spam.. spam..spam.. spam... IDEA....

Even thoughI have completely removed the blogs from my site I am still getting a few Chinese spammers. They are leaving their brand of garbage in the profile descriptions for some reason? I could possibly rid myself of a few more by having a compulsory picture uploads on joining. I really dont want to ban an entire nation, and i know they would only change IP anyways..... so... what to do?

Is it possible to ban an email address - ie. if someone tries to join my site with an email I have banned they will not be able to join? I ask this because the only consistent thing so far has been the e-mail addresses of the spammers.

If this is possible is it not then possible for someone to write a module that allows site owners to ban spammers, but also upload the e-mail address of the spammer to a database on a server somewhere when they do this?

If all dolphin users had this or (try not to laugh) boonex included it as part of dolphin, the database would rappidly grow into a snapshot of who is spamming our sites and what their e-mails are. This information could then be queried everytime someone joins a site, so if they show up as a spammer they will not be allowed to join.

This could even be a good service that someone could run on here, and possibly sell the mod too...

Just a thought.....

Nathan

Anti spam mod sounds like a winner to me.

Default Boonex spam options just seem to '???' for me. 

I am working on one.

Because of the nature of my business i have to run an open site. The filters that come with dolphin run to high of a risk of false positives because they rely on IP addresses which for most of the worlds population are dynamically assigned thus not permanent. So i ran into problems with innocent people being blocked because they just happen to have a IP address which was in one of those lists.

So i am working on a module that does filtering based on key words or regex expressions on the profiles headline, email and profile description fields which spammer use quite often.

As an added feature, the profiles description will also be checked using Bayesian probability filtering

This mod is a ways away from completion though.

I am working on it for my own site because i got tired of getting between 10-20 new spam accounts while i was asleep each night.

I definitely agree there is room for improvement in spam prevention for Dolphin.  Rather than have every members information submitted to a "big brother" type of database I would suggest:

• Dolphin web administrators submit only the spammers information to the Dolphin spam list.
• Administrators can update the list (automatically or manually) on their individual websites.

This approach would mitigate the fear of Dolphin trying to take over individuals websites or direct solicitation from Boonex to independent Dolphin based websites because they already have all of their members information (Ning).

By the way DRautenbac, is your site invitation only or open?

My site will be open. I do not launch until sept 1st. I have managed to cut the spam down dramatialy, but as a subscription site I will have to stop it altogether - paying customers will not want to see spam - and they should not have to.

Its a shame, because I imagine there are many, many genuine customers in china.

Deno... As a service and a mod I think this could be a very good earner for someone on here with the knowledge to pull it off. Perhaps give the mod away, but charge a monthly subscription for the service? Eitherway, I like the different approach you are taking to this.

I recommend you to use htaccess to ban all visitors from china - thats easiest way how to stop about 90% of spammers.There is a article in forum already I think from dosdawg what to do...

Deano- when this mod is ready, you have your first buyer here :-)

I work with a number of Dolphin sites based around the Martial Arts so China would be a welcome addition to my customers!

At the moment though, I have to block as much of China traffic as I can as its all spam...

Keyword filter based mod would be great.

Most spamers in the case of dolphin want to leave a link. Backlinks increase rankings if they are done right and enough of them.

My guess is that they post something like a blog that initially shows up on the homepage where the page rank is the highest and flows. There actual post has a link or likely several to their site they are promoting.

I would say either disable and/or require the admin to approve them. Remove links entirely from tinymce posting and comments so they can't get a backlink. Or at least set them to nofollow so you can inform google that you do not vouch for the particular link.

I do not like to block or ban entire countries myself, but I am nearing the point that I am considering it. Depending on the website and location, if your site is primarily english do you think that many from china will really sign up and participate? Doubtful if you are in the english speaking world. Not out of the question, but do the spammers and hackers outweigh it? Something to think about.

Yea this is a big issue for me as well...I am getting killed with new registrations from the domain 126.com. Can I block a domain from registering?

My site is a global dance based site. Dance is a truely global art form and dance is popular in china. There could be many valid customers that I will miss if I block it.

Doesnt "CPANEL" have a block list for emails? I will have to look again.

I don't know how that would apply to Dolphin.

So far there is only one effective way I see of stopping them and that is to require the verification email before they can log in. It should be by default, but Dolphin allows people to create a profile, and submit and still log in unverified. This will stop them from logging in and being able to create any more than the items in the profile.

I regularly check all accounts on the site which are unverified, and delete them immediately if you see that the profile information is bogus (like address and other mismatched fields like city, state, country, etc).

It is an issue, and I have a full script of all the IP addresses by county in a format which should be a direct import into the database to block countries. I have tried over and over to block IPs using the Dolphin system, and it fails to block anyone... single IPs or ranges. There is a Block by IP, and it semi worthwhile as a FREE mod and installs easily.

After being on Dolphin for over 5 years, and fighting the fight each day, the best is to lock unverified members from being able to log in.

