spambot.module 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600
  1. <?php
  2. /**
  3. * @file
  4. * Main module file.
  5. *
  6. * Anti-spam module that uses data from www.stopforumspam.com
  7. * to protect the user registration form against known spammers and spambots.
  8. */
  9. define('SPAMBOT_ACTION_NONE', 0);
  10. define('SPAMBOT_ACTION_BLOCK', 1);
  11. define('SPAMBOT_ACTION_DELETE', 2);
  12. define('SPAMBOT_DEFAULT_CRITERIA_EMAIL', 1);
  13. define('SPAMBOT_DEFAULT_CRITERIA_USERNAME', 0);
  14. define('SPAMBOT_DEFAULT_CRITERIA_IP', 20);
  15. define('SPAMBOT_DEFAULT_DELAY', 0);
  16. define('SPAMBOT_DEFAULT_CRON_USER_LIMIT', 0);
  17. define('SPAMBOT_DEFAULT_BLOCKED_MESSAGE', 'Your email address or username or IP address is blacklisted.');
  18. define('SPAMBOT_MAX_EVIDENCE_LENGTH', 1024);
  19. /**
  20. * Implements hook_menu().
  21. */
  22. function spambot_menu() {
  23. $items['admin/config/system/spambot'] = array(
  24. 'title' => 'Spambot',
  25. 'description' => 'Configure the spambot module',
  26. 'page callback' => 'drupal_get_form',
  27. 'page arguments' => array('spambot_settings_form'),
  28. 'access arguments' => array('administer site configuration'),
  29. 'file' => 'spambot.admin.inc',
  30. );
  31. $items['user/%user/spambot'] = array(
  32. 'title' => 'Spam',
  33. 'page callback' => 'spambot_user_spam',
  34. 'page arguments' => array(1),
  35. 'access arguments' => array('administer users'),
  36. 'type' => MENU_LOCAL_TASK,
  37. 'file' => 'spambot.pages.inc',
  38. );
  39. return $items;
  40. }
  41. /**
  42. * Implements hook_permission().
  43. */
  44. function spambot_permission() {
  45. return array(
  46. 'protected from spambot scans' => array(
  47. 'title' => t('Protected from spambot scans'),
  48. 'description' => t('Roles with this access permission would not be checked for spammer'),
  49. ),
  50. );
  51. }
  52. /**
  53. * Implements hook_admin_paths().
  54. */
  55. function spambot_admin_paths() {
  56. $paths = array(
  57. 'user/*/spambot' => TRUE,
  58. );
  59. return $paths;
  60. }
  61. /**
  62. * Implements hook_form_FORM_ID_alter().
  63. */
  64. function spambot_form_user_register_form_alter(&$form, &$form_state) {
  65. if (variable_get('spambot_user_register_protect', TRUE)) {
  66. spambot_add_form_protection(
  67. $form,
  68. array(
  69. 'mail' => 'mail',
  70. 'name' => 'name',
  71. 'ip' => TRUE,
  72. )
  73. );
  74. }
  75. }
  76. /**
  77. * Implements hook_form_FORM_ID_alter().
  78. */
  79. function spambot_form_user_admin_account_alter(&$form, &$form_state, $form_id) {
  80. foreach ($form['accounts']['#options'] as $uid => $user_options) {
  81. // Change $form['accounts']['#options'][$uid]['operations']['data']
  82. // into a multi-item render array so we can append to it.
  83. $form['accounts']['#options'][$uid]['operations']['data'] = array(
  84. 'edit' => $form['accounts']['#options'][$uid]['operations']['data'],
  85. );
  86. $form['accounts']['#options'][$uid]['operations']['data']['spam'] = array(
  87. '#type' => 'link',
  88. '#title' => t('spam'),
  89. '#href' => "user/$uid/spambot",
  90. // Ugly hack to insert a space.
  91. '#prefix' => ' ',
  92. );
  93. }
  94. }
  95. /**
  96. * Implements hook_node_insert().
  97. */
  98. function spambot_node_insert($node) {
  99. db_insert('node_spambot')
  100. ->fields(array(
  101. 'nid' => $node->nid,
  102. 'uid' => $node->uid,
  103. 'hostname' => ip_address(),
  104. ))
  105. ->execute();
  106. }
  107. /**
  108. * Implements hook_node_delete().
  109. */
  110. function spambot_node_delete($node) {
  111. db_delete('node_spambot')
  112. ->condition('nid', $node->nid)
  113. ->execute();
  114. }
  115. /**
  116. * Implements hook_cron().
