This was originally written by Smurf_Minions to allow people to query the StopForumSpam database. I've heavily modified the original code so it now allows you to query;

1. fSpamlist - www.fspamlist.com
2. StopForumSpam - www.stopforumspam.com
3. Sorbs* - sorbs.net
4. Spamhaus* - www.spamhaus.org
5. DSBL* - www.dsbl.org
6. SpamCop* - www.spamcop.net
7. ProjectHoneyPot** - www.projecthoneypot.org



An example of this can be found at;

http://fspamlist.com/checkspammers/?nam ... 2.95.54.36

Or

http://temerc.com/Check_Spammers/?name= ... 2.95.54.36

In addition to being a standalone "application", you can also use it in your own forums, guestbooks and such, by utilizing the check_spammers_plain.php file. This file will return ONLY the results of the query, without any HTML or other such formatting. I've been playing with a few forums and have created posts for those that I have successfully created working mods for;

viewforum.php?f=71

Download:

http://fspamlist.com/checkspammers/check_spammers.zip
http://temerc.com/Check_Spammers/check_spammers.zip

Installation:

All you need to do to install this is;

1. Extract the zip and upload the check_spammers folder (including ALL of it's contents) to your web server (you can place it absolutely anywhere on your server, it doesn't require a specific location).

2. Enter your ProjectHoneyPot and BotScout API keys in config.php (it'll ignore these databases if you do not specify them and will notify you on the web interface)

3. Ensure the "spambots" folder is writable (if you've asked it to write the results to text files, otherwise you can ignore this)

You can then either use it standalone, or via your own scripts, or via one of the mods posted to this forum (see above). Ensure you change the URL in the mod, to the URL representing the check_spammers folder location on your web server. For example;



Where /somewhere/on/your/website/ is the path to the check_spammers folder

Misc:

An ASP function that allows you to query the blacklist, is available from;

viewtopic.php?f=71&t=6234

This is a re-post of the original that was previously at the old fSpamlist forums

Updated this whilst I was at the hospital

http://fspamlist.com/checkspammers/?nam ... .24.76.232

Changes:

+ Added error handling for those using < PHP 5
+ Added error handling for those that don't have SimpleXMLElement available
* Cleaned up HTML/CSS code again
* "Prettied up" results
* Moved text to en.php to allow for localization
* Creation of text file with spammers details is now optional (see config.php)
* Everything except index.php and the images folder, now moved above htdocs root for security
* Cleaned up code formatting
* fSpamlist and StopForumSpam checks now split, so checking an e-mail address is no longer mandatory

Updated again to fix both a bug in the HTML code in check_spammers.php, and to include check_spammers_plain.php (Ref: viewtopic.php?f=71&t=6175)

Date: 27-11-2008

+ Updated to allow those without SimpleXMLElement available, to still use the functions

Forgot to mention, I updated the Spamhaus code. It now checks for the response codes as indicated at;

http://www.spamhaus.org/faq/answers.lasso?section=DNSBL Usage

I've also corrected a minor bug in the DNSBL checks.

I've updated the zip to have both a simple and full version of this. The usage is;

1. Use Simple if this is NOT going to be used as a standalone website and you just want a drag-drop.

To use this version, just extract the Simple folder from the zip, and copy it to wherever you'd like it.

2. Use the full (htdocs/private) version if this is to be used as a standalone website and/or you are familiar enough with PHP to make the necessary path modifications.

If you need help with any aspect of this, feel free to drop by the forums;

viewforum.php?f=71

Note, it would help if;

1. You told me which version you were using
2. What error message (if any) you are receiving
3. If you are using this as part of a forum/guestbook filter (if so, which forum/guestbook etc software, and posting a zip'd copy of the respective file (e.g. usercp_register.php for phpBB2)
4. The user details you used to test this (e.g. username, e-mail and IP)

I'm only human, and have limited PHP knowledge (which is why this is extremely basic), and am prone to error.

