Dolphin Anti Spam support forum. - part 2

Actually you do not want to do it that way.

Over the last several updates i have changed the table structure twice. By doing a backup in that manner it is possible that a restore would damage the new table structure.

I will consider a backup for one of the next versions.

I have two users I am trying to flag as spam.

one shows up in the unconfirmed list

the other one shows up in the approval list.

Neither one of them has anything in their profile that will automatically put them in spam.

I tried searching for their email or userid in the Spam Accounts or Non Spam Accounts, but they did not show up. How I I move them to spam account?

Thanks!

Peer

Dean-

Do you have a tool, that will check messages sent using the Dolphin email system for urls, email addresses or certain key words?

This would keep paying members from sending messages with their email address to non paying members... :)

Also would allow me to filter for words like h o t m m a i l or dot com or at dot com

Thanks!

Peer

If you can't find them, then just delete them using dolphins normal delete functions. Finding them in the non spam account list is the only way you can flag them. Also. unconfirmed, or any other account that is not active do not show up in the non spam account list in the current version. I developed the spam filters for people that do not want to go to the trouble of confirming accounts, so i did not even take unconfirmed accounts into consederation. I will add a option to show all member regardless of active status in the next version.

Chances are they will get caught on one of my honeypot sites at some point and end up in the spam database anyway.

Besides. If they have nothing in their profile that even indicates they are a spammer, then how do you know they actually are? You should not flag accounts as spam unless you are 100% sure they are.

 I don't.

Then you better get on it... its worth to me the same amount of $$ as your other spam tool ;)

Peer

I know they are spam accounts because they say... Buy Coffee.... :D

Again, I'm not complaining, deleting two users a day is manageable.

If you come out with an upgrade, let me know.

Peer

is there a way to add keywords to this blocked list?

Yes. The file is modules/deano/dolphin_anti_spam/data/keywords.txt

In future versions that list will most likely change, and will be over written during updates. And at some point in the future it will be a nightly automatically updated list. So keep that in mind before you decide to manually edit it.

Oh, and don't touch the other two lists in that folder. Those are  special lists for a specific filter and editing them may damage the filter.

I am curious on your current stats. How many are getting by the filters per day. The number should not be very high.

The number is VERY LOW thank you so much!!! However, the word "buy" slipped through a couple of times. I don't know if it is the list or not.... :)

Again, thank you for your wonderful product!!!!! We are so happy... we can finally get to the business of running our site. If you ever need a referral for this product, please let me know.... We will be happy to endorse you!

Peer

The list as it is now is very small. The key word filter was new in the last version. So it's still under development testing various techniques.

The word buy by itself is to generic. I would not include it in a filter system used by a large number of people. It can be used casually as well which can result in false positives.

I future versions there will be the ability to create custom lists. You can add it to the current list if you want, just keep in mind that list will get over written on the next update.

Dean,

Your product continues to work amazingly well.

Again, I am NOT COMPLAINING. Your product has save me hours of agony... and my administrator hours of frustration..

This one message came through with what I believe to be a url.... I have pasted verbatim below for your review.

Greetings! I am Val McVay and I think it sounds quite fantastic when you say it. I am a travel agent but before long I will be on my possess. My friends say it is really not fantastic for me but what I appreciate performing is caravaning and I have been doing it for pretty a even though. For a though I've been in West Virginia. Check out out my website in this article: http://es-ropainteriormasculina.blogspot.com/

I was just migrated to 7.1.3 and getting the error attached.

Please advise.

Thanks!

Peer

Uninstall and re-install the module, however this appears to be a permalink problem with dolphin. Are you having problems accessing any other modules?

You appear to be having problems with other modules as well. And viewing profiles.

Not a problem with my module.

What's the newest version may I ask?

Current version is in the market. http://www.boonex.com/m/dolphin-anti-spam

Version 1.0.3

How does this product interact with the Dolphin Spam in 7.1?

Thanks!

Peer

Works just fine, but it does not interact as in they do not talk to each other.

