Firefox PHP

Module: Spam Hurdles 2, release candidate - testers welcome

Posted by Maurice Makaay 
All files from this thread

File Name File Size   Posted by Date  
spamhurdles-2.0.2.tar.gz 332.8 KB open | download Maurice Makaay 10/12/2010 Read message 358.9 KB open | download Maurice Makaay 10/12/2010 Read message 6 KB open | download Oliver Riesen-Mallmann 01/04/2011 Read message
Module: Spam Hurdles 2, release candidate - testers welcome
November 10, 2009 12:16AM
This is a release candidate package. There might be bugs. If so, please let me know.

Here's a complete rewrite of the Spam Hurdles module.
For an extended changelog see below.

One of the big changes is that cryptographic technology is used to store work data right in the form data on the client instead of storing all of it in the database. Because of this, the module can now function without database storage at all. Only if the replay attack block is enabled ("Block forms that are submitted multiple times"), the database will be used to store the id's of the forms that have already been submitted. This database storage has been made as light as possible, so after the id expires, it will be cleaned up from the database. I hope that this change will help those admins with busy forums that currently see the spam_hurdles table fill up rapidly in their databases.

Upgrade to Spam Hurdles 2 beta

To upgrade, move aside your existing mods/spamhurdles module directory. After that, unpack the contents of the module package and put these in mods/spamhurdles. Visit the admin interface (admin.php) to let the module system reload the new hook configuration. If you like, visit the Spam Hurdles module settings screen. If everything goes well, then the existing settings should automatically be upgraded to the new settings, so you should be seeing your original configuration in there (except for the few new options that were added).

If you are using Spam Hurdles 1 to protect some custom form (I know that there are a few people out there who do this), then please beware that the API totally changed (or better: that we have an API now ;-). The existing protection should be upgraded to work with the new API. Take a look at spamhurdles.php to see how the API was fitted into the posting and registration processes.



    - Implemented more complete logging of blocked form posts using the
      Event Logging module.

    - Extended the settings for this module to make it possible to enable
      or disable the logging of form posts that are blocked by the
      Spam Hurdles module.

    - Added code to the settings screen that will check if all templates
      contain the required template hooks. If there are template files that
      do not contain the required hooks, then a warning message is printed
      in the settings screen, telling the admin what templates to update
      with what hook.


    - Fixed a problem in the reCapthca component.
      Thanks to user DavidVB for the patch!


    - Fully restructured the code by splitting the functions into API
      functions (in api.php) and hook implementation functions
      (in spamhurdles.php).

    - The spam hurdles are now implemented using a plugin system,
      which keeps the code for the various spam hurdles nicely separated
      and which makes it easier to implement extra spam hurdles.

    - Due to the plugin system, all spam hurdles are now available
      available for all protected forms. Therefore, user registration
      is now protected by all hurdles and not only by a CAPTCHA.

    - It is now possible to protect multiple forms on a single page.

    - Encryption technology (AES) is now used to be able to send the spam
      hurdles data encrypted to the client, instead of having to store this
      data in the database server. Only if the duplicate submit check is
      enabled, the database will be used to store posting keys that have
      already been used. Still, the database load caused by storing used
      keys is a lot less than storing all generated keys, like the
      predecessor of this module did.

    - Put the modified iScramble() in the API code as spamhurdles_iScramble(),
      so we won't run into name space issues when other code wants to use
      the original iScramble code.

    - The path to the "flite" binary is discovered by the settings screen
      automatically now. Before, it was only discovered by the defaults.php
      script on first load, but that doesn't help the case where Flite
      is installed after the module was installed.

    - Generating a spoken CAPTCHA or a CAPTCHA image is now done using the
      "addon" hook. This prevents the need to do this kind of task from
      some more generic hook like "common" (which makes Phorum load the module
      code on each request and not only when neccessary).

