spambot.module 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410
  1. <?php
  2. /**
  3. * @file
  4. * Anti-spam module that uses data from www.stopforumspam.com to protect the user registration form against known spammers and spambots.
  5. *
  6. */
  7. define('SPAMBOT_ACTION_NONE', 0);
  8. define('SPAMBOT_ACTION_BLOCK', 1);
  9. define('SPAMBOT_ACTION_DELETE', 2);
  10. define('SPAMBOT_DEFAULT_BLOCKED_MESSAGE', 'Your email address or username or IP address is blacklisted.');
  11. /**
  12. * Implements hook_permission()
  13. */
  14. function spambot_permission() {
  15. return array(
  16. 'protected from spambot scans' => array(
  17. 'title' => t('Protected from spambot scans')
  18. ),
  19. );
  20. }
  21. /**
  22. * Implements hook_menu().
  23. */
  24. function spambot_menu() {
  25. $items = array();
  26. $items['admin/config/system/spambot'] = array(
  27. 'title' => 'Spambot',
  28. 'description' => 'Configure the spambot module',
  29. 'page callback' => 'drupal_get_form',
  30. 'page arguments' => array('spambot_settings_form'),
  31. 'access arguments' => array('administer site configuration'),
  32. 'file' => 'spambot.admin.inc',
  33. );
  34. $items['user/%user/spambot'] = array(
  35. 'title' => 'Spam',
  36. 'page callback' => 'drupal_get_form',
  37. 'page arguments' => array('spambot_user_spam_admin_form', 1),
  38. 'access arguments' => array('administer users'),
  39. 'type' => MENU_LOCAL_TASK,
  40. 'file' => 'spambot.pages.inc',
  41. );
  42. return $items;
  43. }
  44. /**
  45. * Implementation of hook_form_FORM_ID_alter()
  46. */
  47. function spambot_form_user_register_form_alter(&$form, &$form_state, $form_id) {
  48. if (variable_get('spambot_user_register_protect', TRUE) && !user_access('administer users')) {
  49. $form['#validate'][] = 'spambot_user_register_validate';
  50. }
  51. }
  52. /**
  53. * Validate the user_register form
  54. */
  55. function spambot_user_register_validate($form, &$form_state) {
  56. $email_threshold = variable_get('spambot_criteria_email', 1);
  57. $username_threshold = variable_get('spambot_criteria_username', 0);
  58. $ip_threshold = variable_get('spambot_criteria_ip', 20);
  59. // Build request parameters according to the criteria to use
  60. $request = array();
  61. if (!empty($form_state['values']['mail']) && $email_threshold > 0) {
  62. $request['email'] = $form_state['values']['mail'];
  63. }
  64. if (!empty($form_state['values']['name']) && $username_threshold > 0) {
  65. $request['username'] = $form_state['values']['name'];
  66. }
  67. if ($ip_threshold > 0) {
  68. $ip = ip_address();
  69. // Don't check the loopback interface
  70. if ($ip != '127.0.0.1') {
  71. $request['ip'] = $ip;
  72. }
  73. }
  74. // Only do a remote API request if there is anything to check
  75. if (count($request)) {
  76. $data = array();
  77. if (spambot_sfs_request($request, $data)) {
  78. $substitutions = array(
  79. '@email' => $form_state['values']['mail'], '%email' => $form_state['values']['mail'],
  80. '@username' => $form_state['values']['name'], '%username' => $form_state['values']['name'],
  81. '@ip' => ip_address(), '%ip' => ip_address(),
  82. );
  83. $reasons = array();
  84. if ($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) {
  85. form_set_error('mail', t(variable_get('spambot_blocked_message_email', t(SPAMBOT_DEFAULT_BLOCKED_MESSAGE)), $substitutions));
  86. $reasons[] = t('email=@value', array('@value' => $request['email']));
  87. }
  88. if ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold) {
  89. form_set_error('name', t(variable_get('spambot_blocked_message_username', t(SPAMBOT_DEFAULT_BLOCKED_MESSAGE)), $substitutions));
  90. $reasons[] = t('username=@value', array('@value' => $request['username']));
  91. }
  92. if ($ip_threshold > 0 && !empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
  93. form_set_error('', t(variable_get('spambot_blocked_message_ip', t(SPAMBOT_DEFAULT_BLOCKED_MESSAGE)), $substitutions));
  94. $reasons[] = t('ip=@value', array('@value' => $request['ip']));
  95. }
  96. if (count($reasons)) {
  97. watchdog('spambot', 'Blocked registration: @reasons', array('@reasons' => join(',', $reasons)));
  98. // Slow them down if configured
  99. $delay = variable_get('spambot_blacklisted_delay', 0);
  100. if ($delay) {
  101. sleep($delay);
  102. }
  103. }
  104. }
  105. }
  106. }
  107. /**
  108. * Implementation of hook_node_insert
  109. *
  110. * Keeps table node_spambot up to date
  111. */
  112. function spambot_node_insert($node) {