  117. */
  118. function spambot_cron() {
  119. if ($limit = variable_get('spambot_cron_user_limit', SPAMBOT_DEFAULT_CRON_USER_LIMIT)) {
  120. $last_uid = variable_get('spambot_last_checked_uid', 0);
  121. if ($last_uid < 1) {
  122. // Skip scanning the anonymous and superadmin users.
  123. $last_uid = 1;
  124. }
  125. $query = db_select('users')
  126. ->fields('users', array('uid'))
  127. ->condition('uid', $last_uid, '>')
  128. ->orderBy('uid')
  129. ->range(0, $limit);
  130. if (!variable_get('spambot_check_blocked_accounts', FALSE)) {
  131. $query->condition('status', 1);
  132. }
  133. $uids = $query
  134. ->execute()
  135. ->fetchCol();
  136. if ($uids) {
  137. $action = variable_get('spambot_spam_account_action', SPAMBOT_ACTION_NONE);
  138. $accounts = user_load_multiple($uids);
  139. foreach ($accounts as $account) {
  140. $result = spambot_account_is_spammer($account);
  141. if ($result > 0) {
  142. $link = l(t('spammer'), 'user/' . $account->uid);
  143. switch (user_access('protected from spambot scans', $account) ? SPAMBOT_ACTION_NONE : $action) {
  144. case SPAMBOT_ACTION_BLOCK:
  145. if ($account->status) {
  146. // Block spammer's account.
  147. $account->status = 0;
  148. user_save($account);
  149. watchdog('spambot', 'Blocked spam account: @name &lt;@email&gt; (uid @uid)', array(
  150. '@name' => $account->name,
  151. '@email' => $account->mail,
  152. '@uid' => $account->uid,
  153. ), WATCHDOG_NOTICE, $link);
  154. }
  155. else {
  156. // Don't block an already blocked account.
  157. watchdog('spambot', 'Spam account already blocked: @name &lt;@email&gt; (uid @uid)', array(
  158. '@name' => $account->name,
  159. '@email' => $account->mail,
  160. '@uid' => $account->uid,
  161. ), WATCHDOG_NOTICE, $link);
  162. }
  163. break;
  164. case SPAMBOT_ACTION_DELETE:
  165. user_delete($account->uid);
  166. watchdog('spambot', 'Deleted spam account: @name &lt;@email&gt; (uid @uid)', array(
  167. '@name' => $account->name,
  168. '@email' => $account->mail,
  169. '@uid' => $account->uid,
  170. ), WATCHDOG_NOTICE, $link);
  171. break;
  172. default:
  173. watchdog('spambot', 'Found spam account: @name &lt;@email&gt; (uid @uid)', array(
  174. '@name' => $account->name,
  175. '@email' => $account->mail,
  176. '@uid' => $account->uid,
  177. ), WATCHDOG_NOTICE, $link);
  178. break;
  179. }
  180. // Mark this uid as successfully checked.
  181. variable_set('spambot_last_checked_uid', $account->uid);
  182. }
  183. elseif ($result == 0) {
  184. // Mark this uid as successfully checked.
  185. variable_set('spambot_last_checked_uid', $account->uid);
  186. }
  187. elseif ($result < 0) {
  188. // Error contacting service, so pause processing.
  189. break;
  190. }
  191. }
  192. }
  193. }
  194. }
  195. /**
  196. * Validate callback for user_register form.
  197. */
  198. function spambot_user_register_form_validate(&$form, &$form_state) {
  199. $validation_field_names = $form['#spambot_validation'];
  200. $values = $form_state['values'];
  201. $form_errors = form_get_errors();
  202. $email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL);
  203. $username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME);
  204. $ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP);
  205. // Build request parameters according to the criteria to use.
  206. $request = array();
  207. if (!empty($values[$validation_field_names['mail']]) && $email_threshold > 0 && !spambot_check_whitelist('email', $values[$validation_field_names['mail']])) {
  208. $request['email'] = $values[$validation_field_names['mail']];
  209. }
  210. if (!empty($values[$validation_field_names['name']]) && $username_threshold > 0 && !spambot_check_whitelist('username', $values[$validation_field_names['name']])) {
  211. $request['username'] = $values[$validation_field_names['name']];
  212. }
  213. $ip = ip_address();
  214. if ($ip_threshold > 0 && $ip != '127.0.0.1' && $validation_field_names['ip'] && !spambot_check_whitelist('ip', $ip)) {
  215. // Make sure we have a valid IPv4 address (API doesn't support IPv6 yet).