It functions separately as it is a separate module so it will function properly on all versions of dolphin regardless of what other antispam features have been added.

Version 1.1.0 has been released. This version contains a couple of minor bug fixes and a lot of improvements.

Release NOTES:

06-11-2013 - Improve IP/Proxy detection.
06-14-2013 - More fixes for single quote escaping problem.
06-14-2013 - Added option to enable/disable module.
06-15-2013 - More work done on upcoming honeypot system.
06-15-2013 - Added section to automatically whitelist servers IP address.
06-16-2013 - Added section to manage whitelists.
06-16-2013 - Added option to block visits by banned ip. Defaults to off so nickname and email whitelists will work.
        Previously this was on with no option to shut it off. I determined via trials that off is best.
06-17-2013 - Fixed display of update messages so html is supported.
06-18-2013 - Added section to manage blacklists.
06-22-2013 - Blocked email domains moved from settings to blacklists.
06-22-2013 - Added homograph attack checking for profile headline and description.
06-24-2013 - Added backup section.
06-25-2013 - Added options for auto backups and number of days to keep suto backup files.
07-02-2013 - Fixed bug in profile head/desc link detection.



PLEASE NOTE: In this update the blocked email domain list has been moved from the settings to the new blacklist section.

A little about the changes.

Two new sections have been added. Whitelists and BlackLists.

To make use of the whitelists the mode of operation has been changed from blocking all visits from blocked ip addresses to allowing them. The white lists are useless unless a visitor can get to the join form. This is a option that can be turned back on in the options but is recommend you leave it off. I have tested this setting for quite some time and have determined that off is the best setting.

The new blacklist section now contains the blocked email domains. Review this list to make sure no domains you want to allow are on the list. The blacklist section is also a section that has the ability to download new updates i provide to that list as well as adding your own.

The new whitelist and blacklist section is fully ajax driven.

This version also has a backup system built in to keep settings and other things such as the stats backed up. The backups are automatically done via cron every night and how many backups to keep can be set in the settings section. You can also manually backup at any time which should be done prior to upgrading to new versions. This was added to be able to preserve the stats and logs between version updates.

More features to come. Enjoy the new version.

I would like to replace Sorry. Site is currently down for Maintenance. Please check back later.

With below that would diplay the message in color and then redirect... will the below code work?

Thanks!

P.

<font color="#FF0000"><b>

Some sort of new more specific text here

</b></font>

<script type="text/javascript">

function leave() {

window.location = "http://singlebooklovers.com/m/membership/";

}

setTimeout("leave()", 7000);

Stats all set to Zero. See attachment.

I had a different issue with 1.0, I'm on 1.1 now, where you thought a cron job might not be configured.

I'm pretty sure my cron problems have been resolved no by HFW as other things are working.

Do I have to create a new cron job for this?

Thanks!

Peer

No. It will not. The message is stored using dolphins setting system which strips all of that out. It will not work. Currently there is no way to do that without a lot of code changes.

No.

Stats get reset when the module is uninstalled.

Also, if your running dolphin 7.1.3 or higher, dolphin has new spam filtering that may be enabled which may be blocking most of it. So mine will only block what dolphin happens to miss. Unless you choose to shut off all of dolphins new filtering.

So if the uninstall and reinstall was recent, you need to give it time. And it will take even more time if dolphins built in filtering is enabled.

 
Also. And this is important. I deal with a lot of people, so when you reference something i may have said or told you, you need to provide a link to that information or quote it or something. I have no clue or memory of what you are referencing. I cannot even find it discussed in this forum.

One other thing.

I do not understand why you would want to redirect to the membership page. All of those messages are shown to people that were blocked by the filters. So you do not want them to join the site anyway.

Second thing. Because the visitor was blocked. Redirecting them to the membership page will only result in them getting redirected back to the same message because they are blocked. Which would result in a endless loop.

Perhaps you not understanding what the messages are for. I choose to display the site is down for maintenance instead of something obvious like Hey spammer. You have been blocked. Reason is you do not want to upset the spammers by letting them know that you know they are a spammer. Otherwise they may continue to try and find a way go get past the filters.

