Core/Security/ProhibitedDomains.php

+<?php
+
+namespace Minds\Core\Security;
+
+/**
+ * Domains listed here has been blacklisted due to spam.
+ * Short urls are also not allowed due to security issues.
+ */
+class ProhibitedDomains
+{
+    /** @var array */
+    const DOMAINS = [
+        'movieblog.tumblr.com',
+        'moviehdstream.wordpress.com',
+        'moviehq.tumblr.com',
+        'moviehq.webs.com',
+        'moviehq.wordpress.com',
+        'movieo.wordpress.com',
+        'movieonline.tumblr.com',
+        'movieonline.webs.com',
+        'movieonline.wordpress.com',
+        'movieonlinehd.tumblr.com',
+        'movieonlinehd.webs.com',
+        'movieonlinehd.wordpress.com',
+        'movies.tumblr.com',
+        'moviesf.tumblr.com',
+        'moviesgodetia.com',
+        'movieslinks4u',
+        'moviesmount.com',
+        'moviesmonster.biz',
+        'moviesondesktop',
+        'moviesonlinefree.biz',
+        'moviestream.wordpress.com',
+        'movieontop.com',
+        'afllivestreaming.com.au',
+        'londonolympiccorner',
+        'nrllivestreaming.com.au',
+        '24x7livestreamtvchannels.com',
+        'www.edogo.us',
+        'all4health.in',
+        'watches4a.co.uk',
+        'es.jennyjoseph.com',
+        'allsportslive24x7.blogspot.com',
+        'boxing-tv-2014-live-stream.blogspot.com',
+        'amarblogdalima.blogspot.com',
+        'www.officialtvstream.com.es',
+        'topsalor.com',
+        'busybo.org',
+        'www.nowvideo.sx',
+        '180upload.com',
+        'allmyvideos.net',
+        'busybo.org',
+        'hdmovieshouse.biz',
+        'sportblog.info',
+        'psport.space',
+        'discus.space',
+        'euro2016.it.ua',
+        'neymar.space',
+        'espnstream.space',
+        '2016.vn.u',
+        'blogstream.space',
+        'liveextratime.xyz',
+        'thebestlive.xyz',
+        'streamoffside.xyz',
+        'sportmaster2014.page.tl',
+        'bloggersdelight.dk',
+        'watchsportslive.space',
+        'freeforward.xyz',
+        'live4sports.xyz',
+        'streamfun.xyz',
+        'angelfire.com',
+        'streamtime.xyz',
+        'futebol2star.com',
+        'live2sport.com',
+        'newssports.space',
+        'onlineolympics.xyz',
+        'liveolympics.xyz',
+        'streamontv.xyz',
+        'londonschedule.com',
+        'onlineolympics.space',
+        'sportwinning.xyz',
+        'streamworld.xyz',
+        'streamtop.xyz',
+        'livechampion.xyz',
+        'playstreams.xyz',
+        'live4sport.xyz',
+        'streampage.xyz',
+        'calendarsport.space',
+        'fsport.space',
+        'euro2016.od.ua',
+        'streambig.xyz',
+        'sportprediction.xyz',
+        'streamwork.xyz',
+        'r041.donnael.com',
+        '2016.lt.ua',
+        'vipleague.se',
+        'liveonline.company',
+        'liveolympics.space',
+        'seoandvideomarketing.com.au',
+        'vipbox.sx',
+        'germanypolandlivestream.club',
+        'sportgoal.xyz',
+        'ggdbsale.com',
+        'gorillasteroids.eu',
+        'watchlivesports.space',
+        'penaltyshootout.xyz',
+        'streamgroup.xyz',
+        'streamnew.xyz',
+        'cottonsport.space',
+        'gosport.space',
+        'streambest.xyz',
+        'penaltyspot.xyz',
+        'streamthe.xyz',
+        'liveevents.name',
+        'londonblog.work',
+        'testcollections.com',
+        'alfagy.com',
+        'teravide1974.full-design.com',
+        'selfnarhasbllaq1980-blog.logdown.com',
+        'neipononchoi1984.suomiblog.com',
+        'gemttranlonthe1985.blogzet.com',
+        'pitchero.com',
+        'blogolize.com',
+        'lisbopholsven1974.thezenweb.com',
+        'blogocial.com',
+        'tinyblogging.com',
+        'share.pho.to',
+        'community.vietfun.com',
+        'ockuderla1985.full-design.com',
+        'unmosimla1978.total-blog.com',
+        'gemttranlonthe1985.blogzet.com',
+        'rapptubizboe1978.blogminds.com',
+        'descduclighgon1973.full-design.com',
+        'ricphosati1972.full-design.com',
+        'fuddbluslanmaa1975.blogdigy.com',