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce

Edited 3 time(s). Last edit at 10/12/2010 01:32AM by Maurice Makaay.
open | download - spamhurdles-2.0.2.tar.gz (332.8 KB)
open | download - (358.9 KB)
Re: Module: Spam Hurdles 2, beta - testers welcome
November 17, 2009 11:27PM
The Quick Reply module was not compatible with this new version of the Spam Hurdles module. I uploaded a new version of the Quick Reply module in the Quick Reply module's thread.

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Module: Spam Hurdles 2, beta - testers welcome
January 14, 2010 09:46PM
For some reasons when I set the module on reCHAPTCHA it requests public and private keys. But these have already been inserted. Am I missing something?
Re: Module: Spam Hurdles 2, beta - testers welcome
June 09, 2010 06:30PM
I also get this error message "To use reCAPTCHA you must get an API key from [];
(This is the only hurdle that I have enabled for this module) When I first ran this the pubkey length was 39 (it appeared that it ignored an underline in the pubkey?)

This sort of implies that the public key is empty.

In the class.captcha_recaptcha.php the following code is present
Language: PHP
$conf = $GLOBALS["PHORUM"]["mod_spamhurdles"]; $pub = empty($conf[';recaptcha_pubkey';])

The serialized spamhurdles settings is
I sort of wonder if the code shouldn't be:
$pub = empty($conf['captcha']['recaptcha_pubkey'])
(also in other places in this program)

Changing lines 21 and 45
$conf = $GLOBALS["PHORUM"]["mod_spamhurdles"];
$conf = $GLOBALS["PHORUM"]["mod_spamhurdles"]["captcha"];

resulted in a properly running spam hurdle using the reCaptcha service.

Edited 1 time(s). Last edit at 06/10/2010 03:10PM by DavidVB.
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 09:01PM
Hello Maurice,

Which version of the spam hurdles mod is installed in the DEMO forum?
Because it has a problem, here is the reproducer (using Mozilla Firefox on windows and Linux):
1. Go to the main page of first forum: []
2. open first discussion in a tab. Wait 1 or 2 seconds
3. open second discussion in another tab.
4. Go to first discussion tab, post an answer. It works.
5. Go to second discussion tab, try to post an answer: BLOCKED by the spam module. This should not happen, as the answer was legitimate, and not a spam.

I do think the second answer should not be blocked. Or at least not for registered users. More and more people are using tabs of browsers, and I get more and more complaints.
Is it possible to not have this behavior in the new version of this module?

Thanks :)

Cactus : []
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 09:21PM
The demo forum uses the "old" version of Spam Hurdles. The new version of the module should prevent this issue from happening, because the way in which the data is stored is totally different.

I installed the v2 module on my test forum. You can try it out there. Anonymous posting is enabled and all possible spam hurdles are enabled for posting.


Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 09:23PM
And *you* can select which hurdle to run for registered users. you could even disable them all for registered users if you like.

Thomas Seifert
Phorum Development Team /
Custom Phorum and general software development
worry-free Phorum Hosting
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 10:08PM
Thanks Maurice, I tested your secret sauce and it works. How "beta" is your module? I have a forum with 150 to 200 messages a day, but I am afraid to test something too "new", however I trust your developing skills :)

Thanks Thomas, I checked the options, and I must do something wrong, because it does not work.
I set all the methods to "Enable for anonymous users" (instead of "Disable hurdle" or "Enable for all users").
So the spam hurdle should not be enabled for registered users, right? But their messages are blocked when following my reproducer above.
I am using version 1.1.6 of this module.
What am I doing wrong?

Cactus : []
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 10:36PM
Not too beta anymore. I had no bug reports and I have been running the module successfully on my own forum site. I put the new version in the 5.3 development tree as the default spam hurdles module for that version. If all keeps running smoothly, I will upgrade the 5.2 version as well at some point.

In short: yeah, I trust my developing skills too ;-)

Maurice Makaay
Phorum Development Team
my blog linkedin profile secret sauce
Re: Module: Spam Hurdles 2, beta - testers welcome
June 18, 2010 11:01PM
I tested it on my dev server, it works.

So I put it on my production forum, I'll tell you if I have any problem, they should be spotted quickly :D

Cactus : []
Sorry, only registered users may post in this forum.

Click here to login