  113. db_insert('node_spambot')->fields(array('nid' => $node->nid, 'uid' => $node->uid, 'hostname' => ip_address()))->execute();
  114. }
  115. /**
  116. * Implementation of hook_node_delete
  117. *
  118. * Keeps table node_spambot up to date
  119. */
  120. function spambot_node_delete($node) {
  121. db_delete('node_spambot')->condition('nid', $node->nid)->execute();
  122. }
  123. /**
  124. * Implementation of hook_cron
  125. */
  126. function spambot_cron() {
  127. $limit = variable_get('spambot_cron_user_limit', 0);
  128. if ($limit) {
  129. $last_uid = variable_get('spambot_last_checked_uid', 0);
  130. if ($last_uid < 1) {
  131. // Skip scanning the first account
  132. $last_uid = 1;
  133. }
  134. $uids = db_select('users')->fields('users', array('uid'))
  135. ->condition('uid', $last_uid, '>')->orderBy('uid')
  136. ->range(0, $limit)->execute()->fetchCol();
  137. $action = variable_get('spambot_spam_account_action', SPAMBOT_ACTION_NONE);
  138. foreach ($uids as $uid) {
  139. $account = user_load($uid);
  140. if ($account->status || variable_get('spambot_check_blocked_accounts', FALSE)) {
  141. $result = spambot_account_is_spammer($account);
  142. if ($result > 0) {
  143. $link = l(t('spammer'), 'user/' . $account->uid);
  144. switch (user_access('protected from spambot scans', $account) ? SPAMBOT_ACTION_NONE : $action) {
  145. case SPAMBOT_ACTION_BLOCK:
  146. if ($account->status) {
  147. user_save($account, array('status' => 0));
  148. watchdog('spambot', 'Blocked spam account: @name &lt;@email&gt; (uid @uid)', array('@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid), WATCHDOG_NOTICE, $link);
  149. }
  150. else {
  151. // Don't block an already blocked account
  152. watchdog('spambot', t('Spam account already blocked: @name &lt;@email&gt; (uid @uid)', array('@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid)), array(), WATCHDOG_NOTICE, $link);
  153. }
  154. break;
  155. case SPAMBOT_ACTION_DELETE:
  156. user_delete($account->uid);
  157. watchdog('spambot', 'Deleted spam account: @name &lt;@email&gt; (uid @uid)', array('@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid), WATCHDOG_NOTICE, $link);
  158. break;
  159. default:
  160. watchdog('spambot', 'Found spam account: @name &lt;@email&gt; (uid @uid)', array('@name' => $account->name, '@email' => $account->mail, '@uid' => $account->uid), WATCHDOG_NOTICE, $link);
  161. break;
  162. }
  163. // Mark this uid as successfully checked
  164. variable_set('spambot_last_checked_uid', $uid);
  165. }
  166. else if ($result == 0) {
  167. // Mark this uid as successfully checked
  168. variable_set('spambot_last_checked_uid', $uid);
  169. }
  170. else if ($result < 0) {
  171. // Error contacting service, so pause processing
  172. break;
  173. }
  174. }
  175. }
  176. }
  177. }
  178. /**
  179. * Invoke www.stopforumspam.com's api
  180. *
  181. * @param $query
  182. * A keyed array of url parameters ie. array('email' => 'blah@blah.com')
  183. * @param $data
  184. * An array that will be filled with the data from www.stopforumspam.com.
  185. *
  186. * @return
  187. * TRUE on successful request (and $data will contain the data), FALSE if error
  188. *
  189. * $data should be an array of the following form:
  190. * Array
  191. * (
  192. * [success] => 1
  193. * [email] => Array
  194. * (
  195. * [lastseen] => 2010-01-10 08:41:26
  196. * [frequency] => 2
  197. * [appears] => 1
  198. * )
  199. *
  200. * [username] => Array
  201. * (
  202. * [frequency] => 0
  203. * [appears] => 0
  204. * )
  205. * )
  206. *
  207. */
  208. function spambot_sfs_request($query, &$data) {
  209. // An empty request results in no match
  210. if (empty($query)) {
  211. return FALSE;
  212. }
  213. // Use php serialisation format
  214. $query['f'] = 'serial';
  215. $url = 'http://www.stopforumspam.com/api?' . http_build_query($query, '', '&');
  216. $result = drupal_http_request($url);
  217. if (!empty($result->code) && $result->code == 200 && empty($result->error) && !empty($result->data)) {
  218. $data = unserialize($result->data);
  219. if (!empty($data['success'])) {
  220. return TRUE;
  221. }
  222. else {
  223. watchdog('spambot', "Request unsuccessful: @url <pre>\n@dump</pre>", array('@url' => $url, '@dump' => print_r($data, TRUE)));
  224. }
  225. }
  226. else {
  227. watchdog('spambot', "Error contacting service: @url <pre>\n@dump</pre>", array('@url' => $url, '@dump' => print_r($result, TRUE)));
  228. }
  229. return FALSE;
  230. }
  231. /**
  232. * Checks an account to see if it's a spammer.
