Stop Forum Spam Checking Function

[jacek]

This function will tell you if any of the user information you give it appears in the stopforumspam.com database, could be useful for registration forms, guestbooks etc.

function known_spammer($username = null, $email = null, $ip = null){
	if ($username !== null){
		$query['username'] = $username;
	}
	
	if ($email !== null){
		$query['email'] = $email;
	}
	
	if ($ip !== null){
		$query['ip'] = $ip;
	}
	
	if (empty($query)){
		return false;
	}
	
	$data = file_get_contents('http://www.stopforumspam.com/api?' . http_build_query($query) . '&f=serial');
	$data = unserialize($data);
	
	if ($data['success'] !== 1){
		return false;
	}
	
	unset($data['success']);
	
	foreach ($data as $check){
		if ($check['appears'] == '1'){
			return true;
		}
	}
	
	return false;
}

Each parameter is optional and should be replaced with null if you want to skip it. for example to check if an IP is in the database.

var_dump(known_spammer(null, null, '1.2.3.4'));

Or to check all three things,

var_dump(known_spammer('jacek', 'test1@betterphp.co.uk', '1.2.3.4'));

There is a limit to how many times you can use this form the same IP, that limit is 20,000 so I doubt it will cause many problems

[Carbine]

Wow, I may just use this in my website! Thanks for this. I hate spammers! Doesn't matter too much anyway as I use email activation, but I'll have a word with the other funder of my site and see if we should use it

[jacek]

Some spam bots can do email activation

Using this for registration checks would be an extra layer of protection, if you have it they are more likely to just more on to another site than work around it

[Helx]

So I would check if they are a spammer by:

if(var_dump(known_spammer('jacek', 'test1@betterphp.co.uk', '1.2.3.4')) == true)
{
echo ':o spammer!';
die(); // heh
}

Right ?
Or do I skip the var_dump() ?
(The sad thing is, I'd actually put the commented laugh in the code...)

[jacek]

Or do I skip the var_dump() ?

Yeah you don't want the var_dump() that just shows you the value of the thing you give it in a nice format for testing, for the actual code you want to use that value.

[Helx]

-snip-
Yeah you don't want the var_dump() that just shows you the value of the thing you give it in a nice format for testing, for the actual code you want to use that value.

Yay I use it on my contact form. I'm always being targeted :<
Around 30 different unique IP's per day.

[jacek]

Well it should help, we used to get a lot of spam here since then I have remove the captcha on sign up and added this check now spam is very rare. I think the IP is the most useful thing since the usernames and emails are often random.

[Helx]

Well it should help, we used to get a lot of spam here since then I have remove the captcha on sign up and added this check now spam is very rare. I think the IP is the most useful thing since the usernames and emails are often random.

Yeah, its quite ridiculous.
I often think what I had done to deserve being spammed.

I was told that it was just a bot that goes around looking for a form, or forum. Is that true?

[jacek]

I was told that it was just a bot that goes around looking for a form, or forum. Is that true?

It's thousands of bots looking for any web form at all Some do target forums specifically which is why using something like phpbb is a bad idea.

[Helx]

I can't believe people get a kick out of that... :/

[jacek]

I can't believe people get a kick out of that... :/

It gets worse than that... you can pay people in India a few $$ and they will sit and post crap on forums all day. That is more of a problem now that bots.

[Helx]

It gets worse than that... you can pay people in India a few $$ and they will sit and post crap on forums all day. That is more of a problem now that bots.

So it's just that SEO crap? More links to a website, higher ranking?

[jacek]

So it's just that SEO crap? More links to a website, higher ranking?

That' their theory, apparently Google tries to ignore spammy links though.

[Z645]

Bots can't do Security codes

[Helx]

But real people can...

How do you think people register on most phpBB websites?

[jacek]

Bots can't do Security codes

I wrote a bot that could break simple captcha codes