Control your vBulletin forum registration process and stop the registration bots.

This mod will check the the time it takes for a vBulletin registration form to be submitted. If the form is submitted faster then humanly possible, the registration will be denied and the admin contact will be emailed about the event. The time is settable

We will start the registration on the forum rules page in two ways. First we will add a custom hidden field with a hash. Second we will insert a randomly named hidden field with a random value. This should make it a bit difficult to program a bot since the field names on all sites will be different as well as the values.

We will use a second set of random hidden fields on the form page as well to add to the confusion.

Time stamps to check the time spent on registration submission are stored in a DB table and private.

A registration will have to come through the Rules page and the form. Every Site will be different.

Installation is very easy.

There are two templates to edit.
One database table is added.
Three hooks are utilized.
Includes uninstall code.
Adds to vBulletin options.
Set time frame option.
Includes Phrases.
Sends Mail to Admin.
No files to upload.
XML product install.
Instructions attached in zip.

Demo usage and view source at http://www.riderinfo.com/

Compatibility
This hack is known to work on vBulletin 3.6.11 PL1 and will likely work back a few versions in the 3.6.x vBulletin series. Of course it works on 3.7.x as posted too.

HISTORY
1.2.2
added admin email on/off setting
moved hook code to files to reduce overhead.
1.2.1
Added Enable/Disable setting.
Fixed coppa includes file probem
Added file upload instructions to readme file.
1.2.0
Added JS timer to registration button.
Added enable/diable for email.
Removed ACP settings for random fields on rules and reg form pages and automated.
Reworded Pharses in ACP.
Recoded rules form and reg form edits.
Renamed variables for better code following.
Added more DB fields per user reg for tracking random automation.
New Hook on start_registration for functions.
Added new functions file. includes/stb_functions.php.
1.0.3
Changed input user name on rules form to random named hidden field with hash value.
Removed \n chars from email phrases.
All changes to registration are transparent to the folks registering.
Renamed DB username field to hash.
New hook on register_signup.
1.0.2
Added new Pre Reg Name hidden field to register form edits and ACP.
Added code to deal transparently with user deciding to change name after pre submitting it.
1.0.1
Fixed typo, changed 36000 to 3600 in product file.
1.0.0
Original Release.

Installed.

Thanks! Please feel free to give some feed back, good or bad.

This was just one of those things that happened, there was no plan really. It's a follow up on some stuff I read researching another project I plan to release soon that may be very useful as well. It's the exact opposite of this in that it helps your forum avoid looking like email is spammy and gives the users and admins some really nice new ways to control some important settings that effect email.

Thanks,

I installed and the process was seamless! marked as installed ;)

noppid your back making hacks sweeeeeeeeeet :D

nice liltle hack :)

What if the user decides they want to use another name after that screen? Is there some warning that tells them that they have to use that name or is it set by default where they can't change it?

And, no, I have not had any beers, if this sounds confusing. ;)

* projectego clicks install :)

Thanks! Please feel free to give some feed back, good or bad.

This was just one of those things that happened, there was no plan really. It's a follow up on some stuff I read researching another project I plan to release soon that may be very useful as well. It's the exact opposite of this in that it helps your forum avoid looking like email is spammy and gives the users and admins some really nice new ways to control some important settings that effect email.

Excellent! something which I need asap, as I have had to block yahoo emails from registering on my site as none of my emails get through to yahoo inboxes anymore.

What if the user decides they want to use another name after that screen? Is there some warning that tells them that they have to use that name or is it set by default where they can't change it?

And, no, I have not had any beers, if this sounds confusing. ;)

Let me ponder that while I'm at an appointment this morning. We may need a "start over" link for that. That seems easy enough. Good catch.

EDIT: On second thought, if they change their mind on the name, the bot detection mechanism should be transparent. We likely need another field in the DB.

I just want to have it like the original Is Bot where if the registration time is too fast it stops the registration. Is this possible?

I just want to have it like the original Is Bot where if the registration time is too fast it stops the registration. Is this possible?

That's in there. It hides the time stamp in a DB table instead of passing it in the post vars or URL.

Let me ponder that while I'm at an appointment this morning. We may need a "start over" link for that. That seems easy enough. Good catch.

EDIT: On second thought, if they change their mind on the name, the bot detection mechanism should be transparent. We likely need another field in the DB.

Also, does it empty the info after the registration is deemed legit, or does the info keep collecting with each registration attempt?

It dumps the info on registration and dumps the table of expired lost records that are 60 minutes or older if any exist.

Ahh, OK, great! So, are you going to update this with another field in response to my first question? And I can un-install ISBot if I am using this, right? Or do I need both of them?

Ahh, OK, great! So, are you going to update this with another field in response to my first question? And I can un-install ISBot if I am using this, right? Or do I need both of them?

You don't want to use both I don't think. I used the best ideas from that and made them a little stronger. With the ideas ya'll are sharing, we should only need one app once we get all the features sorted.

I'm still tossing around how to handle your Name thing. My best idea is to pass a hash of something from the rules page and then check the DB against that and the name no longer matters.

Or, we should just remove the username input field and display the name already chosen with a note and link. Don't like this username Anymore? Click here to start over. I like this idea best myself.

Either way would work but I think the hash idea, if done properly, would be a better way to go. If someone registers on a site that has this installed and they also register on sites that don't, they might get confused as to what the name part is all about in that section of the registration process.

Yeah, familiarity breeds contempt. Keep it as similar as possible.

Ok, unique hash coming up. we'll all have a unique name for that hidden hash field too. That'll keep um confused. ;)

Sounds good. Looking fiorward to it.

Thank you!

I think we can handle a changed name better with a check on submission. If this don't match that, name was changed, lookup record with old name not new name.

I'm thinking about this before I pull the trigger on any code.

Name changes are dealt with now. And there is one more, unique to your site, hidden field added to the Registration form.

Great ideas folks! Ya'll can view the source code for the form at the demo site listed above in the mod description.

Let me read it over and see if I'm happy.

Upgrade will be to add one edit to the register template and install the product.

Just curious, how did you do the name change? Sounds like you canceled the hash idea.

A direct link to the source code would be better as there is no way I can figure out where it is on the site.