  233. * This one uses configurable automated criteria checking of email and username only
  234. *
  235. * @return
  236. * positive if spammer, 0 if not spammer, negative if error
  237. */
  238. function spambot_account_is_spammer($account) {
  239. $email_threshold = variable_get('spambot_criteria_email', 1);
  240. $username_threshold = variable_get('spambot_criteria_username', 0);
  241. $ip_threshold = variable_get('spambot_criteria_ip', 20);
  242. // Build request parameters according to the criteria to use
  243. $request = array();
  244. if (!empty($account->mail) && $email_threshold > 0) {
  245. $request['email'] = $account->mail;
  246. }
  247. if (!empty($account->name) && $username_threshold > 0) {
  248. $request['username'] = $account->name;
  249. }
  250. // Only do a remote API request if there is anything to check
  251. if (count($request)) {
  252. $data = array();
  253. if (spambot_sfs_request($request, $data)) {
  254. if (($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) ||
  255. ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold)) {
  256. return 1;
  257. }
  258. }
  259. else {
  260. // Return error
  261. return -1;
  262. }
  263. }
  264. // Now check IP's
  265. // If any IP matches the threshold, then flag as a spammer
  266. if ($ip_threshold > 0) {
  267. $ips = spambot_account_ip_addresses($account);
  268. foreach ($ips as $ip) {
  269. // Skip the loopback interface
  270. if ($ip == '127.0.0.1') {
  271. continue;
  272. }
  273. $request = array('ip' => $ip);
  274. $data = array();
  275. if (spambot_sfs_request($request, $data)) {
  276. if (!empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
  277. return 1;
  278. }
  279. }
  280. else {
  281. // Abort on error
  282. return -1;
  283. }
  284. }
  285. }
  286. // Return no match
  287. return 0;
  288. }
  289. /**
  290. * Retrieves a list of IP addresses for an account
  291. *
  292. * @param $account
  293. * Account to retrieve IP addresses for
  294. *
  295. * @return
  296. * An array of IP addresses, or an empty array if none found
  297. */
  298. function spambot_account_ip_addresses($account) {
  299. $hostnames = array();
  300. // Retrieve IPs from node_spambot table
  301. $items = db_select('node_spambot')->fields('node_spambot', array('hostname'))
  302. ->condition('uid', $account->uid, '=')->distinct()->execute()->fetchCol();
  303. $hostnames = array_merge($hostnames, $items);
  304. // Retrieve IPs from any sessions which may still exist
  305. $items = db_select('sessions')->fields('sessions', array('hostname'))
  306. ->condition('uid', $account->uid, '=')->distinct()->execute()->fetchCol();
  307. $hostnames = array_merge($hostnames, $items);
  308. // Retrieve IPs from comments
  309. if (module_exists('comment')) {
  310. $items = db_select('comment')->fields('comment', array('hostname'))
  311. ->condition('uid', $account->uid, '=')->distinct()->execute()->fetchCol();
  312. $hostnames = array_merge($hostnames, $items);
  313. }
  314. // Retrieve IPs from statistics
  315. if (module_exists('statistics')) {
  316. $items = db_select('accesslog')->fields('accesslog', array('hostname'))
  317. ->condition('uid', $account->uid, '=')->distinct()->execute()->fetchCol();
  318. $hostnames = array_merge($hostnames, $items);
  319. }
  320. // Retrieve IPs from user stats
  321. if (module_exists('user_stats')) {
  322. $items = db_select('user_stats_ips')->fields('user_stats_ips', array('ip_address'))
  323. ->condition('uid', $account->uid, '=')->distinct()->execute()->fetchCol();
  324. $hostnames = array_merge($hostnames, $items);
  325. }
  326. $hostnames = array_unique($hostnames);
  327. return $hostnames;
  328. }
  329. /**
  330. * Reports an account as a spammer. Requires ip address and evidence of a single incident
  331. *
  332. * @param $account
  333. * Account to report
  334. * @param $ip
  335. * IP address to report
  336. * @param $evidence
  337. * Evidence to report
  338. *
  339. * @return
  340. * TRUE if successful, FALSE if error
  341. */
  342. function spambot_report_account($account, $ip, $evidence) {
  343. $success = FALSE;
  344. $key = variable_get('spambot_sfs_api_key', FALSE);
  345. if ($key) {
  346. $query['api_key'] = $key;
  347. $query['email'] = $account->mail;
  348. $query['username'] = $account->name;
  349. $query['ip_addr'] = $ip;
  350. $query['evidence'] = $evidence;
  351. $url = 'http://www.stopforumspam.com/add.php?' . http_build_query($query, '', '&');
  352. $result = drupal_http_request($url);
  353. if (!empty($result->code) && $result->code == 200 && !empty($result->data) && stripos($result->data, 'data submitted successfully') !== FALSE) {
  354. $success = TRUE;
  355. }
  356. else if (stripos($result->data, 'duplicate') !== FALSE) {
  357. // www.stopforumspam.com can return a 503 code with data = '<p>recent duplicate entry</p>'
  358. // which we will treat as successful.
  359. $success = TRUE;
  360. }
  361. else {
  362. watchdog('spambot', "Error reporting account: @url <pre>\n@dump</pre>", array('@url' => $url, '@dump' => print_r($result, TRUE)));
  363. }
  364. }
  365. return $success;
  366. }