Deano-

Thanks for your reply. I will try to reference a link in the future.

The redirection code was just as sample. I really wanted to redirect them to the contact us page which has a CAPTCHA, this way if it was a legitimate user, they could easily contact us.

Is it possible to remove the Dolphin Spam in 7.1.4 and just use your product? Your product is much more useful.

Thanks!

Peer

Yes. Go to Admin -> Tools -> Antispam Tools

Then go to the Settings tab and uncheck all checkboxes.

Thanks Deano-

P.

I have two profiles that were moved to spam...  the first one was yahoo mail and the second gmail.

For the life if me I cannot figure out why these two profiles went to spam..

profile 1

Born in the Canal Zone, lived in almost 40 houses, Asia 18 yrs , Italy 4, London 20....have 4 children..lost two wonderful brilliant husbands..practice the piano and go to my studio daily...had exhibit here in nyc in dec this year..have wonderful valuable friends....and a rescue pit bull named Peggy...everyone loves her .

I do not for the life of me understand that part. Can't see how they can show up in both lists.



Anyhow. There is a lot more then just the profile description and email that determines if it's spam or not.

You did not include the title either.

Anyhow. the filters look at the central database to see if their ip in in the spam database, looks to see if any unicode characters that look like standard english characters are mixed together. A technique known as a homograph attack. The rate of speed in which the form is filled out and submitted which is a bot check. And a number of other tests.

In the future i will add other things to the information shown so it can be cross referenced with the logs to determine why it was blocked other than the date. But there had to have been a reason.

But i am also wondering if you understand that spam filters are not 100% accurate. Some spammers will occasionally slip through and sometimes non spammers will get flagged as spam. It's just the risk that you must take to run them. You have to decide yourself if you should run them or not. If your that concerned, then perhaps you should not be running filters. There is no way i can give you 100% accuracy.

Deano- no the product works great... maybe it was an ip address or something.

Everytime she filled out the profile, she kept disappearing. It never occured for me to check the spam filter as it is 99.9% accurate. Its that good :)

So, I created her profile for her and it took. This is why she is in the membership database now and also in the spam filter. 

At this point, the spam filter would not kick in and keep her from logging in correct? That is all I am worried about now. In the future, before I recreate a customer's account, I will check the spam filter. :)

Peer

Most likely not.

See, the reason would be because once the filter blocks someone, the ip address, nick and email gets blocked. So re-creating the account manually will not work because the ip address would still be in the database. The proper thing to do is to recover it from the spam filters because the recovery also white lists the ip to allow login. This depends on the block visitor setting which by default is off. So if that is off, then yes, it will work.

However. The block is only temporary. If the ip address has changed at her end then that will not be a problem anymore. Also, the ip only remains blocked for 2 weeks because ip addresses are not permanent . However the email address would be permanently blocked. But that will also no longer pose a problem because that would only get blocked on signup and not for existing accounts.

Because you have not been using proper methods to recover accounts i strongly suggest you uninstall and reinstall the module to force a reset of the database because it contains invalid information.

The proper method is to find the account in the spam filters. If it was removed by the filters, you must recover it using the filters because if you don't their info is still blocked by the filters. You never re-create an account manually. You must let the filters do it so the original info used by the account gets properly white listed.

Deano thanks.

I have modified our procedures to reflect this information. This was the first time a "legitimate" user has ever had trouble joining. Again, a testiment to the effectiveness and accuracy of this product.

Peer

Deano, if you move somebody from the spam list to a regular member, are they notified that their account has been activated?

Thanks!

Peer

 
No. No emails are sent.

I noticed circled in red in the  attached image... that accounts could be deleted after a joing because of one reason or another... Are these accounts deleted or just moved back into spam?

The reason I ask is if a normal member tried to do something like this, I would hate for their account to be deleted.

I would rather it be put into the spam folder so I could work with the member.