Sorry for the confusion, I meant view the HTML form code. The Code is not posted except in the release file here and that is the old code.

Yeah, the hash was getting over complicated. We deal with the name change by using a second hidden field and track it with a unique name you set.

Seems to be working and handling errors properly on my site. I had installed a bug and messed things up for a while. But we stomped it.

Anyway, if you view the two forms, you'll see where we grab the pre-name on forum rules and then place it in a hidden on the reg form. That allows for tracking the record and the name changing.

The Pre-reg name field on rules is settable, the hidden field name that saves it on the reg form is settable, and we have the settable hiddens on each form.

Lot's of confusion. I confused myself even coding it.

Shouldn't the registration permissions implemented in vb script stop the bots already? Or is this a bot detector for possible bot attempts to register?

Sorry for the confusion, I meant view the HTML form code. The Code is not posted except in the release file here and that is the old code.

Yeah, the hash was getting over complicated. We deal with the name change by using a second hidden field and track it with a unique name you set.

Seems to be working and handling errors properly on my site. I had installed a bug and messed things up for a while. But we stomped it.

Anyway, if you view the two forms, you'll see where we grab the pre-name on forum rules and then place it in a hidden on the reg form. That allows for tracking the record and the name changing.

The Pre-reg name field on rules is settable, the hidden field name that saves it on the reg form is settable, and we have the settable hiddens on each form.

Lot's of confusion. I confused myself even coding it.

OK, well, I'll have to look at how you've done it before I decide if i want to install it. I'm not sure changing the way vb does the registration for the name is the way to go for me. I think it would be a little confusing to new members, but that is just me.

OK, well, I'll have to look at how you've done it before I decide if i want to install it. I'm not sure changing the way vb does the registration for the name is the way to go for me. I think it would be a little confusing to new members, but that is just me.

no, ur not alone, it would confuse other members aswell

Well, change is hard. Nothing changes what so ever on the registration page. People just have to type a name on the rules page now as well as check a box.

I set out to change it on purpose.

Instead of collecting the name and using that, we could GEN and Pass some hash off I guess. But as i said, my purpose was to make things different.

The more I type, the more I like passing the HASH. I didn't want to pass it. But that is more random and gives us control better.

Ok, you win. That's a better Idea. That changes things a lot for us and not for the user at all.

Easy turnover too.

You DO suck up rather well. ;)

But I think no changes for the user throws them off to what is really happening behind the scenes, which is what we want to do, right?

You DO suck up rather well. ;)

But I think no changes for the user throws them off to what is really happening behind the scenes, which is what we want to do, right?

Well, I didn't really consider that at first. I originally set out to upset that. But the more you and others typed, the more I realized most want transparency. So, no big deal. I'm getting mellower with age. ;)

It's done and working. I need a break and I'll take a look with fresh eyes in a while, run a test and post code. I want to be available when I post in case I missed something.

If you think about it, transparency is better for something like this as the bots won't see anything different and won't know what is up on the surface. If they experience changes in the way things usually are, they can adapt that much quicker. Simplicity at it's finest, so to speak.

If you think about it, transparency is better for something like this as the bots won't see anything different and won't know what is up on the surface. If they experience changes in the way things usually are, they can adapt that much quicker. Simplicity at it's finest, so to speak.

Posted for your review.

:D installed thanks.

Will this work with 3.6.8?

I'm planning on upgrading but won't have time to reinstall all my mods for at least three weeks.

Not working for me.

I add the product but then when I hit Register, accept the terms and click continue it says I left a required field blank (never shows the form to register).

I am using this alongside the ajax registration and am using recaptcha as my image verification

Will this work with 3.6.8?

I'm planning on upgrading but won't have time to reinstall all my mods for at least three weeks.

It might. I'm running it on www.riderinfo.com on vBulletin 3.6.10

Not working for me.

I add the product but then when I hit Register, accept the terms and click continue it says I left a required field blank (never shows the form to register).

I am using this alongside the ajax registration and am using recaptcha as my image verification

Did you do the template edits in the instructions? Without them, that is exactly what will happen. Check your ACP settings for Stop the Registration Bots too.

Not working for me.

I add the product but then when I hit Register, accept the terms and click continue it says I left a required field blank (never shows the form to register).


I had the same problem. Went back and triple-checked that I had added the correct hidden fields to the correct templates as described in the text file. I had done everything correctly.

However, I had used some really long hidden field names using a mixture of upper-case letters, lower-case letters, and numbers. On a hunch I changed the hidden field names to some 8-to-10 character all lower-case letters and it started working.

Thanks for the heads up. I didn't make any notes on the limitations of those fill ins.

I'm thinking of automating the process 100% and generating everything random on a per registration basis and using the table we have to store the values.

I had the same problem. Went back and triple-checked that I had added the correct hidden fields to the correct templates as described in the text file. I had done everything correctly.

However, I had used some really long hidden field names using a mixture of upper-case letters, lower-case letters, and numbers. On a hunch I changed the hidden field names to some 8-to-10 character all lower-case letters and it started working.

I edited the description fields to add text that clears that up. It should help.

We also eliminated 4 of the fill in fields and made them auto generated. We track them via the db and that makes things very random. The only field that won't change names unless the admin updates it is the hash field name on the rules and user reg page. Changing them once in a while will keep things very confusing.

I'm trying to get as close to possible to set it and forget it. We may me able to make a cron job that resets those too so things shake up very often and random.

Pretty quiet here. I guess all is well? I have the cleaner automated version of this ready to go if there is an interest.

Thanks

yes pls

installed :d

Installed on 3.7.3

I will report back in a bit to let you know if it was successful in preventing bots or not.

Installed

Installed. I left everything at the default settings. That should be OK, right?

Pretty quiet here. I guess all is well? I have the cleaner automated version of this ready to go if there is an interest.

Thanks

I've installed it, and left everything default in ACP. I'm hoping this will stop all of the registering I see going on in WOL as guests. Then find there were'nt any during that particular hour.

Pretty quiet here. I guess all is well? I have the cleaner automated version of this ready to go if there is an interest.

Thanks

Please.

Has anyone tried this on either version 3.7.2 or 3.7.3?
If so, did it work ok?

