Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted 5 hours ago5 hr Are there any other SPAM prevention mods? Spam is getting bad on areas of my board from guests.
5 hours ago5 hr Could I check first of all you are using everything we have on the core app? For example do you have multiple question and answers set up? Are you switched to using hCaptcha and is it set up on the highest level?
4 hours ago4 hr I want to start out by saying that I do not understand your setup, it sounds like you have an open board that you allow guests to post before they register. Please let me know if this is wrong.If that is the case, then there may be ways that to include some type of captcha (even in injected with JS), or before they post setup a moderated system to approve posts.If it is not an open board, then are they being approved by email?I guess, there needs to be more information. I have had a forum for about 20 years, not ICS, only have had them for about a month now. But other systems, I have used several ways to prevent spam.One of my favorite ways, in my php settings I have an auto_prepend_file = "/path/to/prepend.php" and in that file I have a script that does several checks for the user agents and block or accept. Then in all forms, it will check for keywords. I just create a file that contains a JSON of all of the things I want to block, then use REGEX to block any inputs, user agents, etc.
3 hours ago3 hr Ok, let me give you an example of what I do, although people have to register to post anything on my site.Also, make sure you have fail2ban installed and working.1. Create a file. I use /var/www/forum/custom/php/seclayer.phpThis is the file that is added to my auto_prepend_file in my php.ini settings<?php /** * Security Layer - Syncs with Fail2Ban * Logs bad actors to Fail2Ban log and updates blacklist.json dynamically. * By Jessica Brown v4.1.2 - 2006 - 2025 */ define('SECURITY_LAYER', true); $blacklistFile = "/var/www/forum/custom/php/blacklist.json"; $fail2banLog = "/var/log/forum-security.log"; // Fail2Ban monitored log $logFile = "/var/www/forum/custom/php/security.log"; // Internal log // Load blacklist $blacklist = file_exists($blacklistFile) ? json_decode(file_get_contents($blacklistFile), true) : []; if (!is_array($blacklist)) { $blacklist = ["user_agents" => [], "ips" => [], "patterns" => []]; } // User details $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; $userIP = $_SERVER['REMOTE_ADDR'] ?? 'Unknown'; // Define attack patterns $defaultPatterns = [ "/<script.*?>/i", "/javascript:/i", "/union select/i", "/benchmark\(/i", "/sleep\(/i", "/into outfile/i", "/load_file/i", "/\balert\(/i" ]; // Merge blacklist patterns $patterns = array_merge($defaultPatterns, $blacklist['patterns']); // Check if an input is malicious function isMalicious($data, $patterns) { foreach ($patterns as $pattern) { if (preg_match($pattern, $data)) { return true; } } return false; } // Block blacklisted IPs if (in_array($userIP, $blacklist['ips'])) { header("HTTP/1.1 403 Forbidden"); exit("Access Denied: Your IP has been blocked."); } // Block blacklisted User Agents foreach ($blacklist['user_agents'] as $badUA) { if (stripos($userAgent, $badUA) !== false) { header("HTTP/1.1 403 Forbidden"); exit("Access Denied: Your user agent is blocked."); } } // Check and block GET/POST data foreach (array_merge($_GET, $_POST) as $key => $value) { if (isMalicious($value, $patterns)) { logThreat($userIP, $userAgent, $_SERVER['REQUEST_URI'], $value); header("HTTP/1.1 403 Forbidden"); exit("Malicious request detected."); } } // Log threat and update Fail2Ban log function logThreat($ip, $agent, $url, $data) { global $logFile, $fail2banLog, $blacklistFile, $blacklist; $logEntry = date("Y-m-d H:i:s") . " | IP: $ip | UA: $agent | URL: $url | Data: " . json_encode($data) . PHP_EOL; // Log for Fail2Ban file_put_contents($fail2banLog, "[$ip] Malicious request detected\n", FILE_APPEND); // Internal log file_put_contents($logFile, $logEntry, FILE_APPEND); // Add to blacklist if not already listed $update = false; if (!in_array($ip, $blacklist['ips'])) { $blacklist['ips'][] = $ip; $update = true; } if (!in_array($agent, $blacklist['user_agents'])) { $blacklist['user_agents'][] = $agent; $update = true; } // Save updated blacklist if ($update) { file_put_contents($blacklistFile, json_encode($blacklist, JSON_PRETTY_PRINT)); } } ?