SpamStop plugin for BlogCFC released

Posted @ February 26, 2008 1:00 PM by Jax Related Categories: Coldfusion

Suppose you could check every visitor to your blog to see if he or she  ( or 'it'  in case of a bot ) happens to be a known spammer? And for instance automatically block the ability to add a comment for this visitor?

That is exactly what this plug-in does. And more.
(Click the cop icon to the left here to see what it has done for this site already. The data is realtime by the way...)

Do a quick check and open my contact page. If you get a warning message instead of a form, your ip address is listed with Project Honeypot...

The plugin makes use of the services of the excellent Project Honeypot initiative. Every visitor is checked  against their huge database and returns the info you need. Eg. is it a comment spammer, or is it a harvester? Is it merely a suspicious IP ? When was it last caught doing shady things on the net?
You decide, based on your configuration, what such a visitor is allowed to see and/or use on your blog.  When the session variable 'session.spamstop.limitAccess'  holds a value of  'true'  you can redirect a visitor. Simple, no ?

Update: fixed a small typo in the installation instructions..


Every bad guy that visits your blog is also logged in the database, and included is a BlogCFC pod you can use to keep track of the number of spammers, harvesters, suspicious ip's and search engines that visited your blog.

The Project Honeypot offers many more options you can use and I highly recommend installing a few 'honey pots' on your site to help them catch and identify  the bad guys. It's free and will make the world a better place in the end, so why not?

In order to get things rolling, get yourself a free access key from Project Honeypot (get it here), download the plugin here, and configure it. 

nb. Installation and configuration instructions are also included in the download.



Comments (21) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 4176 Views

Related Blog Entries

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

[Add Comment]
  1. Kyle Hayes's Gravatar Kyle Hayes 2/26/08 10:50 PM
    Looks like a great plugin. Good use of existing services instead of re-inventing the wheel.
  2. Andrew Scott's Gravatar Andrew Scott 3/13/08 7:49 PM
    This seems to be broken.

    How did you test that the call to the honeypot actually works? The website states that

    <cfset aVal = gethostaddress("#hpkey#.#reverseip(arguments.ip)#.dnsbl.httpbl.org")>

    Will only work with an Apache module, did you try your code with IIS? And if you didn't why did you not state this limitation on your website?

    Also when you rename your components, make sure you update you install instructions.

    Concept is good, but I am yet to see it work.
  3. jax's Gravatar jax 3/13/08 11:42 PM
    Andrew,

    I am glad you like the plugin, but 'no worries mate!' when you are not 100 % satisfied you can get your money back.

    Your comment about using IIS or Apache absolutely makes no sense whatsoever.

    If you 'want to see it work' look a litte down this page.. See the SpamStop part on the bottom? See the numbers? Where I normally refuse to test any of my code and just release it right after hitting CTRL-S, this time I have actually gone through the painstaking process of testing what I wrote just to see if would work. All at no extra charge.

    I'll have a look at he install instructions.

    PS. This system runs on IIS, in case you want to further investigate the apache/IIS incompatibility thingy.
  4. John Stottlemire's Gravatar John Stottlemire 3/23/08 6:35 PM
    In your sqlserver.sql file:

    your ALTER TABLE command is currently addressing tblbloghoneypo
    needs to be changed to tblbloghoneypot (the t is missing) on both lines
  5. jax's Gravatar jax 3/24/08 12:35 AM
    Thanks for that John!
    Fixed it.
  6. Tjarko's Gravatar Tjarko 3/27/08 6:18 PM
    Nice!! seems very familiar ;-) Did you do any changes to the CFC?? I was just wondering because I want to change some things and maybe you already did that.
  7. jax's Gravatar jax 3/27/08 6:21 PM
    Hey Tjakkie!

    Yes, I took the code you posted on mximize.com as a starting point. There are quite a few changes made to it, but the base is still the same. :-)
  8. John Stottlemire's Gravatar John Stottlemire 3/29/08 8:17 PM
    Jax,

    One more question. (And I know the answer is apparent, but I want to be certain).

    If I simply want to block all access to the site to the "harvestors" will this code work?
    <code>
    <cfif not structKeyExists(session,"spamstop") or isDefined("url.reinit")>
    <cfset session.spamstop = application.plugins.spamstop.honeypotcheck(cgi.remote_addr)>
    <cfif session.spamstop.limitaccess="true">
    <!--- only allow them to see my honeypot --->
    <cfinclude template="honeypoturl.cfm">
    <cfabort>
    </cfif>
    </cfif>
    </code>

    or should the code be outside of "cfif not structKeyExists"

    Thanks again,

    -john
  9. jax's Gravatar jax 3/30/08 3:18 AM
    Yep. That should work. :-)
    You can test it, by obtaining a harvester ip address at the projecthoneypot.org website.
    Replace cgi.remote_addr with the ip you copied from there and see what happens..