3.7.2....still waiting for an email, but it looks like one of mine got in today.

You don't want to use both I don't think. I used the best ideas from that and made them a little stronger. With the ideas ya'll are sharing, we should only need one app once we get all the features sorted.
I wholeheartedly agree with you. Spam bots are becoming an increasing problem and we need a very advanced solution for this. There are various useful hacks to counter bots, but it is not possible to combine several of them. Especially those hacks that deal with the registration. It would be nice to have one integration for all of them.

Would this hack work with:
Enhanced Image Captcha - Stop bots from signing up! (https://vborg.vbsupport.ru/showthread.php?t=181818&highlight=spam)
vMail - Verify Mail before registration. (https://vborg.vbsupport.ru/showthread.php?t=162642)

How is this supposed to work? I have it installed and enabled, but WOL still shows googlebot, yahoo slurp still actively trying to register. Though they don't end up registering, I'm not getting any notifications or anything.

How is this supposed to work? I have it installed and enabled, but WOL still shows googlebot, yahoo slurp still actively trying to register. Though they don't end up registering, I'm not getting any notifications or anything.

lol those aren't the bots you need to worry about ;)

in fact, you WANT those bots on your site. :)

lol those aren't the bots you need to worry about ;)

in fact, you WANT those bots on your site. :)


Oh, I don't want to get rid of them, I want them to stop trying to register.

Thank you very much for this. I will install ASAP on 3.7.3 and report the results.

Bots have been a serious issue these past 3 months, and I thank you for the time you have spent to improve the vB experience for the whole community.

**INSTALLED**

good to see a 3.7 mod by ya noppid :)

Great stuff Marked as Installed

Thanks

Oh, I don't want to get rid of them, I want them to stop trying to register.
disallow them from register.php, by listing this in your robots.txt

Here's what I have listed in my robots.txt file:
Disallow: /calendar.php
Disallow: /editpost.php
Disallow: /member.php
Disallow: /memberlist.php
Disallow: /misc.php
Disallow: /newreply.php
Disallow: /newthread.php
Disallow: /printthread.php
Disallow: /private.php
Disallow: /register.php
Disallow: /report.php
Disallow: /search.php
Disallow: /showgroups.php
Disallow: /usercp.php
Disallow: /admincp/
Disallow: /modcp/
Disallow: /online.php
Disallow: /subscription.php
Disallow: /threadrate.php
Disallow: /poll.php
Disallow: /attachment.php
Disallow: /avatar.php
Disallow: /faq.php
Disallow: /usercp.php
Disallow: /profile.php

User-agent: Custo
Disallow: /

User-agent: Slurp
Crawl-delay: 10

It is possible to not get the emails? I currently get about 40 a day from the ISbot mod from Calorie...and it kills me deleting them from my phone since the email system is linked.

It is possible to not get the emails? I currently get about 40 a day from the ISbot mod from Calorie...and it kills me deleting them from my phone since the email system is linked.

Same for me--phone deletion and all lmao.

Could you please inform me how to get email to sms connection? Is there a Gateway?

Great mod. Installed

excelente producto mi bro asi ya no tendre que instalar pueden ver otro demo aqui

www.zonagamerz.com (http://www.zonagamerz.com)

im definetly gonna try this, latley in the last week or 2, ive been getting crazy amounts of World of Warcraft Power Leveling and Buying Selling Gold adverts, and its annoying.

what exactly do i need to change in the options??

THANK YOU! This really helped me during todays little spam run!

Registration bots seem to fly off the handle recently. I've got quite a surge of registration attacks. Had to switch to moderation of new users.

I'd also like a way to disable the email notification, but it works great. Thanks!

Installed. :D

Kyle

Installed. Only 1 bot succeeded to breach the firewall versus 20 to 50 a day before. That sucker was manually deleted.

Just a heads up, I must not have subscribed and missed these posts, sorry. I have an upgrade ready to post, it automates some stuff but works the same. So everyone is still safe.

BTW, since I installed this I have had maybe two or three bot attempts. I have had so many in the past few days, it's scary. But NONE of them got through to register. :)

Just a heads up, I must not have subscribed and missed these posts, sorry. I have an upgrade ready to post, it automates some stuff but works the same. So everyone is still safe.

BTW, since I installed this I have had maybe two or three bot attempts. I have had so many in the past few days, it's scary. But NONE of them got through to register. :)

awesome, dude. thanks for the great mod!

I like to say there's always more than one way to skin a cat. This is one way. There are others, but I prefer this as it's transparent.

Thanks for the kind words.

It seems everyone is having the same issue lately as me.. several registration bots are popping up each day on my forums, lol.

Was very glad to find this, and have installed it without any issues.

However, I do have one question. For now, I have the second part still at 15 (which I guess is default) what settings do you find the best? Should I lower it to 10, etc?

Awesome mod.. thanks!

I wonder how to make sure the mod actually work? I installed it but would like to see something that let me know there are spammers who want to register but got blocked?

It seems everyone is having the same issue lately as me.. several registration bots are popping up each day on my forums, lol.

Was very glad to find this, and have installed it without any issues.

However, I do have one question. For now, I have the second part still at 15 (which I guess is default) what settings do you find the best? Should I lower it to 10, etc?

Awesome mod.. thanks!

I have only gone a low as 12 myself. An update coming will include JavaScript to tell the user how long they have to wait to hit submit.

I thought about displaying the time real hard and don't think it's an issue.

I wonder how to make sure the mod actually work? I installed it but would like to see something that let me know there are spammers who want to register but got blocked?

If a spammer gets caught, you get an email to webmasteremail. In my experience I have found it best for all three vBulletin notification emails to be the same. But that's another thread about getting the mail through.

I have also updated this modification to note that it will work on vBulletin 3.6.11.

I was going to ask if this mod would email me if a bot was stopped, like isBot does, but it didn't take long to find out! Great job... Thanks!

Giving it a go...

I was going to ask if this mod would email me if a bot was stopped, like isBot does, but it didn't take long to find out! Great job... Thanks!

Yep, and you can submit the offending email address to spam databases with the information emails.

Good to hear that this is helping.