Also check all permissions as far as GUEST.... deny ALL!  Just allow view or use the page access which is built into Dolphin 7.0.7

Do you guys have mod_security running? If so put this in your config file:

SecRule ARGS_POST "\@gmx\.com" "log, drop"
SecRule ARGS_POST "\@126\.com" "log, drop"
SecRule ARGS_POST "\@qq\.com" "log, drop"
SecRule ARGS_POST "\@yahoo\.cn" "log, drop"
SecRule ARGS_POST "\@163\.com" "log, drop"
SecRule ARGS_POST "\@mx8168\.net" "log, drop"

That will drop the TCP connection if anyone tries to enter those email addresses ANYWHERE on your server. Change the "drop" to "deny" if you want them to get the nice denied message.

Then add this:

SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,drop
   SecRule ARGS_POST "href="

That will prevent any links from being put in any of the fields on your join form. Oh and change the name of your join form while you're at it. The spammers have bots looking for that file by name (you'll have to edit about 7 files to reflect the new file name). Last but not least, add this and change them to suit your needs:

SecRule ARGS_POST "prada-handbags" "log, drop"
SecRule ARGS_POST "fashion-replica" "log, drop"
SecRule ARGS_POST "replica-prada" "log, drop"
SecRule ARGS_POST "prada\ bag" "log, drop"
SecRule ARGS_POST "designer\ handbag" "log, drop"
SecRule ARGS_POST "prada\ bag" "log, drop"
SecRule ARGS_POST "prada\ purse" "log, drop"
SecRule ARGS_POST "prada\ handbag" "log, drop"
SecRule ARGS_POST "weebly\.com" "log, drop"
SecRule ARGS_POST "vibram-5fingersales" "log, drop"
SecRule ARGS_POST "republic-handbags" "log, drop"

I don't think I could live without mod_security and csf firewall (both free!)

 Great information, and very helpfull.  Also hopefully richards list could be added to, Im sure it woulsd soom build a good picture of who and where they are comming from...... Is there a way to spam the spammers????? I like payback lol

 where is this config file ?

 Sure you can spam them back... There are lots of porn signup lists and you have their email right :-)

 IF you have mod_security installed it should be at /usr/local/apache/conf/modsec2.user.conf

Another thing (I've probably mentioned before) is if you're using Exim for your server email you can put custom rules in /etc/cpanel_exim_system_filter (or /etc/antivirus.exim, you can see in WHM which one it's using) that will filter ALL the email going into the server. You can put rules in Cpanel but if you have a LOT of sites it can be a pain doing it for each one, this file is a master filter. Frankly I was sick of hearing about how I had won the UK lottery or how some Nigerian warlord wanted to transfer money to me.

hello you can block access to the join page for a text file robot

Is this being address in the new beta ? I can not even use my site because of these spammers and have not seen a reasonable solution.

another option might be to add code to your .htaccess file.    you can use www.blockacountry.com

Before you do though, it would be interesting to see what others think.

I used it on an old classified ad site to block nigeria spammers.

Just in case anyone is doing this mod, i have added a few email domains to the list:

Here's my conf file:

SecRule ARGS_POST "\@gmx\.com" "log, deny"
SecRule ARGS_POST "\@126\.com" "log, deny"
SecRule ARGS_POST "\@qq\.com" "log, deny"
SecRule ARGS_POST "\@yahoo\.cn" "log, deny"
SecRule ARGS_POST "\@163\.com" "log, deny"
SecRule ARGS_POST "\@mx8168\.net" "log, deny"
SecRule ARGS_POST "\@12gohere.net" "log, deny"
SecRule ARGS_POST "\@boxedchristmascards.net" "log, deny"
SecRule ARGS_POST "\@110mail.net" "log, deny"
SecRule ARGS_POST "\@yeah.net" "log, deny"
SecRule ARGS_POST "\@sohu.com" "log, deny"
SecRule ARGS_POST "\@hotmail.com" "log, deny"
SecRule ARGS_POST "\@free-medicine.net" "log, deny"
SecRule ARGS_POST "\@satiny.co.uk" "log, deny"
SecRule ARGS_POST "\@energyforthehome.com" "log, deny"
SecRule ARGS_POST "\@dunkssb.net" "log, deny"
SecRule ARGS_POST "\@pumpkincarving.org" "log, deny"
SecRule ARGS_POST "\@theory-test-practice.co.uk" "log, deny"
SecRule ARGS_POST "\@cooljordanshoestore.com" "log, deny"
SecRule ARGS_POST "\@betfairmethods.com" "log, deny"

SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,deny
  SecRule ARGS_POST "href="

SecRule ARGS_POST "prada-handbags" "log, deny"
SecRule ARGS_POST "fashion-replica" "log, deny"
SecRule ARGS_POST "replica-prada" "log, deny"
SecRule ARGS_POST "prada\ bag" "log, deny"
SecRule ARGS_POST "designer\ handbag" "log, deny"
SecRule ARGS_POST "prada\ bag" "log, deny"
SecRule ARGS_POST "prada\ purse" "log, deny"
SecRule ARGS_POST "prada\ handbag" "log, deny"
SecRule ARGS_POST "weebly\.com" "log, deny"
SecRule ARGS_POST "vibram-5fingersales" "log, deny"
SecRule ARGS_POST "republic-handbags" "log, deny"

oh yeah, here's a couple more.