  216. if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) {
  217. watchdog('spambot', 'Invalid IP address on registration: @ip. Spambot will not rely on it.', array('@ip' => $ip));
  218. }
  219. else {
  220. $request['ip'] = $ip;
  221. }
  222. }
  223. // Only do a remote API request if there is anything to check.
  224. if ($request && !$form_errors) {
  225. $data = array();
  226. if (spambot_sfs_request($request, $data)) {
  227. $substitutions = array(
  228. '@email' => $values[$validation_field_names['mail']],
  229. '%email' => $values[$validation_field_names['mail']],
  230. '@username' => $values[$validation_field_names['name']],
  231. '%username' => $values[$validation_field_names['name']],
  232. '@ip' => $ip,
  233. '%ip' => $ip,
  234. );
  235. $reasons = array();
  236. if ($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold) {
  237. form_set_error('mail', format_string(variable_get('spambot_blocked_message_email', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
  238. $reasons[] = t('email=@value', array('@value' => $request['email']));
  239. }
  240. if ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold) {
  241. form_set_error('name', format_string(variable_get('spambot_blocked_message_username', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
  242. $reasons[] = t('username=@value', array('@value' => $request['username']));
  243. }
  244. if ($ip_threshold > 0 && !empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
  245. form_set_error('', format_string(variable_get('spambot_blocked_message_ip', SPAMBOT_DEFAULT_BLOCKED_MESSAGE), $substitutions));
  246. $reasons[] = t('ip=@value', array('@value' => $request['ip']));
  247. }
  248. if ($reasons) {
  249. if (variable_get('spambot_log_blocked_registration', TRUE)) {
  250. watchdog('spambot', 'Blocked registration: @reasons', array('@reasons' => implode(',', $reasons)));
  251. $hook_args = array(
  252. 'request' => $request,
  253. 'reasons' => $reasons,
  254. );
  255. module_invoke_all('spambot_registration_blocked', $hook_args);
  256. }
  257. // Slow them down if configured.
  258. if ($delay = variable_get('spambot_blacklisted_delay', SPAMBOT_DEFAULT_DELAY)) {
  259. sleep($delay);
  260. }
  261. }
  262. }
  263. }
  264. }
  265. /**
  266. * Invoke www.stopforumspam.com's api.
  267. *
  268. * @param array $query
  269. * A keyed array of url parameters ie. array('email' => 'blah@blah.com').
  270. * @param array $data
  271. * An array that will be filled with the data from www.stopforumspam.com.
  272. *
  273. * @return bool
  274. * TRUE on successful request (and $data will contain the data)
  275. * FALSE otherwise.
  276. */
  277. function spambot_sfs_request(array $query, array &$data) {
  278. // An empty request results in no match.
  279. if (empty($query)) {
  280. return FALSE;
  281. }
  282. // Use php serialisation format.
  283. $query['f'] = 'serial';
  284. $url = 'http://www.stopforumspam.com/api?' . http_build_query($query, '', '&');
  285. $result = drupal_http_request($url);
  286. if (!empty($result->code) && $result->code == 200 && empty($result->error) && !empty($result->data)) {
  287. $data = unserialize($result->data);
  288. if (!empty($data['success'])) {
  289. return TRUE;
  290. }
  291. else {
  292. watchdog('spambot', "Request unsuccessful: %url <pre>\n@dump</pre>", array(
  293. '%url' => $url,
  294. '@dump' => print_r($data, TRUE),
  295. ));
  296. }
  297. }
  298. else {
  299. watchdog('spambot', "Error contacting service: %url <pre>\n@dump</pre>", array(
  300. '%url' => $url,
  301. '@dump' => print_r($result, TRUE),
  302. ));
  303. }
  304. return FALSE;
  305. }
  306. /**
  307. * Checks an account to see if it's a spammer.
  308. *
  309. * This one uses configurable automated criteria checking
  310. * of email and username only.
  311. *
  312. * @param object $account
  313. * User account.
  314. *
  315. * @return int
  316. * Positive if spammer, 0 if not spammer, negative if error.