Installed. Sounds good. Thanks!

is this ok on 3.7.3 ? the last week has been a nightmare with contiuous bots registrations etc

I'm running it on 3.7.3 and 3.6.11 PL1.

seems ok on 3.7.3

nice one noppid

Installed and running on 3.6.8. Already stopped 4 attempts. Seems to be working ok.

Great news. But darn, that just make us a bigger target I bet. :p

Installed. Looks good.

With the recent attack on tons of site I am going to give this a try on 5 sites.

just installed and we already had one get through. it has prevented a bunch though.

this spam attack seems like it's never going end.

Just wondering what should happen if bot programmers inserts a delay before submit the registration form. This mod appears to be very easy to cheat.

I am curious. Sorry if my post makes no sense, I am not a programmer so my reasoning is from a human being :D

Just wondering what should happen if bot programmers inserts a delay before submit the registration form. This mod appears to be very easy to cheat.

I am curious. Sorry if my post makes no sense, I am not a programmer so my reasoning is from a human being :D

The bot still has to deal with the hidden fields and if you make sure that you change the codes fairly often they will not get past.Changing the codes immediately you install is vital.

just installed and we already had one get through. it has prevented a bunch though.

this spam attack seems like it's never going end.


The ones getting through are not bots,they are humans with a crib sheet and instructions to copy paste info in to certain boxes.You can make life hard for them as many do not speak other languages,set some extra required profile fields in your registration and they are mostly stuck.

I use this mod and "no spam" and added extra fields, anyone not speaking english would have to guess the correct entry to make.

I see dozens of failed registrations on Paul M's "guest tracking" mod and have only seen one manual registration for a spammer in the last month.

Also set your registration to email verification( or even admin approval) ,checking usernames and email addresses against Google gives a good indication of someone spaming and I delete their registration before they get a chance to do anything.

Just wondering what should happen if bot programmers inserts a delay before submit the registration form. This mod appears to be very easy to cheat.

I am curious. Sorry if my post makes no sense, I am not a programmer so my reasoning is from a human being :D

We'll cross that bridge when we come to it if that is possible. ;)

Carey Crew's advice answers your question well I believe. Thanks Carey!

The ones getting through are not bots,they are humans with a crib sheet and instructions to copy paste info in to certain boxes.You can make life hard for them as many do not speak other languages,set some extra required profile fields in your registration and they are mostly stuck.

I use this mod and "no spam" and added extra fields, anyone not speaking english would have to guess the correct entry to make.

I see dozens of failed registrations on Paul M's "guest tracking" mod and have only seen one manual registration for a spammer in the last month.

Also set your registration to email verification( or even admin approval) ,checking usernames and email addresses against Google gives a good indication of someone spaming and I delete their registration before they get a chance to do anything.

We went ahead and set new users to go into moderation in case they get through. That one I referred to earlier is the only one that has made it through, so I know this mod is a huge help :)

Thanks noppid. Have just installed this, and am looking forward to being spam free soon! :)

It's helped up through this. But ya still gotta clean your in box from notifications. :p

Good luck.

I installed this yesterday and for the first time in a week we didn't have any overnight registrations. So far so good.

Thanks for this!!!!

I installed this yesterday and for the first time in a week we didn't have any overnight registrations. So far so good.

Thanks for this!!!!

That's great news. We're getting hammered with bots too.

To be certain they don't get in, I've been changing my settings for hidden fields daily. That's not too hard. But I want to automate that too.

Helpful. Thanks.

Quite helpful.

Is there a way to stop the emails everytime a bot is stopped?

I have to say that this mod has definitely slowed down the bots, but a few are still getting through on a clients' site. Something like 5 to every 20.


Is there a way to stop the emails everytime a bot is stopped?HA! I had to set a message rule to delete the emails from the server, there were just to many to deal with. :o

ALL in all I think this is a great mod :)

Guten Abend Kann Mir Jemand Helfen Dieses Add Zu Installieren Bitte?

Is there a way to stop the emails everytime a bot is stopped?

I'll add a setting to disable emails.

I'm about ready to publish an update I've been testing too. The test was done with no image verification, recapture or q&a enabled for human verification. We didn't even change the hidden field names daily. We got the emails to prove it's working.

Guten Abend Kann Mir Jemand Helfen Dieses Add Zu Installieren Bitte?

Ich kann nicht lesen oder kann Deutsch sprechen. Helfen Sie mit einem Problem oder brauchen Sie jemand, dies f?r Sie zu installieren?

Updated thanks, but after i include the day, month and year then click submit it just shows me a blank page, can you help?
I am using 3.7.3

Updated according to the instructions for > UPGRADE from 1.0.3 to 1.2.0 <

registration now not working and this error is shown >>

Fatal error: require_once() [function.require]: Failed opening required '/home/****/public_html/includes/stb_functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/****/public_html/register.php(81) : eval()'d code on line 4

had to disable product.

Updated according to the instructions for > UPGRADE from 1.0.3 to 1.2.0 <

registration now not working and this error is shown >>



had to disable product.

OK, I'll check it immediately!

We posted 1.2.1 to fix the issue. It slipped by, I didn't have coppa enabled.

We added an enable/disable setting too.

:o:o You might want to change your install and upgrade instructions to include the fact that there is a file to upload to ... /includes :rolleyes::rolleyes:

Appears to function now,will check again for any errors.

:o:o You might want to change your install and upgrade instructions to include the fact that there is a file to upload to ... /includes :rolleyes::rolleyes:

Appears to function now,will check again for any errors.


Will do. I didn't realize I left that out. Thanks!

I installed the latest version and it is working great on vB 3.7.3. Thanks again for this much needed mod.

Upgraded, installed and seems to be working fine, thanks

Great stuff. Just upgraded to the latest version. This has been a lifesaver. In the past few weeks it has trapped dozens of bots from registering. Works great!

Thanks, glad to hear that this has helped everyone that has given it a try.

When I realized that I had no human verification turned on on one of my forums that has this installed and the bots were still being stopped, I was pleased too.

