'Spambot', 'description' => 'Configure the spambot module', 'page callback' => 'drupal_get_form', 'page arguments' => array('spambot_settings_form'), 'access arguments' => array('administer site configuration'), 'file' => 'spambot.admin.inc', ); $items['user/%user/spambot'] = array( 'title' => 'Spam', 'page callback' => 'spambot_user_spam', 'page arguments' => array(1), 'access arguments' => array('administer users'), 'type' => MENU_LOCAL_TASK, 'file' => 'spambot.pages.inc', ); return $items; } /** * Implements hook_permission(). */ function spambot_permission() { return array( 'protected from spambot scans' => array( 'title' => t('Protected from spambot scans'), 'description' => t('Roles with this access permission would not be checked for spammer'), ), ); } /** * Implements hook_admin_paths(). */ function spambot_admin_paths() { $paths = array( 'user/*/spambot' => TRUE, ); return $paths; } /** * Implements hook_form_FORM_ID_alter(). */ function spambot_form_user_register_form_alter(&$form, &$form_state) { if (variable_get('spambot_user_register_protect', TRUE)) { spambot_add_form_protection( $form, array( 'mail' => 'mail', 'name' => 'name', 'ip' => TRUE, ) ); } } /** * Implements hook_form_FORM_ID_alter(). */ function spambot_form_user_admin_account_alter(&$form, &$form_state, $form_id) { foreach ($form['accounts']['#options'] as $uid => $user_options) { // Change $form['accounts']['#options'][$uid]['operations']['data'] // into a multi-item render array so we can append to it. $form['accounts']['#options'][$uid]['operations']['data'] = array( 'edit' => $form['accounts']['#options'][$uid]['operations']['data'], ); $form['accounts']['#options'][$uid]['operations']['data']['spam'] = array( '#type' => 'link', '#title' => t('spam'), '#href' => "user/$uid/spambot", // Ugly hack to insert a space. '#prefix' => ' ', ); } } /** * Implements hook_node_insert(). */ function spambot_node_insert($node) { db_insert('node_spambot') ->fields(array( 'nid' => $node->nid, 'uid' => $node->uid, 'hostname' => ip_address(), )) ->execute(); } /** * Implements hook_node_delete(). */ function spambot_node_delete($node) { db_delete('node_spambot') ->condition('nid', $node->nid) ->execute(); } /** * Implements hook_cron(). */ function spambot_cron() { if ($limit = variable_get('spambot_cron_user_limit', SPAMBOT_DEFAULT_CRON_USER_LIMIT)) { $last_uid = variable_get('spambot_last_checked_uid', 0); if ($last_uid < 1) { // Skip scanning the anonymous and superadmin users. $last_uid = 1; } $query = db_select('users') ->fields('users', array('uid')) ->condition('uid', $last_uid, '>') ->orderBy('uid') ->range(0, $limit); if (!variable_get('spambot_check_blocked_accounts', FALSE)) { $query->condition('status', 1); } $uids = $query ->execute() ->fetchCol(); if ($uids) { $action = variable_get('spambot_spam_account_action', SPAMBOT_ACTION_NONE); $accounts = user_load_multiple($uids); foreach ($accounts as $account) { $result = spambot_account_is_spammer($account); if ($result > 0) { $link = l(t('spammer'), 'user/' . $account->uid); switch (user_access('protected from spambot scans', $account) ? SPAMBOT_ACTION_NONE : $action) { case SPAMBOT_ACTION_BLOCK: if ($account->status) { // Block spammer's account. $account->status = 0; user_save($account); watchdog('spambot', 'Blocked spam account: @name <@email> (uid @uid)', array( '@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid, ), WATCHDOG_NOTICE, $link); } else { // Don't block an already blocked account. watchdog('spambot', 'Spam account already blocked: @name <@email> (uid @uid)', array( '@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid, ), WATCHDOG_NOTICE, $link); } break; case SPAMBOT_ACTION_DELETE: user_delete($account->uid); watchdog('spambot', 'Deleted spam account: @name <@email> (uid @uid)', array( '@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid, ), WATCHDOG_NOTICE, $link); break; default: watchdog('spambot', 'Found spam account: @name <@email> (uid @uid)', array( '@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid, ), WATCHDOG_NOTICE, $link); break; } // Mark this uid as successfully checked. variable_set('spambot_last_checked_uid', $account->uid); } elseif ($result == 0) { // Mark this uid as successfully checked. variable_set('spambot_last_checked_uid', $account->uid); } elseif ($result < 0) { // Error contacting service, so pause processing. break; } } } } } /** * Validate callback for user_register form. */ function spambot_user_register_form_validate(&$form, &$form_state) { $validation_field_names = $form['#spambot_validation']; $values = $form_state['values']; $form_errors = form_get_errors(); $email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL); $username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME); $ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP); // Build request parameters according to the criteria to use. $request = array(); if (!empty($values[$validation_field_names['mail']]) && $email_threshold > 0 && !spambot_check_whitelist('email', $values[$validation_field_names['mail']])) { $request['email'] = $values[$validation_field_names['mail']]; } if (!empty($values[$validation_field_names['name']]) && $username_threshold > 0 && !spambot_check_whitelist('username', $values[$validation_field_names['name']])) { $request['username'] = $values[$validation_field_names['name']]; } $ip = ip_address(); if ($ip_threshold > 0 && $ip != '127.0.0.1' && $validation_field_names['ip'] && !spambot_check_whitelist('ip', $ip)) { // Make sure we have a valid IPv4 address (API doesn't support IPv6 yet). if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) { watchdog('spambot', 'Invalid IP address on registration: @ip. Spambot will not rely on it.', array('@ip' => $ip)); } else { $request['ip'] = $ip; } } // Only do a remote API request if there is anything to check. if ($request && !