+        'smarforcute1976.blogdigy.com',
+        'xn--90aizihgi.xn--p1ai',
+        'tinyurl.com',
+        'bit.ly',
+        'bit.do',
+        '123football.space',
+        'bitly.com',
+        'j.mp',
+        'livestreaming.one',
+        'livestreaming.life',
+        'forbest.pw',
+        'olizev.tdska2ll.ru',
+        'tdska2ll.ru',
+        'tdska1ll.ru',
+        'tdska3ll.ru',
+        'tdska4ll.ru',
+        'ihmail.ru',
+        'tdska5ll.ru',
+        'tdska6ll.ru',
+        'll.ru',
+        'shorl.com',
+        'scorestream.space',
+        'bestsplayer.xyz',
+        'worldwideevents.space',
+        'worldseries.space',
+        'best247chemist.net',
+        '9tn.ru',
+        'futbolkin2013.ru',
+        'playnowstore.com',
+        'qr-url.tk',
+        'watchonlinerugby.net',
+        'esecuritys.com',
+        'rufile.no-ip.ca',
+        'imzonline.com',
+        'femeedia.com',
+        'mediomatic.com',
+        'savemoneyeasily.com',
+        'option1pro.com',
+        'perron07.nl',
+        'movieonrails.com',
+        'topmoviestoday.com',
+        'playnowstore.com',
+        'g-files.biz',
+        'dawnloadonline.com',
+        'thedirsite.com',
+        'siteslocate.com',
+        'mydrugdir.com',
+        'find24hs.com',
+        'veeble.org',
+        'movieonrails.com',
+        'bestmoviehd.net',
+        'putmovies.info',
+        'awarefinance.com',
+        'shurll.com',
+        'acceptsearch.com',
+        'signforcover.com',
+        'raisengine.com',
+        'rocketcarrental.com',
+        'godsearchs.com',
+        'listenhanced.com',
+        'find24hs.com',
+        'findinform.com',
+        'sitesworlds.com',
+        'rocketcarrental.com',
+        'thedirsite.com',
+        'getboook.com',
+        'pokerarena88.com',
+        'aquamelia.com',
+        'beautyskintalks.com',
+        'getmooovie.com',
+        'getdriversss.com',
+        'getsoooft.com',
+        'getgamesss.com',
+        'abrts.pro',
+        'leadbit.biz',
+        'efght.pro',
+        'qyresearcheurope.com',
+        'plusfreemaxfr.com',
+        'getappmac.com',
+        'getharlemhealthy.org',
+        'goo.gl',
+        'getmooovie.com',
+        'marketreportscenter.com',
+        'getsooft.com',
+        'myowndom.ru',
+        'print-mgn.ru',
+        'wiki-data.ru',
+        'velobog.ru',
+        'mobisony.ru',
+        'dzeroki.ru',
+        'slimkor.ru',
+        'kak-brosit-kyrit.ru',
+        'jinyurl.com',
+        'urlin.us',
+        'capillus.com',
+        'siteprofissional.com',
+        'mitersawjudge.com',
+        'mohajreen-jeeda.com',
+        'jobberies.com',
+        'bestfilms.site',
+        'baystudios.ch',
+        'elvenarhack.bid',
+        'essencephskincare.com',
+        'blog2learn.com',
+        'superrugbyonline.net',
+        'superrugby18.livejournal.com',
+        'expertairco.com',
+        'draesthetica.co.uk',
+        'sphere.social',
+        'saveabookmarks.xyz',
+        '/t.co',
+        'samuelsconstruction.build',
+        'pmwares.com',
+        'watchesofwales.co.uk',
+        'zotero.org',
+        'speakerdeck.com',
+        'freesiteslike.com',
+        'pusha.se',
+        'vrootdownload.org',
+        'rubberwebshop.nl',
+        'restaurerlecorps.info',
+        'discretthemes.info',
+        'bride-forever.com',
+        'simplesmetamorphoses.info',
+        'mp3gain.com',
+        'mp4gain.com',
+        'ttlink.com',
+        'onepost.cf',
+        'getmefunds.com',
+        'vikinail.pl',
+        'typesofbeauty.info',
+        'joie6portia93.bloglove.cc',
+        'htgtea.com',
+        'tblogz.com',
+        'liveinternet.ru',
+        '.diowebhost.com',
+        '/yoursite.com',
+        'reworkedgames.eu',
+        'mp3gain.sourceforge.net',
+        'pages10.com',
+        'nudegirIs.info',
+        'aidagirls.com',
+        'alsoloves.com',
+        'hotswishes.com',
+        'instaphoto.club',
+        'intimspace.com',
+        'pornopoisk.info',
+        'localmodels.online',
+        'kaikki-mallit.com',
+        'hotswishes.com',
+    ];
+}