Peer

 
That is part of the link and email detecting options. If an account is edited and links are put into the profiles description or headline then yes, they would be deleted as spam.

The link detection options can be shut off if needed.

They are checked on accounts after already joined because it is a common spammer technique to get by the filters. Spammers will join, then edit the profile after to put the links in.

I spammed a user and about three hours later, the same user signed up again using the exact same email and description. How do I operate this module?

If you flagged them as spam then they should not have been able to.

I would need access to the site. I need to see it. It may not be exact. The spammer may have been using a UTF8 trick to disguise one of the characters.

Normally blocking a user you just go into my filters into the non spam members tab and mark them as spam. They should get blocked. If not then i will need to see it.

just messaged you.

Traced the spam signups, at least that one to facebook connect. Non of the anti spam modules can block signups from there. Not sure what to do about that one.

I will try to see if i can find a way to block them in the next version without having to modify the facebook connect module.

While the topic of Facebook connect is up I have something to report.  Yesterday I signed up a friend on his phone and instantly he was detected as a bot and blocked registration. This happened due to the listed reason of join form submitted in less than 5 seconds.  I use your Facebook Connect module (outdated version but it works just fine still yet) and that is how I signed this person up.  Except I pass all the values to the join form so that the username can be changed if desired by the new member.  I did this and know it took at least 10 seconds but it was fast since most values were already passed to the join form. I would be more interested in removing this restriction when your Facebook connect module is used due to the increased speed of submission.  I want it to be fast and easy to sign up naturally but I can't say it was less than 5 seconds yet the issue still occurred.  Just a report.  I do not need any follow up.. Thanks Deano.

Deano I need some help soon as you are able. I just had another legitimate member blocked because they form was submitted in less than 5 seconds.  I used your facebook connect module to auto fill my join form so this happens.  Where or what file can I remove the 5 second rule?

Ok so what I did was change line 1019 in deanoDolphinAntiSpamModule.php.  I changed the 5 to a 1. Hope that is right?

 
Yea. That would be right. However that may have a big side affect. It could allow bots to get by. Even with facebook connect prepopulating the join form, there must be some fields left to manually fill out. You should be using a setting that is slightly lower than it would take the average person to fill out those remaining fields.

I would not go lowing than 2 seconds.

I am looking into other ways of doing bot detection in the next version.

I actually do have additional fields and bot prevention fields that extends the time some. I will monitor everything and move to 2 seconds if needed. Thanks.

I've had 3 additional legitimate accounts blocked. Even with the value being "1". I assume making this number "0" would disable this feature?

No it will not. A option to disable that was not even considered as the bot detection is what stops most spammers.

Anyhow. To disable it you need to comment out or remove this section of code in modules\deano\dolphin_anti_spam\classes\deanoDolphinAntiSpamModule.php at about line 1015

            // Bot check.
            $sTime = time();
            $jTime = (int)$this->_oDb->lastJoinIP($sIP);
            $dTime = $sTime - $jTime;
            if($dTime <=5 || $jTime == 0) {
                // We have a bot. Join form submitted to quickly to be done by a human.
                // For a bot, we will submit to the central database.
                $aDomainParts = parse_url($GLOBALS['site']['url']);
                $aCheck = $this -> curlGet($this -> sApiUrl . 'submitdata/' . $sNickName . ',' . $sEmail . ',' . $sIp . '/' . $aDomainParts['host']);
                $aActionData['section'] = 'botcheck';
                $this->performAction($aActionData);
            }


Under that section of code will be 5 more lines that are already commented out from a previous version. You can remove those lines as well.

For your case of pre-populating the join form with data from face book i will have to find another way to do bot detection, or find a way for the filters to detect it was a facebook signup. Thats going to take some time. No easy way to do that comes to mind right now.



Right now i have not even been using my own spam filters. Since i developed my new captchas i have not had any spammers. I use my SMS Captcha now. It's not a option for everyone, as it forces verification before signup can be submitted. Some people don't want to go that far, but it does pretty much stops all spammers dead in their tracks.