'sunglasses'

'unlocked'

ohhhh... not the prada handbags lol..... friggin nightmare. I felt like my site was a bag store at one point.

 That's my list... oh my god, someone actually took my advice! Woo hoo! Hahaha... I've just about given up on preaching this though Sky because most of the people here are on shared hosting and can't/don't have mod_security..

Oh and after I posted that rule list I changed that one rule to:

SecRule ARGS_POST "=href" "log, deny"

So it blocks links everywhere and not just on the join form.. I figured out they would just join and then try and go back and edit their profile to add the link. Then they were trying to spam the blogs without even joining.. so I changed that rule so you can't post a link ANYWHERE.. that finally stopped them.

I can't make that change because I allow my members to post links in their posts in the forum. My site is a manually approved membership, I know who everyone is I give access too.

I tested it last night and it didn't seem to stop me from posting a spam membership. I need to check my mod_security and make sure it's enabled. (I thought it was)

I personally think your idea is a good one. it will certainly help

Ok, I'm on a VPS and I have checked my mod_security, it is enabled. I can still create accounts with spammer email addresses and terms like prada in the description. It does not seem to be working

what am I missing?

2 things to check:

1. Did you put those rules in /usr/local/apache/conf/modsec2.user.conf?

2. Open /usr/local/apache/conf/modse2.conf and make sure it has this line:

Include "/usr/local/apache/conf/modsec2.user.conf"

If you want to speed up testing change that rule to check contact.php instead of join.php... that way you can just enter a banned word in the contact form and see if it blocks you instead of going through the whole join process. Then just change it back to join.php when your done.

Let me know if it wasn't one of those two things.

Sky, you might already have this installed but if not check it out. It's a little control panel for mod_security that installs in WHM. It's written by the people who make CSF firewall but you can use it even if you don't have the firewall installed. It lets you turn modsec on and off and edit the rule files from within WHM.. and it's free!

http://configserver.com/cp/cmc.html

Time ago, prolaznik has published another way for restrict some of email providers of spammer on registration, I've added the email to ban, and this works very well for me..

mscott, I checked that. I set it up in SSH and checked it in WHM. it's all there and enabled. I will have to get with HFW and see if they are overriding it somehow.

Giovanni - COOL FIND! Thanks Prolaznik

PS, If you noticed, I have added hotmail to my list of banned domains. I know some people still use it but a lot of trash comes from them now.

Sky, make sure none of your .htaccess files have this in them:

<IfModule mod_security.c>
SecFilterEngine Off
</IfModule>

Also, if you look at the main apache error log (usr/local/apache/logs/error_log) does it have any entries at all from modsec?

My htaccess files do have that in it.Was added a while back to solve a video upload problem.

There are also no entries  in the mod_sec logs

Ahhh, that entry in the htaccess turns mod security off compelely for that directory and any sub-directory under it... I think we just found the problem with your spam blocking :-)

What was it blocking with the videos? It hasn't stopped me but I also haven't really uploaded any huge ones.

Yeah, but have you been screwing with Dolphin since 7 came out, lol

Ok, Mod security is definitely enabled. I removed all the SecPOST comments in the htaccess files in ALL my sites. I flushed all the cache the hard way including the browsers. I double checked the conf file to make sure everything was listed

I even went so far as to remove my IP from the ignore list in my firewall setup.

It flat doesn't work for me.

Since 7??? I just upgraded all my sites from 6.0.3 to 7.0.6 a few months ago, lol.

OH! You just reminded me when you said ignore file... you don't have your IP whitelisted with modsec do you? Do you have it monitoring the contact form or still just the join? I'll give it a try if you want me to, that would narrow it down so we could see if it was just letting YOU through.

go for it, townation.com

Yuuup not working... the email blacklist mod is working so I put @gmx.com in the about me section and it still let me join.

You know when I was telling you to check conf files I forgot to mention the main one! Open /usr/local/apache/conf/httpd.conf and make sure this is there:

Include "/usr/local/apache/conf/modsec2.conf"

Ok, wrote the new line in the httpd conf file. Lets check it again

LOL, still lets me in as a Prada bitch

Did you restart Apache after you made the change? We're not stopping until it's working!!!!! lol

Oh crap. stand by

Haven't done it in a while. I'm rebooting the whole system. Will be back up in a minute

is up.

LOLOLOL! STILL DOESN'T WORK!

$&#@! Is it possible you missed an .htaccess somewhere below the root dir of the site?

No. I was pretty thorough. only have 2 sites with modified htaccess files. the rest are all stock test sites

hang on a sec. gonna check that httpd conf file and make sure the changes stuck.