    Don't forget to change it back though. :-)
  10. jax's Gravatar jax 3/30/08 3:22 AM
    I just realised that the downside here is that when a user refreshes the page after the first visit, your code will be bypassed because session.spamstop will then exist..
    So yes, it should be out side the stuctkeyexist, and instead be placed after it.
  11. John Stottlemire's Gravatar John Stottlemire 3/30/08 6:28 AM
    Having said that Jax, if the spam harvester is in fact malicious and sent to the honeypot page, would it do a refresh to see if was redirected through a cfinclude tag?

    I'm thinking, if they return they'll have a different sessionid and this would keep the cfif statement from executing each time a "real visitor" loads a page.

    just my thought.

    Also, I sent an email and noted another bug in your code. The cfif sessioin.spamstop statement should be changed to eq instead of "=" in your instructions.

    -john
  12. Andrew Scott's Gravatar Andrew Scott 3/30/08 11:26 AM
    Ok,

    As for the IIS thing I am going by the docs at honeypot, because you are doing a look up on "#hpkey#.#reverseip(arguments.ip)#.dnsbl.httpbl.org" and under IIS for me this always fails.

    I guess when that line fails to me it was look further into the docs, and thats where I read the apache only thing.

    For me that line posted above is the show stopper, it never connects to honeypot.
  13. jax's Gravatar jax 3/30/08 1:54 PM
    Andrew,

    I have no idea why it stops execution on that line at yours. It has nothing to do with IIS that much I know... It seems the service cannot be reached from your server, is there maybe a proxy in between possibly, allthough that doesn't seem likely..
  14. Tjarko's Gravatar Tjarko 3/30/08 3:35 PM
    @andrew, Can you do an <cfhttp url="somurl" method="get"> without any problems on your server?? If not, check you DNS and proxy settings because that's where your "problem" is. The honeypot lookup is nothing more than.... a lookup, the only thing it needs is a properly setup of the DNS on your server.

    The problem points to a wrong setup of the server, not the code.
  15. Andrew Scott's Gravatar Andrew Scott 3/31/08 3:32 AM
    @Jax, the reason I said that it is an IIS thiung maybe because of the docs., in other words. The reverse 1234567890.10.10.10.10.dnsbl.httpbl.org, and the docs state for this to work there needs to be an apache module, and is not supported under IIS. So that was my assumption.

    @Tjarko, yes I have tried the cfhttp and even tried it directly from the browser.

    Where in your docs does it say I need to make DNS settings?
  16. jax's Gravatar jax 3/31/08 11:29 AM
    Andrew, you've misread the docs. The module you talk about is one that automatically queries the HTTP:BL service for you.. without writing any CFML code.
    The plug-in I wrote does NOT make use of such a module. Never has, never will. Therefore the discussion about whether 'a module' is installed or not is pointless. :-)

    You don't need to make specific DNS settings either. Tjarko probably meant that something else is amiss on the server you are running it from.

    Nevertheless, the behavior on your machine is very interesting and if you have more info about what is happening, please let me know !
  17. a spammer's Gravatar a spammer 4/2/08 3:39 PM
    Try rssnewsdigest.com, a new comprehensive spammer. With NeedForNews, you don ’t really have to go anywhere else.(And as as an added bonus we will spam your comments with lame messages like this)
    rssnewsdigestSUCKS.com
    realwebnewsSUCKS.com
  18. Mark's Gravatar Mark 8/4/08 5:52 AM
    On line 301 of spamstop.ini.cfc, there is an error. You would not know it unless you went through the logs. There is a variable called honeyPotLogStartDate and it should be honeyPotStartDate.
    Just thought you would want to know.
  19. jax's Gravatar jax 8/6/08 11:12 AM
    Tnx Mark, will fix it!
  20. Amy's Gravatar Amy 8/15/08 11:16 PM
    Hey Jax,
    This was so easy to implement, I thought I was doing it wrong! Thanks. I have a question though -- what if I want to implement this on multiple blogs that all live inside the same db? Would I need to add a "blogid" field to the table update, and to the pod display? I'm new to this world of CF so any thoughts are welcome and helpful! Thanks.

    Amy
  21. dave's Gravatar dave 9/16/08 5:19 PM
    SpamStop plugin for BlogCFC released is great! I dig it into http://www.duyp.net
[Add Comment]