When I register I got this msg "You have left a required field blank."
Help me please

When I register I got this msg "You have left a required field blank."
Help me please

Did you do the template edits correctly? Got a link?

yes I did correctly

yes I did correctly

Something went wrong apparently and without details and links, well, all we're gonna do is run up the post count of this thread, not fix your problem.

this is my forum just check it http://www.lovetack.com/home/index.php?

There are problems on forum_rules.

<input type="hidden" name="" value="" />
<input type="hidden" name="UheKLwaQ" value="" />


Are there blank fields in the ACP settings? Are all the hooks enabled? What version of vBulletin are you on?

Did you do a new install or upgrade? If upgrade, did you uninstall the old version first?

Im using 3.7.3 Patch Level 1
and
Enable checks for registraion bots? Yes
Minimum Time for Registration Submission 1
Rules Page Hash Hidden Field Name UheKLwaQ
Register Page Hash Hidden Field Name iuwHJPQn
Email Notification Yes

all the hooks enabled

Im using 3.7.3 Patch Level 1
and
Enable checks for registraion bots? Yes
Minimum Time for Registration Submission 1
Rules Page Hash Hidden Field Name UheKLwaQ
Register Page Hash Hidden Field Name iuwHJPQn
Email Notification Yes

all the hooks enabled

On a guess, I think there is a table problem. Uninstall product and install product xml again and see if we get the other fields filled out correctly.

showing the same msg

showing the same msg



I got the same error - then I realized there were template hacks to be done :eek:

did the template hacks and everything works fine!


Are you sure that you are modifying the correct template?

showing the same msg

IF it was an upgrade, the old edits need to be removed and replaced with the new template edits. Maybe that's the problem?

I had the 1.0.3 installed. When I saw this 1.2.1 upgrade, I uninstalled 1.0.3, went into the template edit and saw they were not reverted, so I went ahead and edited them in accordance with the 1.2.1 instuctions, then imported the XML, and tested the register page.

I got this:

Warning: require_once([path]/includes/stb_functions.php) [function.require-once]: failed to open stream: No such file or directory in [path]/register.php(81) : eval()'d code on line 4

Fatal error: require_once() [function.require]: Failed opening required '/home/domain_name/public_html/forum/includes/stb_functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/domain_name/public_html/forum/register.php(81) : eval()'d code on line 4

In the meantime I've uninstalled the mod. Did I do something wrong? Should I have reverted the template code before importing the new XML? Thanks!

You didn't upload the functions file to the includes folder. I thought we updated the read me with that. I know I did on new install. I must have not added it to the upgrade section.

:up: Yup, working for me !! Upgraded from 1.0.3 to 1.2.1, made template updates and uploaded functions file as indicated.

Between this mod, NoSpam, and a potentially broken (?) ReCaptcha, 20+ registrations a day are now being blocked :up:. If any do make it through, I have new user moderation turned on, so they gotta past all that 1st :cool:

You didn't upload the functions file to the includes folder. I thought we updated the read me with that. I know I did on new install. I must have not added it to the upgrade section.

My bad. It was listed in the fresh install directions, and that was the route I had taken, but I had glazed over the needed upload of the functions file.

Retried and tested and all is well. Thanks again, noppid!

By the way, any chance that IP addresses can be included in the emails?

Also, in this 1.2.1 version did you add a space character after the listed email address and before the "Form Processing Time in Seconds" string? The emails in 1.0.3 would say "user@domain.comForm"

My bad. It was listed in the fresh install directions, and that was the route I had taken, but I had glazed over the needed upload of the functions file.

Retried and tested and all is well. Thanks again, noppid!

By the way, any chance that IP addresses can be included in the emails?

Also, in this 1.2.1 version did you add a space character after the listed email address and before the "Form Processing Time in Seconds" string? The emails in 1.0.3 would say "user@domain.comForm"

I got the space. Thanks, looks better.

I think we can add the IP. That shouldn't be hard. But remind me, I'm off for the weekend and I'm really burnt out on code this week. See ya soon.

Is there any way to make this script show the IP address the potential bot came from. That would allow us to be able to reconginize a common subnet and ban that entire subnet.

Thanks!

Is there any way to make this script show the IP address the potential bot came from. That would allow us to be able to reconginize a common subnet and ban that entire subnet.

Thanks!

I use the proxy checker to address this issue:

https://vborg.vbsupport.ru/showthread.php?t=131852

Spam bots almost always use a proxy IP so I use the script I linked to set to a later execution order to moderate users that registered from a known proxy IP. Every now and then I have to approve a user that must be real but I have not had a problem with bots registering for a while but I have a custom antispam setup that combines a number of scripts plus custom user fields that make my site just not worth the effort it would take to spam them.

Then, the one touch ban and cleanup takes me 1-second to remove the spammer that does try to get through. Life is getting better thanks to the great mods that have been shared here!

I am upgrading one of my sites to 3.7.x this weekend and I plan to install this on the new install as I like the move to the DB where it can not be faked.

You didn't upload the functions file to the includes folder. I thought we updated the read me with that. I know I did on new install. I must have not added it to the upgrade section.Nope you didn't, and still haven't. I just had the same problem, lol.

Installed.

Nope you didn't, and still haven't. I just had the same problem, lol.

***Forth: Upload the contents of the upload folder.
I added it to the install, not the upgrade. Sorry. :o

I just re-uploaded it fixed the right way. Thanks!

I installed this and hope it works out...I am getting sick of these bots.

Thanks heaps..
Uploaded and working...:)

my vb version is 3.6.8 .... do you have this mod for 3.6.8 ?

my vb version is 3.6.8 .... do you have this mod for 3.6.8 ?

As noted, it should run on 3.6.8 just fine.

Thank you for this - I have installed it with no problems. :) I bought my vBulletin software three weeks ago, and since then I've averaged one bot per week - and the forum hasn't even been released yet! :mad: I read on this forum somewhere today that the bots have recently got clever with capcha, so I'm pleased to see that this plugin will deny bots that complete forms too quickly. Thanks for creating a plugin that attempts to thwart them from a different angle! :D

Install was seamless, took less than 5 minutes. Very nice hack!

Does this plugin has any issue with this one?
https://vborg.vbsupport.ru/showthread.php?t=181731

As that one says I left some forms blank, while I filled all the needed information.

