Generic PHP Function Code to Query “Stop Forum Spam” API

====================================
UPDATE: This code is depreciated. I recommend checking out the revisions in the post Simple PHP Function Code to Check IP Against “Stop Forum Spam” API.
====================================

I’ve recently been bombarded with an influx of spam on my multiple forums, wordpress blogs and website contact us forms. As a sysadmin I see it a lot, but it’s getting to the point where it’s actually annoying me. I see so much of it on the servers.

I found this website called Stop Forum Spam that stores and maintains a database of known details of spammers. So if JohnyGreen at nys@affiliatelist.org with the IP address of 92.113.110.125 tries to interact with your forums, wordpress blog or otherwise, you can do a lookup of the details stored at http://www.stopforumspam.com/. If you do, you’ll find at the time of writing 16 results on that username alone. The IP address and email will also flag several results.

From the front page of stopforumspam.com, “We catch a lot of spammers trying to register on forums. And we post their details here.  We currently have information on 873718 spammers since about December 2006. Here is the last 12 hours worth of spammers caught in our traps.”

The website also offers APIs that you can use to query their database. For example:

http://www.stopforumspam.com/api?ip=71.194.95.244
http://www.stopforumspam.com/api?email=i-m-spammer@domain.cn
http://www.stopforumspam.com/api?username=TestUserNameHere

Based on that, this neat little XML result is returned:

<response success=”true”>
<type>ip</type>
<appears>yes</appears>
<lastseen>2009-10-26 11:55:07</lastseen>
<frequency>78</frequency>
</response>

Depending on the platform, there are a lot of plugins/mods developed for your forum or bulletin board. Simply implement them using the instructions of the plugin developer.

Interestingly, I searched the WordPress Plugin database and found a heap of plugins that query the database and block potential attacks or abuse of your blog or website. Check out the plugin results! I currently use the WP-NoSpamUser wordpress plugin on some of my other blogs (it works very well, lots of options to choose from).

The Stop Forum Spam download page also references code examples by other third party developers. Being a PHP developer, I checked out the work of Smurf_Minions who wrote their own code to check for spam bots using the Stop Forum Spam API. They also released their source code! While the developer has done an excellent job, I thought I could improve upon their code a little. So I set out to make something a little more generic and useful to the every day web developer to use.

I rewrote the primary function and added a little bit more internal documentation for anyone who wants to take this and improve on it further, or adapt it to their own custom use. You can pretty much just reference the function below and pass the data you want to check. It will return a Boolean result of true/false or 1/0. The latest version is included below. Monitor the revision number for new versions.

<?php
function CheckIfSpambot($emailAddress, $ipAddress, $userName, $debug = false)
{

// *********************************
// Code originally written by Smurf_Minions (http://guildwarsholland.nl/)
// Original Source: http://guildwarsholland.nl/phphulp/testspambot.php
//
// Modified by Brendan Erskine (https://sysadminspot.com/)
// Last Modified: 8 May 2010
// Revision Number: 2.0
// *********************************

// Initiate and declare spambot/errorDetected as false – as we’re just getting started
$spambot = false;
$errorDetected = false;

// ————-
// Check email address
// ————-

if ($emailAddress != “”)
{
$xml_string = file_get_contents(“http://www.stopforumspam.com/api?email=” . urlencode($emailAddress));
$xml = new SimpleXMLElement($xml_string);

if ($xml->appears == “yes”) // Was the result was registered
{
$spambot = true; // Check failed. Result indicates dangerous.
}
elseif ($xml->appears == “no”) // Check passed. Result returned safe.
{
$spambot = false; // Check passed. Result returned safe.
}
else
{
$errorDetected = true; // Test returned neither positive or negative result. Service might be down?
}
}

// ————-
// Check IP Address
// ————-
if ($spambot != true && $ipAddress != “”)
{
$xml_string = file_get_contents(“http://www.stopforumspam.com/api?ip=” . urlencode($ipAddress));
$xml = new SimpleXMLElement($xml_string);

if ($xml->appears == “yes”) // Was the result was registered
{
$spambot = true; // Check failed. Result indicates dangerous.
}
elseif ($xml->appears == “no”) // Check passed. Result returned safe.
{
$spambot = false; // Check passed. Result returned safe.
}
else
{
$errorDetected = true; // Test returned neither positive or negative result. Service might be down?
}
}

// ————-
// Check Username
// ————-
if ($spambot != true && $userName != “”)
{
$xml_string = file_get_contents(“http://www.stopforumspam.com/api?username=” . urlencode($userName));
$xml = new SimpleXMLElement($xml_string);

if ($xml->appears == “yes”) // Was the result was registered
{
$spambot = true; // Check failed. Result indicates dangerous.
}
elseif ($xml->appears == “no”) // Check passed. Result returned safe.
{
$spambot = false; // Check passed. Result returned safe.
}
else
{
$errorDetected = true; // Test returned neither positive or negative result. Service might be down?
}
}

// To debug function, call it with the debug flag as true and instead the function will return whether or not an error was detected, rather than the test result.
if ($debug == true)
{
return $errorDetected; // If enabled, return whether or not an error was detected
}
else
{
return $spambot; // Return test results as either true/false or 1/0
}
}
?>

If you want to test the above function, put the above code in a file called spambotcheck.php. Then add the following code to insert a form and result handling to the page:

<?php
if (isset($_GET[check]))
{
$result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName]);

switch ($result)
{
case 0:
echo “Negative result”;
break;

case 1:
echo “Positive result”;
break;

default:
echo “You broke it!”;
}
}
?>
<form method=”post” action=”<?php echo $_SERVER[“PHP_SELF”]; ?>?check”>
<label>Username
<input type=”text” name=”userName” id=”userName”>
</label>
<label>IP Address
<input type=”text” name=”ipAddress” id=”ipAddress”>
</label>
<label>Email Address
<input type=”text” name=”emailAddress” id=”emailAddress”>
</label>
<input type=”submit” name=”button” id=”button” value=”Submit”>
</form>

If you want to demo the output, check out my own spambotcheck.php demo.

My tests so far show it works reasonable well. The only way I would improve this further is the debugging ability. The API results return success=”true” or success=”false” which could be built into the error checking. To use the debugging at the moment, you need to modify your function call to something like this:

// Add a true flag in the forth parameter
$result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName], true);

// Or use 1 as the fourth parameter.
$result = CheckIfSpambot($_POST[emailAddress], $_POST[ipAddress], $_POST[userName], 1);

It will change the returned value to whether an error was detected (true) or not (false) instead of a spammer detected (true) or not (false). Make sure you reset debugging back to false (or remove the parameter) otherwise you’ll be getting misleading results back!!

Similar Posts:

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)
Generic PHP Function Code to Query "Stop Forum Spam" API, 5.0 out of 5 based on 1 rating
Tags: , .

2 Responses to Generic PHP Function Code to Query “Stop Forum Spam” API

  1. Pingback: Simple PHP Function Code to Check IP Against “Stop Forum Spam” API | SysadminSpot.com, SysAdmins, Server Administrators and IT Consultants

  2. Pingback: PHP Code Block Vent In Spite of Spammers - The SysAdmin Spot Blog

What are your thoughts?