Improve and update contact form spam blocker (IPv6 filter, block bad domains in message)

endpoints/net.contactspam.php

@@ -7,7 +7,8 @@ const MSG_MIN_WORDS = 5;
 const BANNED_WORDLIST = __DIR__ . "/../resources/net.contactspam/bannedwords.txt";
 // Banned email domain check, one domain per line, useful if you get lots of spam from
 // a domain your customers probably won't legitimately use
-const BANNED_DOMAINS = __DIR__ . "/../resources/net.contactspam/banneddomains.txt";
+const BANNED_EMAIL_DOMAINS = __DIR__ . "/../resources/net.contactspam/banneddomains.txt";
+const BANNED_SPAM_DOMAINS = __DIR__ . "/../resources/net.contactspam/toxic_domains_whole.txt";
 const BANNED_IP_LIST = __DIR__ . "/../resources/net.contactspam/bannedips.txt";
 const BANNED_IP_CIDR = __DIR__ . "/../resources/net.contactspam/toxic_ip_cidr.txt";
 // Domains to skip looking up for SURBL
@@ -38,7 +39,7 @@ if (isset($VARS["message"])) {
 //
 // Check email domain
 //
-$banneddomainlist = file(BANNED_DOMAINS, FILE_IGNORE_NEW_LINES);
+$banneddomainlist = file(BANNED_EMAIL_DOMAINS, FILE_IGNORE_NEW_LINES);
 foreach ($banneddomainlist as $domain) {
     if ($email_domain == $domain) {
         exitWithJson(["status" => "OK", "clean" => false, "filter" => "domain", "hit" => $domain, "message" => "Emails from \"" . htmlspecialchars($domain) . "\" are not allowed because of spam/abuse." . ($domain == "googlemail.com" ? "  (Hint: use gmail.com instead)" : "")]);
@@ -92,7 +93,7 @@ if (filter_var($clientip, FILTER_VALIDATE_IP, [FILTER_FLAG_IPV4])) {
     $bannedipcidrlist = file(BANNED_IP_CIDR, FILE_IGNORE_NEW_LINES);
     foreach ($bannedipcidrlist as $cidr) {
         if (cidr_match($clientip, $cidr)) {
-            exitWithJson(["status" => "OK", "clean" => false, "filter" => "toxic_ip_cidr", "hit" => $clientip, "message" => "Your computer's IP address is on a spam blacklist."]);
+            exitWithJson(["status" => "OK", "clean" => false, "filter" => "stopforumspam_toxic_ip_cidr", "hit" => $clientip, "message" => "Your computer's IP address is on a spam blacklist."]);
         }
     }
 }
@@ -100,11 +101,11 @@ if (filter_var($clientip, FILTER_VALIDATE_IP, [FILTER_FLAG_IPV4])) {
 //
 // Lookup reported client IP address against stopforumspam.com full IP list
 //
-if (filter_var($clientip, FILTER_VALIDATE_IP, [FILTER_FLAG_IPV4])) {
+if (filter_var($clientip, FILTER_VALIDATE_IP)) {
     $bannediplist = file(BANNED_IP_LIST, FILE_IGNORE_NEW_LINES);
     foreach ($bannediplist as $ip) {
         if ($clientip == $ip) {
-            exitWithJson(["status" => "OK", "clean" => false, "filter" => "banned_ip", "hit" => $clientip, "message" => "Your computer's IP address is blacklisted for sending spam."]);
+            exitWithJson(["status" => "OK", "clean" => false, "filter" => "stopforumspam_banned_ip", "hit" => $clientip, "message" => "Your computer's IP address is blacklisted for sending spam."]);
         }
     }
 }
@@ -142,6 +143,7 @@ $lists = [
     "dbl.spamhaus.org",
     "black.uribl.com"
 ];
+$bannedspamdomains = file(BANNED_SPAM_DOMAINS, FILE_IGNORE_NEW_LINES);
 try {
     // Matches domain names
     $regex = "/([a-zA-Z0-9][a-zA-Z0-9-]{1,61}[a-zA-Z0-9](?:\.[a-zA-Z]{2,})+)/i";
@@ -166,10 +168,17 @@ try {
 
     foreach ($domainlist as $d) {
 
+        // check local domain blacklist
+        foreach ($bannedspamdomains as $word) {
+            if ($word == $d) {
+                exitWithJson(["status" => "OK", "clean" => false, "filter" => "stopforumspam_domains", "hit" => $word, "message" => "Your message contains a domain ($d) that has been linked to recent spam or criminal activity. Message not sent."]);
+            }
+        }
+        // check online blacklists
         foreach ($lists as $blacklist) {
             $url = "$d.$blacklist";
 
-            // Cache IPs so we don't do a DNS lookup each time
+            // Cache result so we don't do a DNS lookup each time
             $cacheresp = $memcache->get("net.contactspam.$url");
             if ($cacheresp !== false) {
                 $dns_result = $cacheresp;
@@ -189,15 +198,19 @@ try {
 
