Greeting Folks,
I recently discovered BotScout, and would like to incorporate for use in my forums. I know little about php configuration, so i would like someone to help me verify that I have the config set up correctly. I also need to know how to install it so that I can use it in my forum. According to the site there is away to auto ban the user and email address, but again im not sure how to set up the config file to do so.
Thanks for the help!
<?php
/////////////////////////////////////////////////////
// "Universal" API code for use with the BotScout.com API
// version 1.40 Code by MrMike / LDM 2-2009
/*
/////////////////
2-5-2008: added conditional test to force the use
of the file_get_contents() function unless the version of
PHP used doesn't have it.
/////////////////
2-15-2009: renamed '$data' var to '$returned_data' to avoid
a conflict with phpBB code.
2-15-2009: Sanity check now only prints if diagnostic
output is enabled.
Thanks to "Boris" for the changes above.
/////////////////
2-19-2009: Changed default test type to 'MULTI' for speed
and efficiency.
/////////////////
*/
/////////////////////////////////////////////////////
////////////////////////
// init vars
$diag='';
$bs_data='';
$botdata='';
$apptype='';
$send_alerts='';
$toText='';
$fromText='';
$subjectText='';
$msgText='';
////////////////////////
/////////////////////////////////////////////////////
// CONFIGURATION START
// use diagnostic output? ('1' to use, '0' to suppress)
// NORMALLY set to '0'
$diag = '0';
// send email notices when a bot is stopped?
// use '1' to send, '0' to skip.
$send_alerts = '1';
// if sending alerts, send them to what email address?
$toText = "[email protected]";
////////////////////////
// Use BotScout with what application?
// message board or application type...
// uncomment ONE (and ONLY ONE) of these!
// for SimpleMachines Forum
//$apptype='SMF';
// for VBulletin
$apptype='VBULLETIN';
// for phpBB
//$apptype='PHPBB';
// for PunBB
//$apptype='PUNBB';
// for Invision power Board
//$apptype='INVIS';
// for FUDForum
//$apptype='FUDF';
// for Ikonboard
//$apptype='IKON';
// for Phorum
//$apptype='PHRM';
// for Snitz
//$apptype='SNITZ';
// for W-Agora
//$apptype='AGORA';
// for custom settings or unlisted board type
// see documentation for setting the 'CUSTOM' fields
// $apptype='CUSTOM';
////////////////////////
// your optional API key (if you don't have one
// you can get one here: http://botscout.com/)
$APIKEY = '';
// CONFIGURATION END
/////////////////////////////////////////////////////
// get the IP address
$XIP = $_SERVER['REMOTE_ADDR'];
if($apptype=='SMF'){
global $apptype, $XUSER, $XMAIL;
// SMF specific values for reg form
$XUSER = $_POST['user'];
$XMAIL = $_POST['email'];
}elseif($apptype='VBULLETIN'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];
}elseif($apptype='PHPBB'){
$XUSER = $data['username'];
$XMAIL = $data['email'];
}elseif($apptype='PUNBB'){
$XUSER = $_POST['req_username'];
$XMAIL = $_POST['req_email1'];
}elseif($apptype='INVIS'){
$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];
}elseif($apptype='FUDF'){
$XMAIL = $this->email;
$XNAME = $this->login;
}elseif($apptype='IKON'){
$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];
}elseif($apptype='PHRM'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];
}elseif($apptype='SNITZ'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['Name'];
}elseif($apptype='AGORA'){
$XUSER = $userid;
$XMAIL = $useraddress;
}elseif($apptype='CUSTOM'){
// create your own custom form fields here
// see documentation for more information
$XUSER = $_POST[''];
$XMAIL = $_POST[''];
}else{
// no '$apptype' set!
print 'Please set the Application Type in the Configuration section.';
}
////////////////////////
// make the url compliant with urlencode()
$XMAIL =urlencode($XMAIL);
// run the API query...the default is to check the email address. It's usually the most
// reliable indicator or bot 'signature' field, but you can change this to use the Ip or
// the username if you like. You could check all three if you wanted, but usually the
// email address alone is sufficient.
// testing for an email address and IP
$apiquery = "http://botscout.com/test/?multi&mail=$XMAIL&ip=$XIP";
////////////////////////
if($APIKEY != ''){$apiquery = "$apiquery&key=$APIKEY";}
if($diag=='1'){print "Test String: $apiquery <br>";}
////////////////////////
// Use cURL or file_get_contents()?
