Spam prevention

r4nchy

We need a system where we can even ban the proxy IP addresses, I don't want to waste a single time moderating the discussions that are coming from proxy servers/ips. Do we have that in place ?

because the spammers may use proxy servers to do this shenanigan

luceos

r4nchy I have considered setting up something similar to stopforumspam but dedicated for Flarum. If this is happening it won't be this year though, too many other things going on.

r4nchy

luceos good to hear that it is being though of 🙂

Lurker

luceos We've fine tuned spam prevention to reduce the necessary effort with moderation. I will do my best to improve the extension based on our experiences here on discuss and our experiences on our managed hosting.

Thank you for offering this to the public. Well done! 👍🏼

Does this extension use the same database from stopforumspam? If yes, that’s great! If not, I was wondering if I should install that extension along with this to make the fight against spam even better. My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

luceos

Lurker Does this extension use the same database from stopforumspam? If yes, that’s great! If not, I was wondering if I should install that extension along with this to make the fight against spam even better. My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

This extension can work with sfs, if it is installed it will use that extension to delete users with subjects of discussions containing spam. This extension doesn't independently use the sfs database or its api.

m4v3rick

Lurker My only concern is the incompatibility issue reported between stopforumspam and spamblock (see here).

Both together are still not working for me. Same error as described.

Lurker

luceos fof/spamblock - optional, when enabled immediately deletes users that open discussions with spam subjects

So it works with both FoF/Spamblock and FoF/Stopforumspam. Wonderful!

For the extend.php section, let’s say I already have contents inside the return [ ];, do I create another return line or can I just add this (new Spam\Filter) to the list?

Example:

return [
    (existing contents)
          // other info
    (new Spam\Filter)
          // use domain name
          ->allowLinksFromDomain
];

Thanks for the help!

clarkwinkelmann

Lurker that's correct, you add it inside the existing []. Two return wouldn't work. Don't forget to put commas between each extender since this is a PHP array.

luceos

Lurker So it works with both FoF/Spamblock and FoF/Stopforumspam. Wonderful!

No. My explanation was not good enough. This extension interacts with Spamblock if its installed and Spamblock interacts with SFS if its installed.

CyberGene

Apologies if this has already been asked (or maybe it was me asking it, I can't find it... 🧐) but since I got my first spammer, I realized it's a bit awkward to delete the spam message first and then I have to open the just deleted discussion and go to the user profile separately and flag him as spammer. Is it possible to have a button that does that directly from the flagged post/discussion where with a single click the user is suspended and all his posts/discussion deleted?

Maybe it's a proposal for the Spamblock extension, but is it possible to fully delete the posts/discussions, not soft-delete them. The same for the user: is it possible that the user is not just suspended but also fully removed from the DB? Do you think it makes sense to fully delete the user or a suspension is better, like maybe if he is suspended it will make him more difficult to have to register a new user compared to re-registering the same user if he was fully deleted?

CyberGene

@luceos I'm not sure why that is but I got a newly registered user (luckily not a spammer) managing to bypass the spam prevention although he posted a link to Facebook which I'm not allowing. However I'm allowing links to YouTube and his posts contained two other links to YouTube. I tried a scenario to reproduce it (one Facebook link and one YouTube link) but couldn't. However if I test with the exact same post he had, I can reproduce it, so here's his post:

They've already mentioned Yuja and Khatia (who I'd nominate for the most *Khurvaceous Bach-*side). Here are three more candidates: Connie Han Jazz pianist ; Riyoko Takagi Autumn Leaves ; Donka Angatscheva : Classical trio . PS- No bunnies were harmed during the production of Riyoko's performance.

Here's the raw content of that paragraph above:

They've already mentioned Yuja and Khatia (who I'd nominate for the most \*Khurvaceous Bach-\*side). Here are three more candidates: Connie Han [Jazz pianist](https://www.facebook.com/conniehanjazz/videos/738541330863782) ; Riyoko Takagi [Autumn Leaves](https://www.youtube.com/watch?v=shD0270uII0) ; Donka Angatscheva : [Classical trio](https://www.youtube.com/watch?v=1fXDFp3qx7k) . PS- No bunnies were harmed during the production of Riyoko's performance.

And here's what I have in the extend.php:

return [
    (new Spam\Filter)
        ->allowLinksFromDomain('youtube.com')
        ->allowLinksFromDomain('youtu.be')
        ->allowLinksFromDomain('pianoclack.com')
        ->allowLinksFromDomain('pianoclack.s3.us-east-1.amazonaws.com')
        // How long after sign up all posts are scrutinized for bad content
        ->checkForUserUpToHoursSinceSignUp(24)
        // How many of the first posts of a user to scrutinize for bad content
        ->checkForUserUpToPostContribution(5)
        // Specify the user Id of the moderator raising flags for some actions, otherwise the first admin is used
        ->moderateAsUser(1),
        //->enable(),
];

luceos

CyberGene the extension has tests where I test specific real-life strings. I will add these and see what happens when I have some space in my agenda. Thanks for reporting this, it's very helpful 👍️

CyberGene

luceos I think I see what the problem is. The regexp you use is:
preg_match("~https?:\/\/(?!([^\.]+\.)*($domains))([-\w.]+)~", $content);

This means that if it finds at least one URL with allowed domain in the content, the the content will be considered OK. As a result a spammer that knows I'm allowing YouTube, can insert various bad URL-s and one YouTube and bypass the detection. The logic should be the reverse: if at least one URL is matched with a domain that is not allowed, then the entire content should be considered suspicious.

luceos

CyberGene that makes sense, I have a few minutes now to look into this. Thanks for the heads up!

luceos

Released v1.3 which fixes the issue @CyberGene; https://github.com/blomstra/flarum-ext-spam-prevention/blob/99df43e682df21f9e81a4c5dc827fa46b51fdaa6/tests/Concerns/UniqueExamplesTest.php#L64-L84

Also, I've made the check on the protocol wider, anything ftp:// etc will now also be checked.

CyberGene

luceos thank you! Just updated it on my forum and retested it and can confirm it's fixed. Appreciate the quick fix 👏🏻

pkernstock

Is there any way to use regex, to e.g. allow internal IPs without getting it flagged? We have users posting configuration files with internal IPs and hence the extension accidentally flags them suspicious.

luceos

pkernstock not yet (sorry for the late reply Patrick). I can potentially add something so you can run anything to whitelist (might do a quick thing tonight as a change of scenery).

Darkle

Hey, I've been using this extension for a while now and I'm happy with its effectiveness, but now I wanted to automate even more with fof/spamblock, so I installed it, but there's no way to get it to work properly (I think), if the posts are marked as awaiting approval, they're supposed to be spam and therefore spamblock should kick in, right?

luceos

Darkle there's no autoban feature yet.

« Previous Page Next Page »