Fixing The Web

A site for both the WebMaster and the WebUser

Blocking IP addresses listed at stopforumspam.com

Anybody out there need any hackers or spammers looking around on your website? NO. We need to keep them out. My HTCountryBlock and IPCountryBlock utilities do a great job of keeping unwanted countries from our websites and servers, but some of the bad guys take over innocent victim's computers and do their dirty work from there. And some of them also rent servers in countries that we are not blocking in order to perform their nasty deeds.

Well thanks to the nice people at stopforumspam.com, there is a well kept database of bad IP addresses that gets updated by the minute. You can go there and do a search for an IP address and find out if you should be blocking it or not. But that requires a lot of work all day long every day. Soon, you will give up and just delete your message board because it is not worth the trouble to delete all the bad registrations.

That is where my little script comes in. This works on many different message boards, I've personally tried it on phpBB3 and Invision Power. It will no doubt work on others as well. It also works on ordinary websites, not just message boards. You can use it to block any portion of your website or the whole website. This script does the job automatically for you and keeps the bad guys out.

The main requirement is that you have PHP running on your site. And you have to install this script into an existing PHP file that is likely to be accessed by anyone visiting your site or message board. Generally, this would be the index.php file in the home directory of your site. Let's look at a few ways to use this script.

Block the phpBB3 registration page

If you're still using phpBB2, read this part but do not do anything until you read the next section.

The main thing you want to protect on a message board is the registration page. If the crooks can't access your registration page, they cannot submit a regisration. So, let's keep out anyone who is listed at stopforumspam.com from getting to the registration page of a phpBB3 message board.

The first step is to create a nice little html file that will be presented to the bad guys instead of the registration page. Copy the following code into a new file and save it in the main home directory where your forum begins. Name it "stopspammer.html".

<html>
<head>
<title>Spammer detected</title>
</head>
<body>
<h1>IP Detected As Spam Source</h1>
We are sorry, but you are not allowed to register at this
<br>message board as long as your IP address is listed
<br>at stopforumspam.com.
<p>
Once your IP address is removed, you will be allowed.
</body>
</html>

We are actually being very polite. If you prefer, change the message to suit your own taste, they deserver whatever is thrown at them. However, keep in mind that occasionally, an innocent person will be listed because his computer got compromised. Kind of like what happens to many Windows users.

Now, let's add the code that will block the registration pages. Look in the main forum directory and you will find a file called "ucp.php". Load this into a simple text editor and look at the very start, you should see a comment about the license similar to this:

/**
*
* @package ucp
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

Just after this, copy and paste the following code:

$req_uri = $_SERVER['REQUEST_URI'];
$reg_pattern = '/mode=register/';
if (preg_match($reg_pattern, $req_uri)) {
$addr = $_SERVER['REMOTE_ADDR'];
$response = file_get_contents('http://www.stopforumspam.com/api?ip='.$addr);
$pattern = '/<appears>yes<\/appears>/';
if (preg_match($pattern, $response)) {
require_once( './stopspammer.html' );
exit();
}
}

Now, save the file and you are done.

This code checks to see if the requested page is one of the registration pages. If so, it then does a quick lookup to check the user's IP address at stopforumspam.com and if it is listed, it will present the user with the stopspammer.html page instead of any registration page.

This won't slow your message board down at all because the lookup is only being done when someone tries to visit a registration page. The only time this won't catch a bad guy is if he isn't listed at stopforumspam.com yet. So, for any new registrations, you may still want to investigate them, but you will find that your work will be reduced by almost 100 percent.

Block the phpBB2 registration page

For the earlier version of phpBB, you will follow the same instructions as for phpBB3, create the "stopspammer.html" file and then instead of modifying the ucp.php file, you will modify the profile.php file. Load profile.php into a simple text editor and you will find the first line contains the following:

<?php

Just after this first line, add the following code:

$addr = $_SERVER['REMOTE_ADDR'];
$response = file_get_contents('http://www.stopforumspam.com/api?ip='.$addr);
$pattern = '/<appears>yes<\/appears>/';
if (preg_match($pattern, $response)) {
require_once( './stopspammer.html' );
exit();
}

Save the file and you're all done.

Block registrations for Invision Power Board

For the Invision Power Message Board, the work is very similar to what is done for the phpBB3 board. So, begin by creating the stopspammer.html file. Look at the instructions for the phpBB3 board for that.

Now, we will modify the index.php file which can be found in the main home directory of your IP Board. Load the index.php file into any simple text editor and look for the initial comment, it will end with something similar to the following:

 * @package             Invision Power Board
 * @link                http://www.invisionpower.com
 * @version             $Rev: 3887 $
 *
 */

Just after this, add the following code:

$req_uri = $_SERVER['REQUEST_URI'];
$reg_pattern = '/module=global&section=register/';
$addr = $_SERVER['REMOTE_ADDR'];
if (preg_match($reg_pattern, $req_uri)) {
$response = file_get_contents('http://www.stopforumspam.com/api?ip='.$addr);
$pattern = '/<appears>yes<\/appears>/';
if (preg_match($pattern, $response)) {
require_once( './stopspammer.html' );
exit();
}
}

Save the file. Now, anytime someone who is listed at stopforumspam.com attempts to access a registration page, they will be kindly presented with your custom stopspammer.html page instead.

Block from any website with PHP

Now, let's look at a slight variation on the two previous bits of code to block anyone from any portion of a web site. Generally, spammers and hackers will start out at your main index.php file, but in some cases they will enter at other locations too. For those locations, you can simply copy this bit of code into any .php file you choose.

First, follow the instructions above in the phpBB3 section on how to create the stopspammer.html file. Then load up your index.php file into any simple text editor and at the very start of it, insert the following code:

$addr = $_SERVER['REMOTE_ADDR'];
$response = file_get_contents('http://www.stopforumspam.com/api?ip='.$addr);
$pattern = '/<appears>yes<\/appears>/';
if (preg_match($pattern, $response)) {
require_once( './stopspammer.html' );
exit();
}

Save the file and your index.php file is protected. This will keep all hackers and spammers listed at stopforumspam.com from being able to start at the beginning of your website. For other parts of your website, you can add the code there too. Generally, the bad guys always start out at the beginning, though. If they can't find any links to the rest of your site, you will be keeping them out completely. They won't have the chance to look for a message board, blog page, comment areas, or even email addresses. All they will get is the stopspammer.html page.

Note, the way the code is written, the stopspammer.html file must reside in the same directory of the file the code is in. If you repeat the code in other directories, simply make additional copies of the stopspammer.html file there. Or if you know how to write PHP code, you can modify the code to grab the same file.

I hope you can make good use of this. And thank the people at stopforumspam.com while you are at it.

-Maurice