EDIT, just tested. It seems this plugin is having issues with the quick register for quest plugin.

The quick register hack will not have all the necessary hidden form fields to work with Stop The Registration Bots.

It's not a conflict, it's because the Stop the Registration Bots code is not added to the quick register hack. It can be done, but I won't be supporting that or coding it at this time.

XML in download file is still 1.2.0

lol

XML in download file is still 1.2.0

lol

Just the file name. The product is versioned correctly. (versioned isn't a word?)

I'll update that for the fastidious.

never mind it works now

You didn't read the install instructions. That one we know is covered and in there. Upload the functions file in the upload folder.

Suggestion: Make a log file like the vBStopForumSpam one does, so that it's easier to see the patterns of the bots.

Suggestion: Make a log file like the vBStopForumSpam one does, so that it's easier to see the patterns of the bots.

We can probably do that. Good idea.

Thanks

Many kind thanks for this great hack!

Cheers this will be greatly appreciated. I get an unbelievable amount of bots registering on my site :(

Nice work Noppid. Installed and hopefully my problems will begin to fade!

nvm i fix the error


:D thanks man , nice release


but the mod will send a pm?

nvm i fix the error


:D thanks man , nice release


but the mod will send a pm?

It sends an email if that is on.

Some have suggested we create a table and store a history. We'll see.

This doesn't work according to instructions in 3.7.4 get error missing field....

Installed.
Thanks

Great hack, Hopefully it will work well.

Thanks easy install...:D

374pl1, With this mod enabled the reg process is halting at register.php. Have disabled hack and all works again,, any clues?

The flaw now, however, is that spam is being outsourced to humans, not bots. As far as I can tell, the only thing we can do now is pay to have someone on staff to constantly delete these new accounts.

This mod is fantastic, and imo should be part of the vBulletin core.

/me clicks install

Will this work in 3.5.4?
Thanks

Noppid, I notice your info says "vB Version: 3.6.4" Will this MOD work with 3.6.4 ?

Only get a blank Page after installing and doing the Template Edit at Registration Form.

Only get a blank Page after installing and doing the Template Edit at Registration Form.

upload the file to your xml folder...

Thanks, works great. :up:

Noppid, I notice your info says "vB Version: 3.6.4" Will this MOD work with 3.6.4 ?

Sorry for the delay in posting. I've been busy making an emailer for vBulletin.

The hooks are there, but the template edits may be a bit different.

Only get a blank Page after installing and doing the Template Edit at Registration Form.

Glad that worked out. Good job.


Greg

installed.
thanksss

This is an AWESOME mod. This saves me so much time every day... Nominated!

This is an AWESOME mod. This saves me so much time every day... Nominated!

Thank you very much. When I finish my newsletter project, I'm going to send the bounces to a database instead of email and you will be able to see the list sorted by what ever info we can grab.

You will be able to develop reporting criteria that can be shared about the spam attempts.


Regards,
Greg

Have downloaded and will try it later on,

Thanks

TheArve

Great mod! Works perfectly

use for quick register ?

Installed. Works great. :up:


Thank you very much. When I finish my newsletter project, I'm going to send the bounces to a database instead of email and you will be able to see the list sorted by what ever info we can grab.

You will be able to develop reporting criteria that can be shared about the spam attempts.


Regards,
Greg

How far along are you on the newsletter project? Any details on it?

I have installed this mod but I am still getting bot registrations. Any advice on what I can do?

One mod does not stop them all :) I also have the vBStopForumSpam mod installed, and that stops A LOT of spammers.

I just want to thank you for what is possibly the best mod I have ever installed! I have a big forum (90k members and 55k unique visitors a day) and the spambots were becoming a serious issue for my moderators and me. We were averaging 500 spam posts a day in fact.

Since installing this a couple of weeks ago the spam has practically gone from the board - I believe yesterday's spam count was 3 or 4 posts...

So thank you for this - you have no idea how much I appreciate it! :)

Excellent Mod, easy install. Thank you very much!

Bookmarking this.

Fantastic Add-on ! *installed*

Installed , hope that this mod will help me to stop these bots (mostly from China & Russia).

This is a great mod, and definitely works. I want to disable the emails that it sends out though, how do I do that?

Has anyone had problems with this mod and compatibility with vB 3.8? It broke the registration process on my board (ie. an error kept popping up at registration).

UPDATE: I missed a step during installation. The problem has now been resolved.

Is there a better Hack out there without any need of Templateedits?

Thank you!! **installed**

UNinstalled. Caused problems on latest vb update. Registration page generates internal server error and the page cannot be displayed. Sorry

Installed, Thanks!!! :)

Yes, template edit is the down side, perhap the developer considers better approach to install this product in next update / release :)

Anyway, great mod! Thanks! :)

this working for 3.8?

Works great in 3.8.0.

Works great in 3.8.0.

gd gd.

installed on 3.8 easy and works like a charm..

yeah this has to be easily one of the best mods i have installed

i used to have at least 10 bots per day signing up

now i get none

and the emails stopped coming after like 2 weeks so im good with that

Installed.

I did notice a typo in the admincp options:

Enable checks for registraion bots?

Forget to cross all your Ts? lol

Any possibility to add an IP ban to the system, such as the login strikes system that gives you a number of attempts before locking you out? Just the other day I had over 38,000 :eek: attempts at creating a new account. After 5 tries, I would like to add the IP address to a 1 to 24 hour ban list. If it could update the .htaccess file that would be even better (to reduce the load on the server).

will be nice to hear new updates about your great addon ( just upgrade my forum to 3.80 and its seems something go wrong :) ) lets hope I`ll not have too much to fight with spams anymore

Any possibility to add an IP ban to the system, such as the login strikes system that gives you a number of attempts before locking you out? Just the other day I had over 38,000 :eek: attempts at creating a new account. After 5 tries, I would like to add the IP address to a 1 to 24 hour ban list. If it could update the .htaccess file that would be even better (to reduce the load on the server).

This,

Or at the very least, the option to view the IP of the user that got blocked?