// Use file_get_contents() unless not available
if(function_exists('file_get_contents')){
// Use file_get_contents
$returned_data = file_get_contents($apiquery);
}else{
$ch = curl_init($apiquery);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$returned_data = curl_exec($ch);
curl_close($ch);
}
// diagnostic output
if($diag=='1'){print "RETURNED DATA: $returned_data <p>";}
// sanity check
if($diag=='1'){
if($returned_data==''){
print 'Error: No return data from API query.';
exit;
}else{
print "API Data: $returned_data <br>";
}
}
// take the returned value and parse it (standard API, not XML)
$botdata = explode('|', $returned_data);
// sample 'MULTI' return string (standard API, not XML)
// Y|MULTI|IP|4|MAIL|26|NAME|30
// $botdata[0] - 'Y' if found in database, 'N' if not found, '!' if an error occurred
// $botdata[1] - type of test (will be 'MAIL', 'IP', 'NAME', or 'MULTI')
// $botdata[2] - descriptor field for item (IP)
// $botdata[3] - how many times the IP was found in the database
// $botdata[4] - descriptor field for item (MAIL)
// $botdata[5] - how many times the EMAIL was found in the database
// $botdata[6] - descriptor field for item (NAME)
// $botdata[7] - how many times the NAME was found in the database
if(substr($returned_data, 0,1) == '!'){
// if the first character is an exclamation mark, an error has occurred
print "Error: $returned_data";
exit;
}
// this example tests the email address and IP to see if either of them appear
// in the database at all. Either one is a fairly good indicator of bot identity.
if($botdata[3] > 0 || $botdata[5] > 0){
print $data;
if($diag=='1'){
print "Bot signature found.";
print "Type of test was: $botdata[1]";
print "The {$botdata[2]} was found {$botdata[3]} times, the {$botdata[4]} was found {$botdata[5]} times";
}
if($send_alerts=='1'){
// send an email about the bot?
$fromText = "BotBuster System";
$subjectText = "Bot Attempt Stopped";
$msgText = "A bot tried to register, but was stopped from doing so.\n\nBot Name: $XUSER\nBot Email: $XMAIL\nIP Address: $XIP";
mail($toText, $subjectText, $msgText, "To: $toText <$toText>\n" . "From: $fromText <$fromText>\n X-Mailer: PHP 4.x");
}
// your 'rejection' code would go here....
// for example, print a fake error message and exit the process.
$errnum = round(rand(1100, 25000));
print "Confabulation Error #$errnum, Halting.";
exit;
}
////////////////////////
?>
I recently discovered BotScout, and would like to incorporate for use in my forums. I know little about php configuration, so i would like someone to help me verify that I have the config set up correctly. I also need to know how to install it so that I can use it in my forum. According to the site there is away to auto ban the user and email address, but again im not sure how to set up the config file to do so.
Thanks for the help!
<?php
/////////////////////////////////////////////////////
// "Universal" API code for use with the BotScout.com API
// version 1.40 Code by MrMike / LDM 2-2009
/*
/////////////////
2-5-2008: added conditional test to force the use
of the file_get_contents() function unless the version of
PHP used doesn't have it.
/////////////////
2-15-2009: renamed '$data' var to '$returned_data' to avoid
a conflict with phpBB code.
2-15-2009: Sanity check now only prints if diagnostic
output is enabled.
Thanks to "Boris" for the changes above.
/////////////////
2-19-2009: Changed default test type to 'MULTI' for speed
and efficiency.
/////////////////
*/
/////////////////////////////////////////////////////
////////////////////////
// init vars
$diag='';
$bs_data='';
$botdata='';
$apptype='';
$send_alerts='';
$toText='';
$fromText='';
$subjectText='';
$msgText='';
////////////////////////
/////////////////////////////////////////////////////
// CONFIGURATION START
// use diagnostic output? ('1' to use, '0' to suppress)
// NORMALLY set to '0'
$diag = '0';
// send email notices when a bot is stopped?
// use '1' to send, '0' to skip.
$send_alerts = '1';
// if sending alerts, send them to what email address?
$toText = "[email protected]";
////////////////////////
// Use BotScout with what application?
// message board or application type...
// uncomment ONE (and ONLY ONE) of these!