Yup, still there.

I'm going to move this to PM before the MODS kill us both.

Doing all the stuff you guys have mentioned and enabling "Promotional Membership" seems to have done the trick for me because I don't allow my promotional members to post anything. The fake sign ups have stopped for now.

Thanx guys.  

Hello,

I had the same problem as SkyForum.

I solved it by adding this directive at the begin of modsec2.user.conf. I added this directive which was not included in default configuration.

SecRequestBodyAccess On

If it can help somebody ...

Aleks.

I banned the entire china country and then had issues where they was using other country IP's !! WAS A NIGHTMARE until I done the following:-

1. keep china blocked

2. Made blogs moderated (not auto activated)

3. Limit number of postings per standard member per day

Just the 3 above steps and brough spamming issues down to just about 0%

Make site paid sitze and charge some low fee like 2 dollars for year registration so evcerybody can afford it. IM sure chinese spammers stay away and not pay anything :-) That is most safe way how to get rid of spammers and also most of other abusive people who only create a mess on your site..

 i like your idea, its awesome.

I used that on my joomla sites. I put 1 dollar registration fee and suddenly..no spammers :-) They dont pay a cent to enter any site..so only free sites are in danger...

 sorry for going off topic but i hate joomla :)

Getting $2 off someone can be like getting blood from stone and may prevent good users looking for a free service from adding good content !

Just saying ;)

fighting with spam is so time consuming and neverending job that I simply give up to release any free site. ON allk wherte is membership I have 1 dollar fee and get only serious people there ..true not alot of people but better to have 90 unique users than 500 users wher 410 are spammers and give all my time to fight with them

I have read this on german webside, i think this is a good idea.

" How long is a real visitor needs to write his message? Determined more than 16 seconds, and (even if he falls asleep in between) for no longer than 16 hours. Spam-​​bots on the other hand need only a few seconds in 76%, less than 1% of the bots scan the form only once, then use it for all subsequent spam. It's pretty rare that automated spam entries are made outside this period on the requirements of the form. In order to use this feature to spam prevention, you do not need to start a session - a hidden form field completely sufficient for this purpose:"

<?php define ('Zeit', time()); // Start time of the script set

# additional code to check:
if (!isset($_POST['date'])) { /* field is missing ->Spam */ }
elseif (!is_numeric($_POST['date'])) { /* manipulation ->Spam */ }
elseif (intval($_POST['date']) > Zeit-10) { /* too fast ->Spam */ }
elseif (intval($_POST['date']) < Zeit-10*3600) { /* old form ->Spam */ }
else { /* kein Spam¿ -> maybe additional inspections and processing of the entry */ }

# more code to form:
echo '<input name="date" type="hidden" value="', time(), '" />';
?>

" Only the term comparison of filtered out 76% of all spam. And because spam bots hidden input fields normally transferred unchecked, this field should be defaced by not even naming or encoding of the value."

Maybe someone can build a mod for Dolphin with this script.

Here is the link to the website with more information: http://1ngo.de/web/captcha-spam.html

 Help!! Help!! hello everyone, im also sick of these spammers, i tried to block emails by doing the following but now when new members fill out the join form and click join at the bottom the page does not go anywhere... nothing happens... I tried to trouble shoot and removed the e-mail block from admin profile fields and it works fine, members are able to join but without the e-mail field... can someone tell me what the hell happen?

what is the original code that goes in in the admin>profile fields>emai> advance>check ?

Thanks

running 7.0.8

The problem may be reduced for a while. Over the weekend the FBI (IIRC) seized around 170 domains featuring all the stuff we have come to know and hate -Uggs, fake Prada, football jerseys etc.

Since that happened the spam has dropped right off.

As my site is entirely user content driven with anything up to 50 new content submission accounts opened per day (that is going up as we get a higher Alexa ranking) we have to be careful about who we ban and I have significant genuine membership (and readership) from Asia, including China that there is no benefit to an outright ban.

What I have found is that if one takes away the 'toys' they need then the benefit of signing up is taken away and eventually one really does get filtered from their target lists.

So, we removed all opportunities to drop live links from comments, profiles etc.

The Chineses still send me nice pics with a dead link but I am not overly worried about those. People actually look at the pics and I remove the ones I don't want to see. ;)

TheDundy's suggestion is a good one. Timing is worth a look at. A script can signup, drop a link and be gone in a second (depending upon how fast your site runs) As no human is so fast then blocking very fast (or very slow) signups/customisation/first post is viable.

That said I have seen some autoposting tools that even go as far as to mimic the activity of a human in terms of typing out entries one letter at a time with randomisation. Very cool stuff. ;)

So excuse my ignorance what does CAPTCHA do?

help help help , i'v been in contact with a member hear who apparenty is from china, after this I received domain name registrants on my NOT READY , temporary unavailable website.

Can I name this individual and the registrant emails ??

I am no coder or understand techniqual jargon, just about understand HTML so can anyone assist in adding what others have added for security such as emails ect.

