Add a custom spam filter to phpBB3

I have been the maintainer of the ProcessMaker forum since June 2009, which has generally been an enjoyable experience, but lately we have been inundated with spam. I usually don’t mind deleting the occasional spam from the forum. In fact, I find it very interesting the tricks that the spammers use to fool me into thinking they are legitimate posters. Usually they are very subtle, so it doesn’t particularly bother me if a couple posts of spam slip through undetected.

The usual trick is to post something that looks like a legitimate post the first time. The more skilled spammers use a script to analyze the previous posts on the forum and construct a new post which merges the previous content. It often comes out as gibberish, but some of these scripts can actually generate something that appears to make sense. After the first post has passed the censors, then they sneak in a link in the second or third post.

Another trick is to post a reply to a post which already has a large number of replies, but nobody has read for several months, so the spammer hopes that nobody will notice. The links in the post are often the same color as the background color or in tiny text, so you can’t even see them, but Google’s web crawlers will see the links in our forum and use that to raise the ranking of the linked site.

As I said, most of these spammers are very subtle and unobtrusive, so their spam doesn’t really interfere with the functioning of the forum. They know that they will be detected if they include more than one link per post and they also know that they need to avoid posting too many times to avoid getting their accounts deleted.

These spammers may be parasites, but they know how to not annoy their hosts, so they are tolerated. A new spammer recently appeared on our forum, however, who insisted on posting in the most obnoxious manner and could not be ignored. Somehow he managed to bypass our filtering where the first post from any new user needs to be approved. Then, he would post 10 to 15 posts in Chinese every night offering to sell fake diplomas to universities. He would create 3 or 4 different users every day to post this garbage on our forum. It took me 10 minutes every day to delete these new accounts and their posts, but I let this go on for two weeks until I returned one Monday to find that 100 new posts from this spammer had been posted over the weekend.

I got so mad, that I decided to dig through the phpBB3 source code to figure out how to automatically delete any new posts by this spammer. First, I tried to create a list of key words that will cause any new post to be automatically deleted. However, that didn’t help me much, since I can’t read the Chinese that was being posted, so I also added code to automatically detect any post containing a Chinese character and automatically delete it.

This is a quick and dirty solution, but I am posting my solution in hopes that it will help other administrators of phpBB3 forums who have similar problem with obnoxious spammers. I don’t have the time to investigate how to make this into a plugin, but I would love to see someone else do it and offer it to the community.

In the file includes/functions_posting.php, edit the code for the function submit_post() to return if spam is detected.

I changed this code from:

        if (isset($data['force_visibility']))
        {
                   $post_visibility = (in_array((int) $data['force_visibility'], array(ITEM_APPROVED, ITEM_UNAPPROVED, ITEM_DELETED, ITEM_REAPPROVE))) ? (int) $data['force_visibility'] : $post_visibility;
           }

        // Start the transaction here
        $db->sql_transaction('begin');

To:

    if (isset($data['force_visibility']))
        {
                $post_visibility = (in_array((int) $data['force_visibility'], array(ITEM_APPROVED, ITEM_UNAPPROVED, ITEM_DELETED, ITEM_REAPPROVE))) ? (int) $data['force_visibility'] : $post_visibility;
        }

    //Code added to block posts which contain spam:
    if (isset($data['message']) and isset($subject)) {
       //create a list of banned words found in spam posts:
       $aSpamWords = array(
         'viagra',
         'cialis',
         'levitra'
       );
       $checkTxt = $data['message'] . $subject;

       foreach ($aSpamWords as $word) {
         if (mb_stripos($checkTxt, $word, 0, 'UTF-8') !== false) {
            return false;
         }
       }
       //automatically delete any post containing a Chinese character:
       if (preg_match("/\p{Han}+/u", $checkTxt)) {
          return false;
       }
     }
     //end spam filter code

        // Start the transaction here
        $db->sql_transaction('begin');

This code has proven pretty effective at stopping the obnoxious Chinese spammer. More words can be added to the banned list for specific types of spammers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s