// for SimpleMachines Forum
//$apptype='SMF';
// for VBulletin
$apptype='VBULLETIN';
// for phpBB
//$apptype='PHPBB';
// for PunBB
//$apptype='PUNBB';
// for Invision power Board
//$apptype='INVIS';
// for FUDForum
//$apptype='FUDF';
// for Ikonboard
//$apptype='IKON';
// for Phorum
//$apptype='PHRM';
// for Snitz
//$apptype='SNITZ';
// for W-Agora
//$apptype='AGORA';
// for custom settings or unlisted board type
// see documentation for setting the 'CUSTOM' fields
// $apptype='CUSTOM';
////////////////////////
// your optional API key (if you don't have one
// you can get one here: http://botscout.com/)
$APIKEY = '';
// CONFIGURATION END
/////////////////////////////////////////////////////
// get the IP address
$XIP = $_SERVER['REMOTE_ADDR'];
if($apptype=='SMF'){
global $apptype, $XUSER, $XMAIL;
// SMF specific values for reg form
$XUSER = $_POST['user'];
$XMAIL = $_POST['email'];
}elseif($apptype='VBULLETIN'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];
}elseif($apptype='PHPBB'){
$XUSER = $data['username'];
$XMAIL = $data['email'];
}elseif($apptype='PUNBB'){
$XUSER = $_POST['req_username'];
$XMAIL = $_POST['req_email1'];
}elseif($apptype='INVIS'){
$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];
}elseif($apptype='FUDF'){
$XMAIL = $this->email;
$XNAME = $this->login;
}elseif($apptype='IKON'){
$XUSER = $_POST['UserName'];
$XMAIL = $_POST['EmailAddress'];
}elseif($apptype='PHRM'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['email'];
}elseif($apptype='SNITZ'){
$XUSER = $_POST['username'];
$XMAIL = $_POST['Name'];
}elseif($apptype='AGORA'){
$XUSER = $userid;
$XMAIL = $useraddress;
}elseif($apptype='CUSTOM'){
// create your own custom form fields here
// see documentation for more information
$XUSER = $_POST[''];
$XMAIL = $_POST[''];
}else{
// no '$apptype' set!
print 'Please set the Application Type in the Configuration section.';
}
////////////////////////
// make the url compliant with urlencode()
$XMAIL =urlencode($XMAIL);
// run the API query...the default is to check the email address. It's usually the most
// reliable indicator or bot 'signature' field, but you can change this to use the Ip or
// the username if you like. You could check all three if you wanted, but usually the
// email address alone is sufficient.
// testing for an email address and IP
$apiquery = "http://botscout.com/test/?multi&mail=$XMAIL&ip=$XIP";
////////////////////////
if($APIKEY != ''){$apiquery = "$apiquery&key=$APIKEY";}
if($diag=='1'){print "Test String: $apiquery <br>";}
////////////////////////
// Use cURL or file_get_contents()?
// Use file_get_contents() unless not available
if(function_exists('file_get_contents')){
// Use file_get_contents
$returned_data = file_get_contents($apiquery);
}else{
$ch = curl_init($apiquery);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$returned_data = curl_exec($ch);
curl_close($ch);
}
// diagnostic output
if($diag=='1'){print "RETURNED DATA: $returned_data <p>";}
// sanity check
if($diag=='1'){
if($returned_data==''){
print 'Error: No return data from API query.';
exit;
}else{
print "API Data: $returned_data <br>";
}
}
// take the returned value and parse it (standard API, not XML)
$botdata = explode('|', $returned_data);
// sample 'MULTI' return string (standard API, not XML)
// Y|MULTI|IP|4|MAIL|26|NAME|30
// $botdata[0] - 'Y' if found in database, 'N' if not found, '!' if an error occurred
// $botdata[1] - type of test (will be 'MAIL', 'IP', 'NAME', or 'MULTI')
// $botdata[2] - descriptor field for item (IP)
// $botdata[3] - how many times the IP was found in the database
// $botdata[4] - descriptor field for item (MAIL)
// $botdata[5] - how many times the EMAIL was found in the database
// $botdata[6] - descriptor field for item (NAME)
// $botdata[7] - how many times the NAME was found in the database
if(substr($returned_data, 0,1) == '!'){
// if the first character is an exclamation mark, an error has occurred
print "Error: $returned_data";
exit;
}
// this example tests the email address and IP to see if either of them appear
// in the database at all. Either one is a fairly good indicator of bot identity.
if($botdata[3] > 0 || $botdata[5] > 0){
print $data;
if($diag=='1'){
print "Bot signature found.";
print "Type of test was: $botdata[1]";
print "The {$botdata[2]} was found {$botdata[3]} times, the {$botdata[4]} was found {$botdata[5]} times";
}
if($send_alerts=='1'){
// send an email about the bot?
$fromText = "BotBuster System";
$subjectText = "Bot Attempt Stopped";
$msgText = "A bot tried to register, but was stopped from doing so.\n\nBot Name: $XUSER\nBot Email: $XMAIL\nIP Address: $XIP";
mail($toText, $subjectText, $msgText, "To: $toText <$toText>\n" . "From: $fromText <$fromText>\n X-Mailer: PHP 4.x");
}
// your 'rejection' code would go here....
// for example, print a fake error message and exit the process.
$errnum = round(rand(1100, 25000));
print "Confabulation Error #$errnum, Halting.";
exit;
}
////////////////////////
?>
Comment