 Since all Dolphin site navigation structures are the same, it makes us very vulnerable to anyone looking; no matter if your published or not.

It's a matter of the search. Just this simple search term in google  returns mostly  "Dolphin" sites.

Make a search  using "inurl:my_page/add/"

WOW...

DRautenbach....i feel for you..

my website is getting hit pretty hard!!!!. within  the last 3 months I probably  deleted over 700 spam accounts. I'm at the point I'm not even sure whos real and who isn't on my site.  All i been doing is mass deleting users. I tried some of the advises found in the forums and it doesn't appear to be working.

Its been non-stop and Arvixe who does the hosting of my site is ready to shut my site down. its that bad!!!!

I'm  at a point I'm ready to shut my site down..

R

 Robin,

Adding the additional question,

i.e.

• "What is 5+5"
• "Are you Human?"

http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm

to the join form has stopped 98% of my spamming, IT WORKS

 Hello newton27,

Thanks for the reply back. Finally had a chance to sit down and try your idea.. will let you know what happens.. 

Within the last 3 days I had 250 spammers hit my site and Im hoping, hoping this will stop them.. thanks again.

cheers..

It has worked for me, I still get the occasional spammer, but I can tell their actually human.

China is no longer a problem using the "Join by Country" module on some sites.

The chase now is the ones using hotmail and gmail, which I cannot block. 

....

It happened to my site for the last couple weeks from the WALL and SPY module. i had to remove these two modules to stop spam. And so far is ok. Not sure that Wall and Spy have security issue.

Hey newton27, 

Thanks for the link, man it worked. the difference is day and night.

from getting 20 to 30 spam a day to getting 1 spam with the last 4 days.. 

works!!

http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm

Thanks

R

 So what did you do on your site? May I view it please? Thanks

 Your welcome Robin. 

This should be a core feature or an option at the least.

And this is another shot

And results after you submit join form

And this is what you get using the email blocking mod.

Hey Newton,

Thanks man. I appreciate it. I also sent you an email regarding another question.

 your welcome, you have mail..

Try these simple steps to prevent spam on your site:

http://www.boonex.com/forums/topic/Simple-Spam-Fighting-Steps.htm

I was having this issue, everyday 10 to 15 sign ups with nothing important or meaningful on my site, just a bare site and yet these sign ups from the crappy spam stuff.

Anyway, no more.

What happened, I had my splash page installed and template. The splash has all the standard questions to register (username, pwd, confirm pwd and email).

Then system takes you to a 2nd page of registration where you have to click on User Terms and their is a Captcha.

That is it.

Now I noticed no more spam sign ups. Zero.

Why am i telling you this? So that you too can avoid the same problem. I am not sure which portion of the sign up process has worked, but it has and it is such a joy.

I've figured out why the join button was ceasing to function for some on Prolaznik's fix...

In design.inc.php, the code in my file was different to others (unsure whether due to previous modifications or discrepancies between version 7.0.3 and other versions...

At the bottom of your design.inc.php, you should see the following two lines:-

$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

What is directly above these two lines? If you don't see the following line, then this will likely fix the issue:-

bx_import('BxDolAlerts');

Copy and paste the following into your design.inc.php file above:-

$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

===

//block registrations using specific email providers
function ForbidenEmailProvider($Email)

     {  
       $ForbidenEmailProvider[] = "@163.com";
       $ForbidenEmailProvider[] = "@sohu.com";
       $ForbidenEmailProvider[] = "@21cn.com";
       $ForbidenEmailProvider[] = "@gmx.com";
       $ForbidenEmailProvider[] = "@126.com";
       $ForbidenEmailProvider[] = "@qq.com";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@mx8168.net";
       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@buybrandshop.info";
       $ForbidenEmailProvider[] = "@lenfos.com";
       $ForbidenEmailProvider[] = "@mailinator.com";
       $ForbidenEmailProvider[] = "@tom.com";
       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";
       $ForbidenEmailProvider[] = "@speaktolearn.net";
       $ForbidenEmailProvider[] = "@qtyhosting.com";
       $ForbidenEmailProvider[] = "@12gohere.net";
       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";
       $ForbidenEmailProvider[] = "@yeah.net";
       $ForbidenEmailProvider[] = "@free-medicine.net";
       $ForbidenEmailProvider[] = "@satiny.co.uk";
       $ForbidenEmailProvider[] = "@energyforthehome.com";
       $ForbidenEmailProvider[] = "@dunkssb.net";
       $ForbidenEmailProvider[] = "@pumpkincarving.org";
       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";
       $ForbidenEmailProvider[] = "@betfairmethods.com";
   
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          } 

       return true;

     }

bx_import('BxDolAlerts');