>2. Create a /var/www/forum/custom/php/sync_fail2ban.php<?php $blacklistFile = "/var/www/forum/custom/php/blacklist.json"; $fail2banLog = "/var/log/forum-security.log"; // Load existing blacklist $blacklist = file_exists($blacklistFile) ? json_decode(file_get_contents($blacklistFile), true) : []; if (!is_array($blacklist)) { $blacklist = ["user_agents" => [], "ips" => [], "patterns" => []]; } // Read Fail2Ban log for banned IPs $bannedIPs = []; if (file_exists($fail2banLog)) { $logContents = file($fail2banLog, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); foreach ($logContents as $line) { if (preg_match('/\[(.*?)\] Malicious request detected/', $line, $matches)) { $ip = trim($matches[1]); if (filter_var($ip, FILTER_VALIDATE_IP)) { $bannedIPs[] = $ip; } } } } // Add new banned IPs to blacklist.json $updated = false; foreach ($bannedIPs as $ip) { if (!in_array($ip, $blacklist['ips'])) { $blacklist['ips'][] = $ip; $updated = true; } } // Save updated blacklist if ($updated) { file_put_contents($blacklistFile, json_encode($blacklist, JSON_PRETTY_PRINT)); } ?>3. Create cron job for every 5 minutes running sync_fail2ban.php this is what syncs with my fail2ban custom jail I created.*/5 * * * * php /var/www/forum/custom/php/sync_fail2ban.php4. Create a simple /var/www/forum/custom/php/blacklist.json fileI am not going to show my blacklist.json file, but I will throw a couple of sample things in so you can see what it looks like{ "user_agents": [ "BadBot", "CrawlerX", "SpamBot", "AttackBot" ], "ips": [ "203.0.113.45", "45.33.32.156" ], "patterns": [ "\/cmd=\/i", "\/wget \/i", "\/curl \/i" ] }You will need to create your fail2ban items: /etc/fail2ban/filter.d/forum-security.conf[Definition] failregex = ^\[\s*<HOST>\s*\].*Malicious request detected ignoreregex =and /etc/fail2ban/jail.local[forum-security] enabled = true filter = forum-security logpath = /var/log/forum-security.log maxretry = 3 bantime = 86400 # Ban for 1 day findtime = 600 # 10 minutes window action = iptables-multiport[name=forum-security, port="http,https"]Restart your fail2ban and add the auto_prepend_file=/var/www/forum/custom/seclayer.phpWatch the IPs and bad things be blocked. Oh, and you can add your own items to that list as well. I just manually edit the blacklist, and if I add an IP, go to the IP section and add it in JSON node format, same way with other areas. Edited 3 hours ago3 hr by Code Name Jessica Separation of wording to make it make sense.
3 hours ago3 hr 1 hour ago, FeigelInc said:I will add more questions, I’m having a hard time finding the hCaptcha SecretClick the person icon in the top right and click settings
1 hour ago1 hr Author My board is not open to guests, however I’ve been using Invision since 1.3 or whatever the version was for Invision Free back in the day. Also, I have started to use hCapatcha but I can’t afford the enterprise version. Which is why I wanted to ask if there was another method.
1 hour ago1 hr You dont ned to use an enterprise version, but it is worth checking its set to difficult. Of course, none of this will be perfect. Spammers are becoming more and more sophisticated in their methods lately
1 hour ago1 hr I’ve also find it helpful to utilize the geolocation options. When a new spam account registers, I take a look at their location and add it to the spam prevention list if they’re not from my target geos. Here’s my list geolocation settings, but it may differ for you. Edited 1 hour ago1 hr by Mike G.