 // Check local spammer database
 if (env("require_database")) {
-    if (!empty($clientip)) {
+    try {
-        if ($database->has("net_contactspam_spammers", ["ip" => $clientip])) {
+        if (!empty($clientip)) {
-            exitWithJson(["status" => "OK", "clean" => false, "filter" => "netsyms_ip_blacklist", "hit" => $clientip, "message" => "A computer at your IP address has sent spam in the past. Your message has been blocked."]);
+            if ($database->has("net_contactspam_spammers", ["ip" => $clientip])) {
+                exitWithJson(["status" => "OK", "clean" => false, "filter" => "netsyms_ip_blacklist", "hit" => $clientip, "message" => "A computer at your IP address has sent spam in the past. Your message has been blocked."]);
+            }
         }
-    }
+        if (!empty($email_lower)) {
-    if (!empty($email_lower)) {
+            if ($database->has("net_contactspam_spammers", ["email" => $email_lower])) {
-        if ($database->has("net_contactspam_spammers", ["email" => $email_lower])) {
+                exitWithJson(["status" => "OK", "clean" => false, "filter" => "netsyms_email_blacklist", "hit" => $email_lower, "message" => "Someone put your email as the from address on a spam message. Your message has been blocked."]);
-            exitWithJson(["status" => "OK", "clean" => false, "filter" => "netsyms_email_blacklist", "hit" => $email_lower, "message" => "Someone put your email as the from address on a spam message. Your message has been blocked."]);
+            }
         }
+    } catch (Exception $ex) {
+        // skip
     }
 }
 

resources/net.contactspam/banneddomains.txt

@@ -3,6 +3,8 @@ qualityguestposts.com
 warriorplus.com
 youtu.be
 sleepl.ink
+socialbuzzzy.com
+bloombergnewstoday.com
 t.ly
 shorturl.at
 00-tv.com

resources/net.contactspam/bannedwords.txt

@@ -75,4 +75,5 @@ overflow of customers
 google listing
 website on google
 issues with your website
-exciting opportunity
+exciting opportunity
+ai tools

resources/net.contactspam/toxic_ip_cidr.txt

@@ -5,6 +5,7 @@
 109.200.8.0/21
 109.200.16.0/20
 146.185.223.0/24
+162.55.21.16/28
 174.76.30.11/32
 174.76.30.12/30
 174.76.30.16/28
@@ -19,6 +20,7 @@
 193.201.224.0/24
 194.26.29.0/24
 212.129.0.0/18
+216.131.114.0/24
 23.106.192.0/20
 23.106.208.0/21
 23.106.216.0/22
@@ -35,8 +37,10 @@
 23.106.64.0/19
 23.19.0.0/16
 46.118.115.0/24
+46.161.11.0/24
 46.161.9.0/24
 5.188.210.0/23
+5.188.48.0/24
 5.9.182.96/28
 91.200.12.0/22
 91.210.104.0/22

resources/net.contactspam/updatebannediplist.php

@@ -1,22 +1,19 @@
 <?php
 
 echo "Downloading...\n";
-file_put_contents(__DIR__ . "/bannedips.zip", file_get_contents("https://www.stopforumspam.com/downloads/bannedips.zip"));
+file_put_contents(__DIR__ . "/bannedips.zip", file_get_contents("https://www.stopforumspam.com/downloads/listed_ip_7_ipv46.zip"));
 file_put_contents(__DIR__ . "/toxic_ip_cidr.txt", file_get_contents("https://www.stopforumspam.com/downloads/toxic_ip_cidr.txt"));
+file_put_contents(__DIR__ . "/toxic_domains_whole.txt", file_get_contents("https://www.stopforumspam.com/downloads/toxic_domains_whole.txt"));
 
 $zip = new ZipArchive;
 $res = $zip->open(__DIR__ . "/bannedips.zip");
 if ($res === TRUE) {
-  $zip->extractTo(__DIR__ . "/");
+    $zip->extractTo(__DIR__ . "/");
-  $zip->close();
+    $zip->close();
-  echo 'Unzipped.';
+    unlink(__DIR__ . "/bannedips.zip");
+    rename(__DIR__ . "/listed_ip_7_ipv46.txt", __DIR__ . "/bannedips.txt");
+    echo "Unzipped.\n";
 } else {
-  echo 'Unzip failed.';
+    echo "Unzip failed.\n";
 }
-unlink(__DIR__ . "/bannedips.zip");
+echo "Done.\n";
-
-$csv = file_get_contents(__DIR__ . "/bannedips.csv");
-$ips = explode(",", $csv);
-file_put_contents("bannedips.txt", implode("\n", $ips));
-echo "\nConverted.\n";
-unlink(__DIR__ . "/bannedips.csv");