===

The entire bottom of your design,inc.php page should read:-

    $oForm = new BxTemplFormView($aForm);

    bx_import('BxDolAlerts');
    $sCustomHtmlBefore = '';
    $sCustomHtmlAfter = '';
    $oAlert = new BxDolAlerts('profile', 'show_login_form', 0, 0, array('oForm' => $oForm, 'sParams' => &$sParams, 'sCustomHtmlBefore' => &$sCustomHtmlBefore, 'sCustomHtmlAfter' => &$sCustomHtmlAfter, 'aAuthTypes' => &$aAuthTypes));
    $oAlert->alert();

    $sFormCode = '<div style="text-align: center; margin-top: 8px;"><a href="modules/?r=deanos_facebook_connect/login_form"><img border="0" src="' . BX_DOL_URL_ROOT . 'modules/deano/deanos_facebook_connect/templates/base/images/fbconnectbut.png"></a></div>' . $oForm->getCode();
   
    $sJoinText = (strpos($sParams, 'no_join_text') === false) ?
        '<div class="login_box_text">' . _t('_login_form_description2join', BX_DOL_URL_ROOT) . '</div>' :
        '';
   
    return $sCustomHtmlBefore . $sFormCode . $sCustomHtmlAfter . $sJoinText;
}

//block registrations using specific email providers
function ForbidenEmailProvider($Email)

     {  
       $ForbidenEmailProvider[] = "@163.com";
       $ForbidenEmailProvider[] = "@sohu.com";
       $ForbidenEmailProvider[] = "@21cn.com";
       $ForbidenEmailProvider[] = "@gmx.com";
       $ForbidenEmailProvider[] = "@126.com";
       $ForbidenEmailProvider[] = "@qq.com";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@mx8168.net";
       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@buybrandshop.info";
       $ForbidenEmailProvider[] = "@lenfos.com";
       $ForbidenEmailProvider[] = "@mailinator.com";
       $ForbidenEmailProvider[] = "@tom.com";
       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";
       $ForbidenEmailProvider[] = "@speaktolearn.net";
       $ForbidenEmailProvider[] = "@qtyhosting.com";
       $ForbidenEmailProvider[] = "@12gohere.net";
       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";
       $ForbidenEmailProvider[] = "@yeah.net";
       $ForbidenEmailProvider[] = "@free-medicine.net";
       $ForbidenEmailProvider[] = "@satiny.co.uk";
       $ForbidenEmailProvider[] = "@energyforthehome.com";
       $ForbidenEmailProvider[] = "@dunkssb.net";
       $ForbidenEmailProvider[] = "@pumpkincarving.org";
       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";
       $ForbidenEmailProvider[] = "@betfairmethods.com";
   
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          } 

       return true;

     }

bx_import('BxDolAlerts');     
$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

if ((int)$_GET['idAff'])
    BxDolService::call('inviter', 'accept_affiliate', array());

?>

Then also follow the other steps from Prolaznik:-

Step2.

in administration / builders / profile fields (join form)
edit the email field click on advanced and replace 

return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);

WITH THIS

return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );

Step3.

in administration / settings / languages settings look for 

_FieldError_Email_Check 

and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this

Invalid email address / or the email provider you are using is blacklisted.

or whatever you like.

That's it  you can add more email providers or remove some

$ForbidenEmailProvider[] = "@someprovider.";

 That's good, but, I do think it effects SEO to use a splash page, the jury is still out on this one.

Yeah, if the splash page knocked him so far down in the SERPs that not even the spammers could find him I wouldn't consider that a "fix" lol.

For the splash page if it is set well and without limiting the entry at the site contents has no problems.. my site on Google with SEO is almost at the top..

i use the block for Spammers email that I have posted time ago in this forum, and block after 5 attempts to wrong password for 5-hour and i solved the problem of spam, from 3 months, 0 Spammers and 3000 real user..

 Splash pages do not affect SERP, it all depends on how you set it up. At the end of the day, you can have the best SEO site with no members and you will not show.

SEO is not just about keywords, titles and content on page. You need hits as well and many other factors that we do not realize.

I would rather have a site with good number of members and have an average SEO, then the other way around.

Don't forget that the splash page is not the only page you SEO. You have many internal pages that also come into play that need to be SEO.

I have a splash page and my spam is dropped to 0 a big ZERO. Don't know exactly what part work the best but i think that my join.php is no more usable so maybe thats the reason or maybe recaptcha. But no bot or spammers. I am getting more signups due to the page looks like fb. lol

 So there you go, another living proof. Perhaps we should find out about users that have splash and don't and see which ones get more spam. not only that it may have something to do with the join page.

join.php is like a big fat magnet to spammers. Usually, they are going to run http://biglistopfdomainnames.com/join.php to find the pages to attack with spam maybe?

By adding a splash page, you've introduced a second step their scripts aren't prepared for?

It looks like bots are used to search and join Dolphin sites. If site have some non standard features bots fail, some of the noticed features to prevent bots are:

- splitting join form into steps

- splash screen (I think splash involves hiding real join form too)

A little heads up. For all of you that have made use of these changes. Updating to 7.08 completely replaces the inc/design.inc.php file....