  317. */
  318. function spambot_account_is_spammer($account) {
  319. $email_threshold = variable_get('spambot_criteria_email', SPAMBOT_DEFAULT_CRITERIA_EMAIL);
  320. $username_threshold = variable_get('spambot_criteria_username', SPAMBOT_DEFAULT_CRITERIA_USERNAME);
  321. $ip_threshold = variable_get('spambot_criteria_ip', SPAMBOT_DEFAULT_CRITERIA_IP);
  322. // Build request parameters according to the criteria to use.
  323. $request = array();
  324. if (!empty($account->mail) && $email_threshold > 0 && !spambot_check_whitelist('email', $account->mail)) {
  325. $request['email'] = $account->mail;
  326. }
  327. if (!empty($account->name) && $username_threshold > 0 && !spambot_check_whitelist('username', $account->name)) {
  328. $request['username'] = $account->name;
  329. }
  330. // Only do a remote API request if there is anything to check.
  331. if ($request) {
  332. $data = array();
  333. if (spambot_sfs_request($request, $data)) {
  334. if (($email_threshold > 0 && !empty($data['email']['appears']) && $data['email']['frequency'] >= $email_threshold)
  335. || ($username_threshold > 0 && !empty($data['username']['appears']) && $data['username']['frequency'] >= $username_threshold)) {
  336. return 1;
  337. }
  338. }
  339. else {
  340. // Return error.
  341. return -1;
  342. }
  343. }
  344. // Now check IP's
  345. // If any IP matches the threshold, then flag as a spammer.
  346. if ($ip_threshold > 0) {
  347. $ips = spambot_account_ip_addresses($account);
  348. foreach ($ips as $ip) {
  349. // Skip the loopback interface.
  350. if ($ip == '127.0.0.1') {
  351. continue;
  352. }
  353. // Make sure we have a valid IPv4 address
  354. // (the API doesn't support IPv6 yet).
  355. elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) === FALSE) {
  356. $link = l(t('user'), 'user/' . $account->uid);
  357. watchdog('spambot', 'Invalid IP address: %ip (uid=%uid, name=%name, email=%email). Spambot will not rely on it.', array(
  358. '%ip' => $ip,
  359. '%name' => $account->name,
  360. '%email' => $account->mail,
  361. '%uid' => $account->uid,
  362. ), WATCHDOG_NOTICE, $link);
  363. continue;
  364. }
  365. $request = array('ip' => $ip);
  366. $data = array();
  367. if (spambot_sfs_request($request, $data)) {
  368. if (!empty($data['ip']['appears']) && $data['ip']['frequency'] >= $ip_threshold) {
  369. return 1;
  370. }
  371. }
  372. else {
  373. // Abort on error.
  374. return -1;
  375. }
  376. }
  377. }
  378. // Return no match.
  379. return 0;
  380. }
  381. /**
  382. * Retrieves a list of IP addresses for an account.
  383. *
  384. * @param object $account
  385. * Account to retrieve IP addresses for.
  386. *
  387. * @return array
  388. * An array of IP addresses, or an empty array if none found
  389. */
  390. function spambot_account_ip_addresses($account) {
  391. $hostnames = array();
  392. // Retrieve IPs from node_spambot table.
  393. $items = db_select('node_spambot')
  394. ->distinct()
  395. ->fields('node_spambot', array('hostname'))
  396. ->condition('uid', $account->uid, '=')
  397. ->execute()
  398. ->fetchCol();
  399. $hostnames = array_merge($hostnames, $items);
  400. // Retrieve IPs from any sessions which may still exist.
  401. $items = db_select('sessions')
  402. ->distinct()
  403. ->fields('sessions', array('hostname'))
  404. ->condition('uid', $account->uid, '=')
  405. ->execute()
  406. ->fetchCol();
  407. $hostnames = array_merge($hostnames, $items);
  408. // Retrieve IPs from comments.
  409. if (module_exists('comment')) {
  410. $items = db_select('comment')
  411. ->distinct()
  412. ->fields('comment', array('hostname'))
  413. ->condition('uid', $account->uid, '=')
  414. ->execute()
  415. ->fetchCol();
  416. $hostnames = array_merge($hostnames, $items);
  417. }
  418. // Retrieve IPs from statistics.
  419. if (module_exists('statistics')) {
  420. $items = db_select('accesslog')
  421. ->distinct()
  422. ->fields('accesslog', array('hostname'))
  423. ->condition('uid', $account->uid, '=')
  424. ->execute()
  425. ->fetchCol();
  426. $hostnames = array_merge($hostnames, $items);
  427. }
  428. // Retrieve IPs from user stats.