The reality is that the ajax.php file simply needs to have some code put into it. I'm fine with hard-coding something.

if ($_POST['do'] == 'imagereg')
{
$vbulletin->input->clean_gpc('p', 'hash', TYPE_STR);

$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');

if ($vbulletin->options['hv_type'] == 'Image')
{
require_once(DIR . '/includes/class_humanverify.php');
$verify =& vB_HumanVerify::fetch_library($vbulletin);
$verify->delete_token($vbulletin->GPC['hash']);
$output = $verify->generate_token();
$xml->add_tag('hash', $output['hash']);
}
else
{
$xml->add_tag('error', fetch_error('humanverify_image_wronganswer'));
}
$xml->print_xml();
}

Anyone who hits this section of the file more than 5 times in a minute can go goodbye as far as I am concerned.

Installed, thanks so much!

uhh uninstalled, had 3 people sending me mail / pm registration did not work for them.
the secound i disabled the mod it worked, they could register.

It always after forum rules said, missing field.
when i tryed registering alts, worked fine, but saw it on my laptop
didnt work. so not sure how or why, but disabled.

still love the mod.

I dont think its fully 100% 3.8 compatible from what I'm seeing so far.

Seems to work ok for me on 3.8

This is a GREAT mod! Thanks!

Like other users, I would like to see the IP address of the denied registration for the same reason. If too many from a certain area/country are coming in, I can ban the whole lot.

Installed on 3.7.4 PL1 at http://forum.whatismyip.com

Brian

Can this be setup to put the user in a different group if he is suspected? I'd like to create a group for suspect registrations and not allow them to post until mod checks the account.

hopefully this helps, really annoying these bots..

Sorry I have not replied, I have not gotten a notice of posts until today.

I have upgraded to 3.8.1 and will do some tests and see if these complaints need addressing. As far as I can tell, this sill works. But we will have a look.


Can this be setup to put the user in a different group if he is suspected? I'd like to create a group for suspect registrations and not allow them to post until mod checks the account.

That's a pretty great idea. Let them in, but throw them in moderation perhaps. We can look into that.


EDIT: We just tested on 3.8.1 and had no issues. If you have issues, please give us details. Thanks

Can you add the ability for this mod to ban the IP address of the bot trying to register?

Currently installed on Vbulletin 3.6.5 and testing. I have 3 other anti-spam options which do not work, hopefully this one will do the trick.

Current Installs:
NoSpam! question during registration
Advanced Captcha image verification
Bot database

// Update //

Tested it out and I have received 23 notifications of failed registrations all under 5 seconds. This is working like a charm! I have this running with email verification and the above anti-spam items.

Thank you again! *Marked Installed*

downloaded

This is working fine on my 3.8.1 forums. Just wanted to let you know.

Greg, do you plan to add an option for the admin to received the emails or not. Many of my clients are asking for this.

Hi Peggy,

Thanks for the note. I had actually done this and forgot to post it. So, I moved the hook code to files to reduce overhead too while I had it open checking out what we could do with your suggestion.

So, I'll post 1.2.2 right now for ya'll.

Thank you!

uhh uninstalled, had 3 people sending me mail / pm registration did not work for them.
the secound i disabled the mod it worked, they could register.

It always after forum rules said, missing field.
I'm afraid that I'm in the same boat. A clients' forum did the same thing.

When it's fixed, I'll enable it again. I've contacted noppid on his forum about this issue.

I just tested on two different forums on vB 3.7.5 and 3.8.1 and cannot duplicate the problem.

Missing field is usually a template edit that is not done or done incorrectly. If someone can link me to a forum with the issue I can look for clues. But I can't fix what I can't duplicate.

Holler back.

The zip file has been replaced in case it was perhaps damaged. I tested the code on both 3.7.5 and 3.8.1 and can't duplicate a problem.

Best I can suggest to try to download again.

If the problems continue, show me and I'll see what I can do.

I'm going to enable it after uploading the files again and checking my template edits. I'll let you know what happens.

Thanks noppid

Great mod to stop registration bots

I'm going to enable it after uploading the files again and checking my template edits. I'll let you know what happens.

Thanks noppid

I checked the one forum you linked me to. The default skin does not have the STB edits. However, style ID 2 does and STB works fine.

Check that you applied the template edits to all active styles.

I did and that was indeed the problem.

Thanks noppid!

uhh uninstalled, had 3 people sending me mail / pm registration did not work for them.
the secound i disabled the mod it worked, they could register.

It always after forum rules said, missing field.
when i tryed registering alts, worked fine, but saw it on my laptop
didnt work. so not sure how or why, but disabled.

still love the mod.

just noticed this too after a couple emails to our Contact Form.

tried a test registration and got the missing field error.

i went ahead and removed the template edits, stb_functions.php, and uninstalled xml

i was using Stop the Registration Bots 1.2.1 and noticed that noppid updated to Stop the Registration Bots 1.2.2 so i upgraded to this one and it is working now.

not sure how long it was like this but might've occurred when we upgraded to vB3.8.1

all i know is it was previously working fine and when i uninstalled/removed the previous version, everything looked fine in terms of the xml, includes folder, and template edits!

wierd! lol

anyways, like i said, it is working now with v1.2.2

HTH

btw, didn't notice any email when this hack was updated?...i thought vbulletin.org sends one?

btw, didn't notice any email when this hack was updated?...i thought vbulletin.org sends one?I think the coder is supposed to send the notice?

Is there anyway for the response email to include the IP address of the bot? I'm getting about 50-70 of these a day. It would be nice to record the IP and block it.


Fantastic mod by the way. :up:

Just a side note - if you want to ensure that your forum is 100% bot free, make sure you moderate registrations. I still have some that sneak through.

I have a number of fields to fill out when registering (hobbies, favorite movies, etc.) it's going to take at least a minute to fill out the registration form, so I have the minimum time set to 25 seconds. I have about a bot a day filling out the form longer than this, thus ending up in the moderated queue. Just a heads up.

Is there anyway for the response email to include the IP address of the bot? I'm getting about 50-70 of these a day. It would be nice to record the IP and block it.


Fantastic mod by the way. :up:

Could anyone show me how to add the IP address of the bot in the response email??

Thanks!

I am new to this and I am already experiencing bots. Excuse the Newbie questions...

Does this work in the newest version of vbulletin 3.8?