Date: 01-12-2008 (v0.5)

+ Now allows querying Projecthoneypot.org (API key required*)
* Modified Spamhaus query code (now also includes description of the return codes)

* Your projecthoneypot.org API key MUST be placed in the respective var in config.php

http://projecthoneypot.org/httpbl_api.php

Those using ASP that would like to query the blacklists currently supported by the Check Spammers script, can use;

viewtopic.php?f=71&t=6234

Another update;

06-12-2008

+ Now includes the Spamhaus "friendly" return codes in the actual results

To help allow troubleshooting when someone is blocked, the Spamhaus result will now tell you whether it was the CBL, PBL, XBL etc etc, that the IP is listed in. For example;

http://temerc.com/Check_Spammers/?name= ... 39.127.108

Another update ........

v0.6 08-12-2008

+ Now includes SpamCop results

I've also made a slight change to the "Get the code" link. It now links to this thread to save a bit of hassle.

v0.7 09-12-2008

- DSBL check removed as the DSBL is apparently dead;

Ref:
http://www.dsbl.org

Ref:
http://www.stopforumspam.com/forum/p246 ... 3A45#p2467

Date: 10-12-2008

+ Check DNS Blacklists (spamhaus etc) now optional when using check_spammers_plain.php

To leave out the DNS Blacklists check, just append &dbl=no to the querystring

Example;

http://temerc.com/Check_Spammers/check_spammers_plain.php?ip=190.245.57.79&dbl=no

v0.10 Date: 13-12-2008

+ Added additional information concerning listings in ProjectHoneyPot

If an IP is found to be listed in PHP, if using the main UI, you will be given detailed information.

If using the check_spammers_plain.php script, you will be provided with it's "simple" listing (e.g. 127.x.x.x)

The 127 address results are;

• Octet #1: 127 - static
• Octet #2: 0-255 - Number of days the IP was last seen
• Octet #3: 0-255 - Threat score (0 = low risk, 255 = high risk)
• Octet #4: 0-7 - Visitor Type

Detailed info: http://www.projecthoneypot.org/httpbl_api.php

Example (using main UI):
http://temerc.com/Check_Spammers/?name= ... .200.96.80

Example (using check_spammers_plain):
http://temerc.com/Check_Spammers/check_ ... .200.96.80

Note the return code in the second example, 127.2.26.5. This means;

Last Seen: 2 days ago
Threat Score: 26/255 (moderately low)
Visitor Type (5): Suspicious & Comment Spammer

Using the main UI, this would be displayed as:

It's got it's own homepage now

http://support.it-mate.co.uk/?mode=Prod ... searchtool

Just a note folks, I've changed the licence to the Creative Commons Attribution 2.0 licence;

http://creativecommons.org/licenses/by-sa/2.0/uk/

See the following for how it is displayed on the "site" itself;

http://temerc.com/Check_Spammers/

Version: 0.11

+ Added options to selectively disable individual DNS blacklists when using check_spammers_plain.php

For example, to disable the spamhaus query, you would change;

check_spammers_plain.php?

To;

check_spammers_plain.php?sh=no
Notes:

For a full list of options available, and how to use them, please see the FAQ

http://support.it-mate.co.uk/?mode=Prod ... chtool#187

I've just released 0.12 which fixes a bug when usernames/email addresses, contain spaces.

Version: 0.13

Now uses cURL (if available) if file_get_contents() is not available

Date: 22-01-2009

+ Optionally submit spammers automagically to fspamlist.com (API required)

29-01-2009 v0.15

+ View spammers you've asked the filter to log to text file
+ View spammers you've had your mod email to you (assumes you've used the same email format as outlined on the TeMerc forums)
* Fixed spammers particulars not being logged to text file properly
- Ditched "Full" package in favour of the Simple (less to update and simple is what most want)

30-01-2009 v0.16

+ Now also checks BotScout (botscout.com, API key not required but is recommended as they only allow limited queries without one)
+ Text files now also created when using check_spammers_plain.php (if enabled)

v0.16 has been re-released due to a couple of modifications that were required;

