[jsherk]

NOTE (added August 2009):
There is much easier method to add this hack now which I added in August 2009, so before you start with these instructions below, read ALL the posts in this thread first, or jump to the post here:
viewtopic.php?f=7&t=18290&start=30#p67196
-------------------------------------------------------------------------

Read the note above before you start...
I have ported over a php script called Bad Behaviour for use with phpList. It is highly effective at blocking form spam and comment spam.
You can read more about it here:
http://www.bad-behavior.ioerror.us/

If you try it, please post back here with your results (good or bad). If it is as effective as I believe it will be, then I will post a feature request in Mantis to have it included with futur releases.

--------------------------

PORTING GUIDE FOR USING BAD BEHAVIOUR 2 WITH PHPLIST
by Jeff Sherk - May 2008

This guide will help you port Bad Behaviour 2 over for use with phpList.

Please note these versions of each program below that were used for this port and that it was tested on.
phpList v2.10.5 website: http://www.phplist.com/
Bad Behaviour v2.0.16 website: http://www.bad-behavior.ioerror.us/

Although the above versions are the only versions tested, the port is fairly simple, so it should probably work with most versions of either program.

Known issue:
-Database logging is NOT enabled/functioning, which also means there are no stats available. Even if you set the bb2 logging option to 'true', it will just be ignored because I have not setup the functions yet that do the database calls. See the OPTIONAL step at the bottom of the guide for a workaround.

If you are looking for a good free file/text editor to modify and edit your files, I recommend PSPad. Check it out here: http://www.pspad.com/

INSTRUCTIONS

** BEFORE YOU MODIFY ANY FILES, MAKE A COPY OF THE ORIGINAL AND CALL IT SOMETHING LIKE myfile.php.ORIG **
** If you have any problems simply deleted the modified file, and rename myfile.php.ORIG to myfile.php **

(1) DOWNLOAD
Download Bad Behaviour from here:
http://www.bad-behavior.ioerror.us/down ... 2.0.16.zip

(2) UNZIP
Unzip the file.

(3) UPLOAD
Upload the Bad-Behaviour folder and files into your admin directory of your phpList install.
Should end up looking something like this (http://www.yoursite.com/lists/admin/Bad-Behaviour)

(4) MODIFY this file: lists/config/config.php

Find these lines:

Code: Select all

# notify spam
# when phplist detects a possible spam attack, it can send you a notification about it
# you can check for a while to see if the spam check was correct and if so, set this value
# to 0, if you think the check does it's job correctly.
# it will only send you emails if you have "Does the admin get copies of subscribe, update and unsubscribe messages"
# in the configuration set to true
define('NOTIFY_SPAM',1);

Insert these lines immediately after the above lines:

Code: Select all

# use Bad Behaviour 2 spam killer
# Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it.
# It can block contact form spam, comment spam and (most importantly) newsletter subscription form spam.
# More info here: http://www.bad-behavior.ioerror.us/
# Set this to 0 if you do not want to use this feature
define('USE_BB2',1);

# show debug messages for Bad Behaviour 2 spam killer
# If USE_BB2 is set to 0 then this is not used.
# Set this to 1 if you want to see the debug messages while setting up bb2. Normally this would be set to 0.
# Possible debug messages you will see:
#  bb2 not active = USE_BB2 is set to 0
#  bb2 enabled = USE_BB2 is set to 1
#  insert_head function not defined = If you are viewing a subscribe page and see this message, then
#                                     check the path to bb2-phplist.php and/or make sure the file exists.
#                                     It is normal to see this message when you go to the phpList admin pages. 
#  insert_head function exists = This means that the function is defined and that it should be working correctly.
#                                Go to View Source Code in your browser window, and you should see
#                                the bb2 javascrpt functions that were added to the source code.
define('BB2_DEBUG',0);