AAAARGH!

i've done those changes but i still get like alots of spam suers registered from hotmail and gmail! this is not the way! cant we replace this chapta thing with rechapta or something more powerful?

 I still get the spammer accounts as well but no posting of blogs because of the spam tools provided.

Have you "enabled" the spam tools in your admin section, do you have your askimet key installed?

It's best to fine tune these settings along with using this added filter.

This is a follow up to this post because of some PM's I've received; I realized I didn't actually post how I added this math question, so here it is.

Go to admin-->builders-->profile fields  || drag a new item/block up

click on block and add 

System Name  --> MathQuestion

Caption --> What is 5+5?

Description--> To complete the join form, you must prove your human.

select "Text" from drop down at the bottom,

Then click on Advanced tab on top, check off mandatory and set min value to 1 and max value to 10 

In the "check" field put this; 

return strtolower($arg0) == '10';

Click save.. Make new language key for block name .

This is actually an edit of

rhimpr's post from another topic, http://www.boonex.com/forums/topic/China-is-invading-help-me-with-form-field-validation.htm

I love this thread and hopefully it has helped a lot of people.. hopefully it will also make Boonex realize they REALLY needs some sort of pagination for this forum. This page is huggggggge lol.

Son, I am dissapoint.

 CRTL + F , "cloudflare" ... nothing..

I have one word for you all, "cloudflare". 

 There's a bigger one. Just check out Ilbellodelwebs IBDW support thread.

Its nothing fancy but I had 1 to 5 spam accounts a day signing up on the site. It was getting exhausting. I added a new question to the join form and maybe see one account a month now. Example "If you are human enter the number 1 in the box". Use the built in matching boonex already has and if the number one is not entered then the form does not go through and no membership created. This works because these memberships are automated bots and not actually real people. My site is great now!

Create a New field in the Join Form

Builders- Profile Fields- Join Form

• GENERAL TAB

1. System Name "RUHUMAN"
2. Caption: Enter the number "1" here to prove you are human.
3. Description: Enter the number "1" to prove you are human and not an automated robot.
4. Type: Number

• ADVANCED TAB

1. Mandatory: Yes
2. Min Value: 1
3. Max Value: 1
4. Default Value: 0
5. Anything not mentioned for this section leave it blank

• Messages

1. Mandatory Error Messages: You must type the number 1 in this field to prove you are human.
2. Enter this same message in both the Minimum and Maximum blocks and leave the rest blank.

NOW CLICK SAVE

Just drag and drop the "RUHUMAN" block where you want it to show up on your join form. Unless someone enters the number "1" the form should not process. That should stop most automated registrations. It did for me. I dont think I forgot anything. That should be all you have to do.

I have added the 5+5 question and changed the join.php to register.php and now waiting for the effect it shows. What you think should i need something else?

@Prashank25

Sounds like you are set up pretty good.  Just wait and see if that produces your desired results.

I tried this 2 days ago and it looks like it has stopped those bots

THANKS!!!!

 Your welcome Tony! Just make sure you are able to still sign up with a legitimate account. Create a test account to make sure it works as it should. Try the wrong numbers a few times and then the right one to make sure it will still create new accounts. Hey my first instruction mod! Glad it helped. Ive seen where where other people have done it to their installations but I never yet seen where someone broke it down step by step and tell you how to do it. Maybe they have though. I am a skim reader sometimes and a lot of information on here I have not seen yet.

5 + 5 could possibly be perceived as a question a bot could answer at some point. This idea has been around for a small amount of time and it is one most bot creators aren't tackling yet.

That is the secret word though .... yet.

5 plus five would be better than 5+5 in my book. Just a thought...

@DRautenbach
This seems like a deja vu :) I’ve been using Dolphin for about 5 years now. And the most critical issues I’ve been encountering with Dolphin has been with SECURITY.  My Blogs were getting approved somehow without my approval, things were getting published on my site without my approval -  at one point, I had to shutdown my site because it looked like a Marketing Hub for China :-)  My Dolphin sites have been consuming so much resources on my dedicated server to the point where it brought down my whole server. As result, I paid the consequences..

Long story short: Get hold of Mr. MSCOTT  at:  http://www.boonex.com/mscott - I can assure you that you will be happy with the results..

It took me 5 years of headaches with some Chinese & Russian SPAMMERS, and now for the last 7 months after I applied some security Mods with the help of MSCOTT -  I can focus on my business in hopes to make some revenues and not spend my wheels chasing CHINA ! 