  429. if (module_exists('user_stats')) {
  430. $items = db_select('user_stats_ips')
  431. ->distinct()
  432. ->fields('user_stats_ips', array('ip_address'))
  433. ->condition('uid', $account->uid, '=')
  434. ->execute()
  435. ->fetchCol();
  436. $hostnames = array_merge($hostnames, $items);
  437. }
  438. $hostnames = array_unique($hostnames);
  439. return $hostnames;
  440. }
  441. /**
  442. * Reports an account as a spammer.
  443. *
  444. * Requires ip address and evidence of a single incident.
  445. *
  446. * @param object $account
  447. * Account to report.
  448. * @param string $ip
  449. * IP address to report.
  450. * @param string $evidence
  451. * Evidence to report.
  452. *
  453. * @return bool
  454. * TRUE if successful, FALSE if error
  455. */
  456. function spambot_report_account($account, $ip, $evidence) {
  457. $success = FALSE;
  458. if ($key = variable_get('spambot_sfs_api_key', FALSE)) {
  459. $query['api_key'] = $key;
  460. $query['email'] = $account->mail;
  461. $query['username'] = $account->name;
  462. $query['ip_addr'] = $ip;
  463. $query['evidence'] = truncate_utf8($evidence, SPAMBOT_MAX_EVIDENCE_LENGTH);
  464. $url = 'http://www.stopforumspam.com/add.php';
  465. $options = array(
  466. 'headers' => array('Content-type' => 'application/x-www-form-urlencoded'),
  467. 'method' => 'POST',
  468. 'data' => http_build_query($query, '', '&'),
  469. );
  470. $result = drupal_http_request($url, $options);
  471. if (!empty($result->code) && $result->code == 200 && !empty($result->data) && stripos($result->data, 'data submitted successfully') !== FALSE) {
  472. $success = TRUE;
  473. }
  474. elseif (stripos($result->data, 'duplicate') !== FALSE) {
  475. // www.stopforumspam.com can return a 503 code
  476. // with data = '<p>recent duplicate entry</p>'
  477. // which we will treat as successful.
  478. $success = TRUE;
  479. }
  480. else {
  481. watchdog('spambot', "Error reporting account: %url <pre>\n@dump</pre>", array(
  482. '%url' => $url,
  483. '@dump' => print_r($result, TRUE),
  484. ));
  485. }
  486. }
  487. return $success;
  488. }
  489. /**
  490. * Check if current data $type is whitelisted.
  491. *
  492. * @param string $type
  493. * Type can be one of these three values: 'ip', 'email' or 'username'.
  494. * @param string $value
  495. * Value to be checked.
  496. *
  497. * @return bool
  498. * TRUE if data is whitelisted, FALSE otherwise.
  499. */
  500. function spambot_check_whitelist($type, $value) {
  501. switch ($type) {
  502. case 'ip':
  503. $whitelist_ips = variable_get('spambot_whitelist_ip', '');
  504. $result = strpos($whitelist_ips, $value) !== FALSE;
  505. break;
  506. case 'email':
  507. $whitelist_usernames = variable_get('spambot_whitelist_email', '');
  508. $result = strpos($whitelist_usernames, $value) !== FALSE;
  509. break;
  510. case 'username':
  511. $whitelist_emails = variable_get('spambot_whitelist_username', '');
  512. $result = strpos($whitelist_emails, $value) !== FALSE;
  513. break;
  514. default:
  515. $result = FALSE;
  516. break;
  517. }
  518. return $result;
  519. }
  520. /**
  521. * Form builder function to add spambot validations.
  522. *
  523. * @param array $form
  524. * Form array on which will be added spambot validation.
  525. * @param array $options
  526. * Array of options to be added to form.
  527. */
  528. function spambot_add_form_protection(array &$form, array $options = array()) {
  529. // Don't add any protections if the user can bypass the Spambot.
  530. if (!user_access('protected from spambot scans')) {
  531. // Allow other modules to alter the protections applied to this form.
  532. drupal_alter('spambot_form_protections', $options, $form);
  533. $form['#spambot_validation']['name'] = !empty($options['name']) ? $options['name'] : '';
  534. $form['#spambot_validation']['mail'] = !empty($options['mail']) ? $options['mail'] : '';
  535. $form['#spambot_validation']['ip'] = isset($options['ip']) && is_bool($options['ip']) ? $options['ip'] : TRUE;
  536. $form['#validate'][] = 'spambot_user_register_form_validate';
  537. }
  538. }