# send an email whenever spam is killed by Bad Behaviour 2
# If USE_BB2 is set to 0 then this is not used.
# This is an alternative to logging. If database logging is not available or not setup, then there is no
# way to know if bb2 is actually doing anything (unless you notice a significant drop in spam received).
# Set this to 1 and it will send you an email everytime bb2 kills some spam.
# This is good for testing bb2 to see how effective it is, but if you get a lot of spam you may want to 
# turn this off. Set this to 0 if you do not want to receive an email everytime bb2 kills some spam.
define('BB2_SEND_EMAIL',1);

(5) MODIFY this file: lists/index.php

Find these lines:

Code: Select all

require_once dirname(__FILE__).'/admin/'.$GLOBALS["database_module"];
require_once dirname(__FILE__)."/texts/english.inc";
include_once dirname(__FILE__)."/texts/".$GLOBALS["language_module"];
require_once dirname(__FILE__)."/admin/defaultconfig.inc";
require_once dirname(__FILE__).'/admin/connect.php';
include_once dirname(__FILE__)."/admin/languages.php";
include_once dirname(__FILE__)."/admin/lib.php";
$I18N= new phplist_I18N();

Insert these lines immediately after the above lines:

Code: Select all

//MOD Bad Behaviour spam killer
if (USE_BB2) {
  if (BB2_DEBUG) {
    echo "bb2 enabled";
  }
  require_once dirname(__FILE__) .'/admin/Bad-Behavior/bb2-phplist.php';
} else {
  if (BB2_DEBUG) {
    echo "bb2 not active";
  }
}
//end MOD

(6) MODIFY this file: lists/admin/pagetop.php

Find these lines:

Code: Select all

<meta name="Author" content="Michiel Dethmers - http://www.phplist.com" />
<meta name="Copyright" content="Michiel Dethmers, Tincan Ltd - http://tincan.co.uk" />
<meta name="Powered-By" content="phplist version <?php echo VERSION?>" />
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $strCharSet?>" />

Insert these lines immediately after the above lines:

Code: Select all

<!-- MOD Bad Behaviour spam killer -->
<?php
if (function_exists('bb2_insert_head')) {
  if (BB2_DEBUG) {
    echo ' - insert_head function exists ';
  }
  bb2_insert_head();
} else {
  if (BB2_DEBUG) { 
    echo ' - insert_head function not defined ';
  }
}
?>
<!-- end MOD -->

(7)
COPY this file: lists/admin/Bad-Behaviour/bad-behaviour-generic.php
TO this file: lists/admin/Bad-Behaviour/bb2-phplist.php

(8) MODIFY this file: lists/admin/Bad-Behaviour/bb2-phplist.php

Find this line:

Code: Select all

return "badbots@ioerror.us";   // You need to change this.

Change the 'badbots@ioerror.us' email address to your email address, something like this:

Code: Select all

return "myemail@mysite.com";   // You need to change this.

(9) OPTIONAL STEP - This is not required, but since database logging is currently
not working, this will cause bb2 to send you an email when it kills spam, so
that you know it's actually doing something! Although, you will also know that
it's doing something if you see a reduction in the amount of spam you recieve!

MODIFY this file: lists/admin/Bad-Behaviour/bad-behaviour/banned.inc.php

Find these two consecutive lines at the very end of the bb2_display_denial function:

Code: Select all

<?php
}

Insert the following lines IN BETWEEN the above two lines. Meaning, put the following code after the '<?php' but before the '}':

Code: Select all

//MOD Bad Behaviour spam killer- Sends you an email when Bad Behaviour kills some spam
if (BB2_SEND_EMAIL) {
  $mailmessage = "Bad Behaviour has blocked some spam from phpList.\n";
  $mailmessage .= " Support key: ".$support_key."\n";
  $mailmessage .= " Error ".$response['response']."\n";
  $mailmessage .= " for ".htmlspecialchars($_SERVER['REQUEST_URI'])."\n";
  $mailmessage .= " Explanation: ".$response['explanation']."\n";
  $mailmessage .= " Logged as: ".$response['log']."\n";
  $mailmessageto = bb2_email();
  mail($mailmessageto,'phpList- bb2 killed some spam',$mailmessage);
}
//end MOD

(10) To see if everything is working, you probably want to turn ON the bb2 debug messages.