Mr. MSCOTT  has saved me all the security headaches I encountered for the last 5yrs. He installed Mod_security and CSF firewall and he added some custom security work that he put together for his sites/clients, and he configured everything for me properly. I just can’t thank him enough for the great assistance and the extra efforts he has done for me to make my Dolphin sites as stable as they are today and most importantly.  Today, I have NO more SPAMs, no more fake emails, and no more intrusions :-)

To see what I am talking about, here are some Alerts/Hackers from China & Russia I’ve been getting and were STOPPED promptly before they could harm my system:

IP: 222.186.24.25 (CN/China/-)
Failures: 3 (mod_security)
Interval: 300 seconds
Blocked: Permanent Block

IP: 188.143.232.8 (RU/Russian Federation/-)
Failures: 3 (mod_security)
Interval: 300 seconds
Blocked: Permanent Block

I would highly recommend MSCOTT to any one who is or has been having security issues with his Dolphin sites, you will be happy with his services indeed. I am :-)

Regards,

@Aleka2a: Any time mod_sec bans someone is lists a rule number in the email it sends you. Just take that rule number and search for it in /usr/loacal/apache/conf/modsec2.user.conf

The only rule I have ever had problems with when using Dolphin is #950004, it thinks the smileys :-) are XSS attempts and blocks the person. Was the person you mentioned using smileys in their description?

@Morocco, thanks bro!!!

 mscott,

I installed the module mod_evasive; helps protect the server from DDOS attacks and mod_security; helps protect the server from attacks right?

I find that when uploading music now I get a 403 forbidden error on pages, am I blocking myself?

I'm new to server's, this one has been running for couple years without these installed; I decided to install to be safer. Here is a link to my server phpinfo http://www.duvallocals.info/phpinfo.php

I might add, after uploading a music file is when I get a temp ban, then am able to view pages again. Is this normal? I don't want members to see these blocks. I have no problems with spam now that I did the math question, I just thought I'd add extra security..

I followed this http://www.linuxlog.org/?p=135 to do the install.

I guess the question I want to ask is, can this be "loosened" some?

Thanks in advance 

I've never used mod_evasive before. I looked into it at one point but I found lots of people who weren't really happy with it plus I had never really had a problem wtih DDOS attacks.  

To figure out what's blocking you look in your error log (usr/local/apache/logs/error_log) right after you try and upload a song. If it was mod_evasive you can change the settings in http.conf. I found these through Google, but like I said I've never used it so this is just a shot in the dark:

After you change the settings don't forget to restart apache.

Thanks, I seen that during the install. Increasing these numbers might help?

I found that no media will play now, audio or video, you tube embeds play fine.

I guess I will try to back out the install.

If it's mod_security blocking the media from playing it will add a line in /usr/local/apache/logs/error_log everytime it happens. If you don't see anything in there it must be something else.

You can also install this free mod_sec control panel that will let you turn it on and off easily:

http://configserver.com/cp/cmc.html

If you turn mod_sec off and the media still doesn't play then something else is causing it.

If you add that email line to the mod_evasive config in http.conf it should email you every time it blocks something.

Hello mscott,

I did not know that CSF could send an email to each banishment. Thank you for the info and sorry for the late reply (internet access problem).

The person I mentioned doesn't use smileys in his description.

 Yes, it sends an email for each one to the email address for the root account.

If you aren't getting the emails just check the Apache error log and the rule numbers are listed there too.

I was out messing around on another site and I spotted something that intrigued me.

When they created their bot question, they just left it blank. Right next to it was the caption (Bot trap, please leave blank)

It must work. I can see a bot trying to put something in the box.

Seems like a good idea.

Thank you all for your posts. I have added both the blank field and the "enter number" field to my join page. We'll see what happens.

This topic needs to be put on the active topics list so it remains at the top. As far as I am concerned, it is the single best thread on this site for information on how to solve spam issues. Since so many of you seem to be burning up the forum with the spam question again, I thought I'd make it easier to find....

I'm just sayin....

 If you need to you can do the split of the join form making it a two step process which is the best block for bots.

"Split Join Form

You are able to split the Join form into the several pages, just "transfer" some blocks to the next pages: Click on Join block title in join area and in an opened window of its properties choose Join Page different from "0", and Save. That's all. The new Join page is created and your block is transferred to this page."

http://www.boonex.com/trac/dolphin/wiki/ProfileFieldsBuilder

https://www.projecthoneypot.org/

Since I have allowed registrations from US IP addresses only, and at the same time integrated Maxmind's proxy detection service, which blocks access to the join form via US based anonymous proxy servers, I  have not had a single spammer registration  in two years.  I don't use any of the built in anti spam tools  Prior to that, it was about a dozen a day.  If your site has a local focus, this is a highly effective way to stop spammer registrations. 

Spammers outside the US don't seem to care if you can trace their origin.  Spammers inside the US however, don't seem to want anyone to track them down, so they ALL appear to work through anonymous proxies, and the Maxmind service is excellent for this. In the unlikely event you get a spammer registration from an IP that can be associated with an individual, you have ways to make their pathetic life miserable. Maxmind has an excellent service...not sure why I'm the only one here that uses it.

 I use this as well.

the math addition question and split join pages has worked 100% for me

and yes blocking china too lol

Thanks to everyone for sharing. Yesterday, I used the step by step instructions given by Giovanni_m above and it worked 100%. I came in today to find no spammer where normally I would have had up to 30 new members! Thanks to Boonex for providing this platform even though they fall short in offering the necessary tutorials themselves.