Helpers/Text.php

@@ -90,4 +90,26 @@ class Text
     {
         return (string) $value;
     }
+
+    /**
+     * Runs through a body of text, checking it for values.
+     *
+     * @param [type] $haystack - Body of text.
+     * @param [type] $needles - Array of values to be searched for.
+     * @param integer $offset - offset to start.
+     * @return boolean|string - The matching value.
+     */
+    public static function strposa($haystack, $needles, $offset = 0)
+    {
+        if (!is_array($needles)) {
+            $needles = [$needles];
+        }
+        foreach ($needles as $query) {
+            if (stripos($haystack, $query, $offset) !== false) {
+                // stop on first true result
+                return $query;
+            }
+        }
+        return false;
+    }
 }

Spec/Core/Blogs/ManagerSpec.php

@@ -275,28 +275,26 @@ class ManagerSpec extends ObjectBehavior
             ->shouldReturn(true);
     }
 
-    public function it_should_abort_if_spam(Blog $blog)
+    public function it_should_check_for_spam(Blog $blog, Spam $spam)
     {
         $this->beConstructedWith(
             $this->repository,
             $this->paywallReview,
             $this->slug,
             $this->feeds,
-            null,
+            $this->spam,
             $this->search
         );
 
+        $spamUrl = 'movieblog.tumblr.com';
+
         $blog->getType()
-            ->willReturn('object');
+                ->willReturn('object');
 
         $blog->getSubtype()
-            ->willReturn('blog');
-
-        $blog->getBody()
-            ->shouldBeCalled()
-            ->willReturn('movieblog.tumblr.com');
+                ->willReturn('blog');
 
-        $this->shouldThrow(new \Exception('Sorry, you included a reference to a domain name linked to spam. You can not use short urls (eg. bit.ly). Please remove it and try again'))
-            ->duringAdd($blog);
+        $this->spam->check(Argument::any())->shouldBeCalled()->willReturn(true);
+        $this->add($blog);
     }
 }

Spec/Core/Security/SpamSpec.php

+<?php
+
+namespace Spec\Minds\Core\Security;
+
+use PhpSpec\ObjectBehavior;
+use Prophecy\Argument;
+use Minds\Core\Blogs\Blog;
+use Minds\Core\Config;
+use Minds\Core\Comments\Comment;
+use Minds\Entities\User;
+use Minds\Entities\Group;
+use Minds\Entities\Entity;
+use Minds\Core\Security\ProhibitedDomains;
+
+class SpamSpec extends ObjectBehavior
+{
+    public function it_is_initializable()
+    {
+        $this->shouldHaveType('Minds\Core\Security\Spam');
+    }
+
+    public function it_should_detect_spam_in_a_blog(
+        Blog $blog,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $blog->getBody()->shouldBeCalled()->willReturn('test bit.ly test');
+        $blog->getType()->shouldBeCalled()->willReturn('object');
+        $blog->getSubtype()->shouldBeCalled()->willReturn('blog');
+        
+        $this->shouldThrow(new \Exception("Sorry, you included a reference to a domain name linked to spam (bit.ly)"))
+            ->duringCheck($blog);
+    }
+
+    public function it_should_detect_spam_in_a_comment(
+        Comment $comment,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $comment = new Comment();
+        $comment->setBody('test bit.ly test');
+        $comment->setType('comment');
+        
+        $this->shouldThrow(new \Exception("Sorry, you included a reference to a domain name linked to spam (bit.ly)"))
+            ->duringCheck($comment);
+    }
+
+    public function it_should_detect_spam_in_a_user(
+        User $user,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $user = new User('123');
+        $user['briefdescription'] = 'test bit.ly test';
+        $user['type'] = 'user';
+        
+        $this->shouldThrow(new \Exception("Sorry, you included a reference to a domain name linked to spam (bit.ly)"))
+            ->duringCheck($user);
+    }
+   
+    public function it_should_detect_spam_in_a_group(
+        Group $group,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $group = new Group();
+        $group->setBriefdescription('test bit.ly test');
+        $group->setType('group');
+        
+        $this->shouldThrow(new \Exception("Sorry, you included a reference to a domain name linked to spam (bit.ly)"))
+            ->duringCheck($group);
+    }
+
+    public function it_should_detect_NO_spam_in_a_blog(
+        Blog $blog,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $blog->getBody()->shouldBeCalled()->willReturn('test bit.nospam test');
+        $blog->getType()->shouldBeCalled()->willReturn('object');
+        $blog->getSubtype()->shouldBeCalled()->willReturn('blog');
+        
+        $this->check($blog)->shouldReturn(false);
+    }
+
+    public function it_should_detect_NO_spam_in_a_comment(
+        Comment $comment,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $comment = new Comment();
+        $comment->setBody('test bit.nospam test');
+        $comment->setType('comment');
+        
+        $this->check($comment)->shouldReturn(false);
+    }
+
+    public function it_should_detect_NO_spam_in_a_user(
+        User $user,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $user = new User('123');
+        $user['briefdescription'] = 'test bit.nospam test';
+        $user['type'] = 'user';
+        
+        $this->check($user)->shouldReturn(false);
+    }
+   
+    public function it_should_detect_NO_spam_in_a_group(
+        Group $group,
+        ProhibitedDomains $prohibitedDomains
+    ) {
+        $group = new Group();
+        $group->setBriefdescription('test bit.nospam test');
+        $group->setType('group');
+        
+        $this->check($group)->shouldReturn(false);
+    }
+}