1. Domain doing the querying (i.e. the server hosting the SBST) must be provided when submitting to fspamlist.com
2. Error code was added to Bot Scout (see: http://botscout.com/forum/index.php/topic,2.0.html)

Version: 0.17

* Bug with getURL function in check_spammers_plain.php
Notes:

Thanks to Mike at Bot Scout for letting me know )

Ref:
http://hphosts.blogspot.com/2009/02/spa ... -v017.html

v0.18 has been released. You only need to download it if you're using PHP4 and want to use it as this release only see's the removal of the PHP5 checks blocking those using PHP4 and earlier.

Oh and ....... thar be a new SBST mirror

http://montanamenagerie.org/hostsfile/Check_Spammers/

Spambot Search Tool v0.19

v0.19 of the SBST has now been released. The main change in this release includes a re-write of the functions used to query fSpamlist, StopForumSpam and BotScout in the check_spammers_plain.php.

Changes in this release include:

- BotScout, fSpamlist and StopForumSpam query routines re-written in check_spammers_plain.php to improve efficiency

- True/false echo in check_spammers_plain.php moved to just below "END CHECK DNSBL" to fix a problem with PHP4

Overview & Download
http://support.it-mate.co.uk/?mode=Prod ... searchtool

Spambot Search Tool v0.19 re-released

Just a note folks, due to a couple of changes and one or two bug fixes, I've re-released v0.19. The main bug fix concerns the web interface and BotScout (when an error is returned by BS, it was flagging it as a spammer), and a minor bug fix with view_spammers.php.

I've still got one or two things to add into the next release, such as a cache and counter feature (both requested), but strongly recommend downloading this update in the meantime.

http://support.it-mate.co.uk/?mode=Prod ... searchtool

v0.20 Released

* Fixed $bln_SaveToFile ignored when set to false
* Moved version history from config.php to history.txt

- Removed fSpamlist submission routine from check_spammers.php for those that want to test it via the web interface

DO NOT TEST IT WITH YOUR OWN DATA MIXED WITH SPAMMER DATA IF YOU'VE GOT YOUR FSPAMLIST SUBMISSION API KEY ENTERED!!

+ Added counter routine (requested)
+ Added simple e-mail validation (also does IP lookup to ensure the hostname actually resolves - it's not a valid e-mail if it doesn't)
+ Added simple IP validation
+ Added Version History link to index.php footer (next to "Get the code!")
+ Added spammers blocked (next to "Version History")

Spam Bot Search Tool v0.21

I've released this in response to SFS being down. All that's been added is the ability to enable/disable the checking of SFS or FSL.

To disable a database, open config.php and set the respective variable to false, for example, to disable StopForumSpam;

$CheckSFS = FALSE;

Download v0.21
http://support.it-mate.co.uk/?mode=Prod ... searchtool

Ref:
http://hphosts.blogspot.com/2009/02/sto ... fline.html

Spambot Search Tool v0.22 has been released

Changes:

+ Added function to check if server is online
+ Added notes to top of all files
* Moved getURL function to functions.php
* Re-written e-mail validation as a function and moved to functions.php
* Replaced IP validation with function by Mike (botscout.com)
* Moved old IP validation routine to functions.php and re-written as function
* Partial re-write of Spamhaus query routine in check_spammers_plain.php
* Fixed fSpamList SimpleXMLElement check (was only checking $xml->Email instead of all 3)
* Modified ProjectHoneyPot query so "Search Engine" and "Suspicious" aren't flagged when using check_spammers_plain.php
* Fixed SpamHaus query so PBL and CBL aren't flagged when using check_spammers_plain.php

Download:
http://support.it-mate.co.uk/?mode=Prod ... searchtool

Next to add is the caching

The attached is for those without get_headers() and/or file_put_contents() available and contains ONLY the patched files. Just extract the zip and overwrite the existing copy of the files.