MODIFY this file: lists/config/config.php

Find this line:

Code: Select all

define ('BB2_DEBUG',0);

Change the 0 to a 1:

Code: Select all

define ('BB2_DEBUG',1);

Now open your browser and go to one of your newsletter subscribe pages.

If you have BB2_DEBUG turned on, you should see the words "bb2 enabled - function insert_head exists" in the top left corner of your browser window.

Now try to subscribe to your newsletter and make sure the process completes properly.

If everything seems to be working, then you can turn off the BB2_DEBUG messages by changing the 1 back to a zero:

Code: Select all

define ('BB2_DEBUG',0);

(11) Now just wait and watch your spam get killed!!![/code]

[H2B2]

Very useful!
Thanks for sharing jsherk.

[[moved to the contributions section]]

[kyleknapp]

I installed BB2 about 8 hours ago, it has intercepted all spambot entries (55 so far). Works great! Thanks Jeff!

~kyle

[jsherk]

Should probably also note that kyleknapp (the above post) was receiving approximately 100 spam subscriptions per day, and spam_block was only catching about 5 of them, and 95 were getting thru (5% success rate).

After installing the bad behaviour script, it succesfully stopped over 100 spam attempts in the first 24 hours, and none got thru!!!

That's a 100% success rate, and a 1000% (one-thousand percent) increase over spam_block!

[jsherk]

I have added a new feature request in mantis to have bb2 added to phpList. If interested, please leave your comments there as well:
http://mantis.phplist.com/view.php?id=14717

[jsherk]

Found a small BUG in my instructions above...

In step (4) MODIFY this file: lists/config/config.php
the very last line of the modification reads:

Code: Select all

define ('BB2_SEND_EMAIL',1)

It is missing a semi-colon at the end of it... it will cause all your subscribe pages to just appear blank.
It should be this:

Code: Select all

define ('BB2_SEND_EMAIL',1);

EDIT: Note that I put the missing semi-colon back into the instructions above, so this will only affect anybody that tried to use this mod prior to this bug notificaiton. The bug has been fixed!

[conor71]

Thansk for this- Becuase I have started recieving spam I tried installing this solution today -although I am not sure if it has worked yet!

I switched on the debug feature (BB2_DEBUG=1) but I dont see any mention of on my subscriber page, either the customised one I use or the standard one

mail2/?p=subscribe&id=1

However I do get the message
"insert_head function not defined"
when I am in admin section- but I think this is normal right?

So I am not sure if it working

But what is causing me concern is this: I tried subscribing to the list using the standard subsriber form and I keep on getting tbis message:

Stop Running this Script?
A script on this page is Ccasuing Internet Explorer to run slowely . If it continues to run your computer may become non-repsonsive

Yes / No

When I click on yes, I immediately get a success page...

Is this becuase I have installed the additonal code incorrectly?

( Strangely when I try to subscribe using my Customised page I seem to be able to subscribe without a problem? 0- oh hold on that probably becuase the additonal coding is not on that page??)

Any ideas?

Thanks
Conor

[jsherk]

It is normal for "inset_head function not defined" to appear the admin pages.

If by a custom subscribe page, you mean one that has been manually hard coded and is not generated by phpList, then the bad behaviour code will NOT be part of it, and the mod will not do anything for that page.

As for your regular subscribe page, with BB2_DEBUG=1 it should display either 'bb2 enabled' or 'bb2 not active' in the top left corner of your browser (same place is shows up in the admin pages). You probably missed something (one character is all it takes) when you copy and pasted the code.

I suggest the following:
(1) Delete all the modified files and put the original ones back in place.
(2) Now see if both subscribe pages still work correctly, and whether or not you get the message about "stop running script".
(3) Now go back and try the mods again,
but SKIP step 6 and step 8 and step 9
(4) Set BB2_DEBUG=1 and go and see if your subscribe pages are still working correctly. You now should see the 'bb2 enabled' message appear.
(5) If everything is working so far, then go back and do step 6 and step 8 and optionally step 9.

Let me know what happens.

[conor71]

Hi jsherk, thanks for the quick reply!

