go here....
// for example, print a fake error message and exit the process.
$errnum = round(rand(1100, 25000));
print "Confabulation Error #$errnum, Halting.";
exit;

}
////////////////////////


?>



« Last Edit: December 21, 2009, 08:08:54 AM by Mike »

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #5 on: December 19, 2009, 05:59:31 PM »
I will add that I put the include in the formmail script at line 241, which seems to be the the last spot after form variables are grabbed.

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Implementing into a form
« Reply #6 on: December 21, 2009, 08:08:32 AM »
No, I said post your code. We already know what the BotScout code looks like.

Please post the code from the formmail.php file.
Please don't PM me for assistance- post your questions in the forum where others can see them.

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #7 on: December 24, 2009, 08:53:03 AM »
it doesn't appear to want to let me post the code, I wrap it in
Code: [Select]
tags and submit and I get a blank page.


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Implementing into a form
« Reply #8 on: December 26, 2009, 10:12:19 AM »
it doesn't appear to want to let me post the code, I wrap it in tags and submit and I get a blank page.

Then post it without the code tags.
Please don't PM me for assistance- post your questions in the forum where others can see them.

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #9 on: December 26, 2009, 07:13:34 PM »
I did... wrapped it in code tags and hit submit, I get a blank page and nothing happens.

possibly due to the size of the script?

you can get the script from tectite.com

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Implementing into a form
« Reply #10 on: December 26, 2009, 07:57:18 PM »
I said, "Then post it without the code tags."
Please don't PM me for assistance- post your questions in the forum where others can see them.

badfrog

  • Newbie
  • *
  • Posts: 6
    • View Profile
Re: Implementing into a form
« Reply #11 on: December 26, 2009, 08:02:28 PM »
sorry, brain isn't fully in gear tonight.

that doesn't work either.
the  script is 12593 lines of code..