$form_errors) { $data = array(); if (spambot_sfs_request($request, $data)) { $substitutions = array( '@email' => $values[$validation_field_names['mail']], '%email' => $values[$validation_field_names['mail']], '@username' => $values[$validation_field_names['name']], '%username' => $values[$validation_field_names['name']], '@ip' => $ip, '%ip' => $ip, ); $reasons = array(); if ($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) { form_set_error('mail', format_string(variable_get('spambot_blocked_message_email', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions)); $reasons[] = t('email=@value', array('@value' => $request['email'])); } if ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold) { form_set_error('name', format_string(variable_get('spambot_blocked_message_username', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions)); $reasons[] = t('username=@value', array('@value' => $request['username'])); } if ($ip_threshold > 0 && !empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) { form_set_error('', format_string(variable_get('spambot_blocked_message_ip', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions)); $reasons[] = t('ip=@value', array('@value' => $request['ip'])); } if ($reasons) { if (variable_get('spambot_log_blocked_registration', TRUE)) { watchdog('spambot', 'Blocked registration: @reasons', array('@reasons' => implode(',', $reasons))); $hook_args = array( 'request' => $request, 'reasons' => $reasons, ); module_invoke_all('spambot_registration_blocked', $hook_args); } // Slow them down if configured. if ($delay = variable_get('spambot_blacklisted_delay', SPAMBOT_DEFAULT_DELAY)) { sleep($delay); } } } } } /** * Invoke www.stopforumspam.com's api. * * @param array $query * A keyed array of url parameters ie. array('email' => 'blah@blah.com'). * @param array $data * An array that will be filled with the data from www.stopforumspam.com. * * @return bool * TRUE on successful request (and $data will contain the data) * FALSE otherwise. */ function spambot_sfs_request(array $query, array &$data) { // An empty request results in no match. if (empty($query)) { return FALSE; } // Use php serialisation format. $query['f'] = 'serial'; $url = 'http://www.stopforumspam.com/api?' . http_build_query($query, '', '&'); $result = drupal_http_request($url); if (!empty($result->code) && $result->code == 200 && empty($result->error) && !empty($result->data)) { $data = unserialize($result->data); if (!empty($data['success'])) { return TRUE; } else { watchdog('spambot', "Request unsuccessful: %url
\n@dump
", array( '%url' => $url, '@dump' => print_r($data, TRUE), )); } } else { watchdog('spambot', "Error contacting service: %url
\n@dump
", array( '%url' => $url, '@dump' => print_r($result, TRUE), )); } return FALSE; } /** * Checks an account to see if it's a spammer. * * This one uses configurable automated criteria checking * of email and username only. * * @param object $account * User account. * * @return int * Positive if spammer, 0 if not spammer, negative if error. */ function spambot_account_is_spammer($account) { $email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL); $username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME); $ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP); // Build request parameters according to the criteria to use. $request = array(); if (!empty($account->mail) && $email_threshold > 0 && !spambot_check_whitelist('email', $account->mail)) { $request['email'] = $account->mail; } if (!empty($account->name) && $username_threshold > 0 && !spambot_check_whitelist('username', $account->name)) { $request['username'] = $account->name; } // Only do a remote API request if there is anything to check. if ($request) { $data = array(); if (spambot_sfs_request($request, $data)) { if (($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) || ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold)) { return 1; } } else { // Return error. return -1; } } // Now check IP's // If any IP matches the threshold, then flag as a spammer. if ($ip_threshold > 0) { $ips = spambot_account_ip_addresses($account); foreach ($ips as $ip) { // Skip the loopback interface. if ($ip == '127.0.0.1') { continue; } // Make sure we have a valid IPv4 address // (the API doesn't support IPv6 yet). elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) { $link = l(t('user'), 'user/' . $account->uid); watchdog('spambot', 'Invalid IP address: %ip (uid=%uid, name=%name, email=%email). Spambot will not rely on it.', array( '%ip' => $ip, '%name' => $account->name, '%email' => $account->mail, '%uid' => $account->uid, ), WATCHDOG_NOTICE, $link); continue; } $request = array('ip' => $ip); $data = array(); if (spambot_sfs_request($request, $data)) { if (!empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) { return 1; } } else { // Abort on error. return -1; } } } // Return no match. return 0; } /** * Retrieves a list of IP addresses for an account. * * @param object $account * Account to retrieve IP addresses for. * * @return array * An array of IP addresses, or an empty array if none found */ function spambot_account_ip_addresses($account) { $hostnames = array(); // Retrieve IPs from node_spambot table. $items = db_select('node_spambot') ->distinct() ->fields('node_spambot', array('hostname')) ->condition('uid', $account->uid, '=') ->execute() ->fetchCol(); $hostnames = array_merge($hostnames, $items); // Retrieve IPs from any sessions which may still exist. $items = db_select('sessions') ->distinct() ->fields('sessions', array('hostname')) ->condition('uid', $account->uid, '=') ->execute() ->fetchCol(); $hostnames = array_merge($hostnames, $items); // Retrieve IPs from comments. if (module_exists('comment')) { $items = db_select('comment') ->distinct() ->fields('comment', array('hostname')) ->condition('uid', $account->uid, '=') ->execute() ->fetchCol(); $hostnames = array_merge($hostnames, $items); } // Retrieve IPs from statistics. if (module_exists('statistics')) { $items = db_select('accesslog') ->distinct() ->fields('accesslog', array('hostname')) ->condition('uid', $account->uid, '=') ->execute() ->fetchCol(); $hostnames = array_merge($hostnames, $items); } // Retrieve IPs from user stats. if (module_exists('user_stats')) { $items = db_select('user_stats_ips') ->distinct() ->fields('user_stats_ips', array('ip_address')) ->condition('uid', $account->uid, '=') ->execute() ->fetchCol(); $hostnames = array_merge($hostnames, $items); } $hostnames = array_unique($hostnames); return $hostnames; } /** * Reports an account as a spammer. * * Requires ip address and evidence of a single incident. * * @param object $account * Account to report. * @param string $ip * IP address to report. * @param string $evidence * Evidence to report. * * @return bool * TRUE if successful, FALSE if error */ function spambot_report_account($account, $ip, $evidence) { $success = FALSE; if ($key = variable_get('spambot_sfs_api_key', FALSE)) { $query['api_key'] = $key; $query['email'] = $account->mail; $query['username'] = $account->name; $query['ip_addr'] = $ip; $query['evidence'] = truncate_utf8($evidence, SPAMBOT_MAX_EVIDENCE_LENGTH); $url = 'http://www.stopforumspam.com/add.php'; $options = array( 'headers' => array('Content-type' => 'application/x-www-form-urlencoded'), 'method' => 'POST', 'data' => http_build_query($query, '', '&'), ); $result = drupal_http_request($url, $options); if (!empty($result->code) && $result->code == 200 && !empty($result->data) && stripos($result->data, 'data submitted successfully') !== FALSE) { $success = TRUE; } elseif (stripos($result->data, 'duplicate') !== FALSE) { // www.stopforumspam.com can return a 503 code // with data = '

recent duplicate entry

' // which we will treat as successful. $success = TRUE; } else { watchdog('spambot', "Error reporting account: %url
\n@dump
", array( '%url' => $url, '@dump' => print_r($result, TRUE), )); } } return $success; } /** * Check if current data $type is whitelisted. * * @param string $type * Type can be one of these three values: 'ip', 'email' or 'username'. * @param string $value * Value to be checked. * * @return bool * TRUE if data is whitelisted, FALSE otherwise. */ function spambot_check_whitelist($type, $value) { switch ($type) { case 'ip': $whitelist_ips = variable_get('spambot_whitelist_ip', ''); $result = strpos($whitelist_ips, $value) !== FALSE; break; case 'email': $whitelist_usernames = variable_get('spambot_whitelist_email', ''); $result = strpos($whitelist_usernames, $value) !== FALSE; break; case 'username': $whitelist_emails = variable_get('spambot_whitelist_username', ''); $result = strpos($whitelist_emails, $value) !== FALSE; break; default: $result = FALSE; break; } return $result; } /** * Form builder function to add spambot validations. * * @param array $form * Form array on which will be added spambot validation. * @param array $options * Array of options to be added to form. */ function spambot_add_form_protection(array &$form, array $options = array()) { // Don't add any protections if the user can bypass the Spambot. if (!user_access('protected from spambot scans')) { // Allow other modules to alter the protections applied to this form. drupal_alter('spambot_form_protections', $options, $form); $form['#spambot_validation']['name'] = !empty($options['name']) ? $options['name'] : ''; $form['#spambot_validation']['mail'] = !empty($options['mail']) ? $options['mail'] : ''; $form['#spambot_validation']['ip'] = isset($options['ip']) && is_bool($options['ip']) ? $options['ip'] : TRUE; $form['#validate'][] = 'spambot_user_register_form_validate'; } }