Ok, first of all I did delete all the amended fiels replcaing them with the origianls that I had renamed .orgn as per your advice! ( thank you!)

I have left the Bad Behaviour folder in Admin as I presume nothing is now referencing it if i am using the origianl files? Or should I delete this directory also?

However when I go to run the subscribe page, I am still getting the "stop running script" message....??

Now here's the thing: I have not used the standard subscribe page since I started using this script a year ago..so I have no idea if this issue is new ( as a result of installing this module) or it is something that was a problem ages ago! It might have nothing to do with your suggested solution BB ..

Also, I only use a manually hardcoded page for my subscription list, so does this mean that I won't be able to use this module on that page at any point? In which case it might not be of much use to me? Or is it still useful to use onthe standard page anyway?

Any ideas on how I could trouble-shoot this? I am surpised that the standard form is giving me troble, i am pretty sure i have removed all the changes i made!

Conor

[jsherk]

Yes, it's okay to leave the Bad Behaviour folder in the admin folder because nothing is referencing it. Although, seeing as you still have problems, you may want delete it completely just to make sure!

If you have replaced all the modified files with the original ones again, and the problem is still there, then it is definitely NOT related to this mod or bb2. The problem must have already been there.

As for a hard coded subscribe page, I think you can probably hard code the bb2 script into it as well, but it need's to be a php file.

If it's php, then you can probably just add the javascript code to the file and add a require_once statement to it as well, and in theory it should work.

If it's an html page, then you first need to rename the html file as a php file, and then do the above steps for the php file. You could then create a new html file (same name as it was before) and have it redirect to the php file if you're worried about broken links.

[fränzchen]

@jsherk Good idea to include bad behavior!

We just managed to use the database instead of using the BB2_SEND_EMAIL.

To whom is interested:

1. Create a table in your phplist db (i.e. phpadmin)

We took the original table name defined in bb2-phplist.php (line 37: "bad_behavior") and the query of the bb2 core.inc.php:

Code: Select all

CREATE TABLE IF NOT EXISTS `bad_behavior` (
      `id` INT(11) NOT NULL auto_increment,
      `ip` TEXT NOT NULL,
      `date` DATETIME NOT NULL default '0000-00-00 00:00:00',
      `request_method` TEXT NOT NULL,
      `request_uri` TEXT NOT NULL,
      `server_protocol` TEXT NOT NULL,
      `http_headers` TEXT NOT NULL,
      `user_agent` TEXT NOT NULL,
      `request_entity` TEXT NOT NULL,
      `key` TEXT NOT NULL,
      INDEX (`ip`(15)),
      INDEX (`user_agent`(10)),
      PRIMARY KEY (`id`) );



2. Now change in the file bb2-phplist.php line 72

Code: Select all

function bb2_db_query($query) {
   return FALSE;
}


to:

Code: Select all

function bb2_db_query($query) {
   mysql_query ( $query, $GLOBALS["database_connection"]);
   if ( mysql_error ($GLOBALS["database_connection"]) != '') return false;
   return true;
}


3. If you want to deactivate the email-notification set BB2_SEND_EMAIL in config.php to 0.

You're done!

Hope this helps.[/code]

[jsherk]

Thanks... that's great... I'll get it working on my system, and then re-do instructions to include the DB access!!

[fränzchen]

Thanks... that's great... I'll get it working on my system, and then re-do instructions to include the DB access!!

You're welcome

I also wrote a little plugin to show the database entries of bb. It's surely not a masterpiece, but working; interested?

Greetings fränzchen

[jsherk]

"fränzchen: ...wrote a little plugin to show the database entries of bb"

Sure... is it an actual plugin for phpList? If it is, and it contains a good chunk of code, then maybe start a new thread and then link to it from this thread. I usually phpMyAdmin for stuff like that, but of course it would be easier if it was a single click from the admin menu!!

[fränzchen]

Sure... is it an actual plugin for phpList?

Hm... don't exactly know what you mean with that. I wrote it this week, so its actual

If you mean if I've committed it anywhere: no.

Greetings

Fränzchen