The includes folder that is in this download.......Where do I upload it to since I already have an includes folder in my site from vbulletin?

Thanks

I had installed this, but Im running vb 3.8.1, and I found that it doesn't allow registrations at all..
Would this mod be made for 3.8.x vbulletin by any chance?
I really hope so because the spam registrations are out of control.

***Forth: Upload the contents of the upload folder.


***Fifth: In the vBulletin Admin Control Panel Product Manager Add/Import the attached product xml file.


***Sixth
In the ACP under vBulletin options, set up the options under
"Stop the Registration Bots Options". Make all random fields unique to your site.


That's it. Your registration process is highly modified and fast submissions and direct
submissions will be denied registration.

Good luck!

Above is the portion of the installation text file, where I am stuck? Where do I upload the contents of the upload folder, specifically? And the contents in the upload folder are in another folder called "includes". Do I want to copy it, the folder with everything in it, or go down further to the seperate files? Again, where do I copy it for the next step?

Then it says to go to vBulletin Admin Control Panel Product Manager Add/Import. I do not find that on the menu? What am I missing?

And step six really confuses me? I did the first three steps and saved it so, if I could get the rest, "Help" The bots are killing me!

Jerry in KC

Jdwyer@ptsnetwork.com

After finishing this mod, I tried the registration to make sure it would work for a normal human and I got this as soon I clicked on registration:
---------------------------------------------------------
Warning: require_once([path]/includes/stb_functions.php) [function.require-once]: failed to open stream: No such file or directory in [path]/register.php(81) : eval()'d code on line 4

Fatal error: require_once() [function.require]: Failed opening required '/home/pts123/public_html/k0gq.com/forums/includes/stb_functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/pts123/public_html/k0gq.com/forums/register.php(81) : eval()'d code on line 4
---------------------------------------------------------
I thought I did the template edits very carefully. Can anyone see what this error is telling me, ahhh?

Jerry in KC

Greetings....

Operational question...

I was using IsBot ver 1.0 that more or less did a time check. I had A LOT of mails coming in about BOT's that were stopped.

I just installed this version onto 3.7.X Vb on two different sites. The thing is...No more notices have been sent. (Yes, I have the setting to send the mail.)

So, the question is, what needs to take place for the e-mail to be sent? I see this new version has a count down before a registration button can be clicked so I am guessing this might have something to do with it??? Heck I even went as far as turning off the human verification check to see if I then would be flooded with notices. But nothing when I was getting a number of isBot notices.

Can you please advise one

1) What needs to take place for the e-mail to be sent?
2) Any way to test it?
3) Anyway to verify any of this is working?

As mentioned, the older one that just checked amount of time that had past was sending out notices.

Thanks you.

On sites... http://www.avsforum.com & http://www.dbstalk.com

Regards,

In thinking about the issue above, as I have yet to receive one notice of attempt, does the count down before they can click "register" kind of defeat the purpose of the timing between the page submission? As such, does an e-mail ever get sent then as the time has always gone past the value set before they can submit? I mean, all the bot's need to do is now set a timer or something. (for this time they know the site is using this method of checking.) They can see the setting after all in the page...

countdown = 15;
actualcountdown = 15;

Anyone, any thoughts as the author has not been on the site from the beginning of February.

Please advise.

Thank you.

Well I just installed this and if it works you are a life saver. I just pruned out 1000 damn spam bots.

Still no answer on the above two posts.

This hack DOES has an issue with the hidden fields as we do have people saying a required field is missing when they go from the agreement page. It is NOT all the time and seems to only be with IE 8 users.

I have gone back to the standard timer one IsBot at this point.

David, you may want to try on his site, as this really is an excellent mod.
Here's the url - http://www.cpurigs.com/forums/index.php

Scroll down to the vBulletin Hacks and Template Mod Releases.

This is an excellent mod... since installation, approximately 20 bots per day have been denied. And that's 20 or so spam threads my mods don't have to deal with. :) So, many thanks!!!

Glad to hear it's working out for ya'll. :)

I had a problem with this install on a previous website of mine, but since I'm taking it down and re-installing everything. I will try try again . . . slowly!

<font size="3">Will this mod work with version 3.8.2 ?</font>

Will this mod work with version 3.8.2 ?

I do not know yet. Perhaps someone else can confirm that or shoot it down.

Sorry but it didn't work for me .
I get a blank page at rules page ..

Why ?

I have it working on a 3.8.2 board without any problems.

I have it working on a 3.8.2 board without any problems.

doesnt work, it have stop registration for everyone.. :S

This plug-in has stopped all the spambots now for a few weeks. Amazing stuff. I almost don't want to tell too many people about it as they bots will get around once this catches on. Great plug-in, thanks.

Running 3.7.2

Tried to test registration...I got this.

Warning: require_once([path]/includes/stb_functions.php) [function.require-once]: failed to open stream: No such file or directory in [path]/register.php(81) : eval()'d code on line 4

Fatal error: require_once() [function.require]: Failed opening required '/home/forumcom/public_html/includes/stb_functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumcom/public_html/register.php(81) : eval()'d code on line 4

Running 3.7.2

Tried to test registration...I got this.

Warning: require_once([path]/includes/stb_functions.php) [function.require-once]: failed to open stream: No such file or directory in [path]/register.php(81) : eval()'d code on line 4

Fatal error: require_once() [function.require]: Failed opening required '/home/forumcom/public_html/includes/stb_functions.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/forumcom/public_html/register.php(81) : eval()'d code on line 4

Upload ALL the files ;)

I did upload all the files. Just to be sure, these are to be transferred into the upload folder in the root directory...that's where I have them.

wait a sec...Jeez...

The files go in the forum root folder. ;)

The files go in the forum root folder. ;)

Yep...got it running. Thanks.

Yep...got it running. Thanks.

Yeap! they never go in a "Upload" folder :p but we all have to learn or slap ourselves in the back of the head sometimes even if we knew :D

I LOVE this mod ;)

I have not had ONE bot since I installed on my new 3.8 site however the site is not completely public YET.

On a 3.7 gaming site it was not working properly so I had to uninstall.
On a 3.6 similar site it had worked fine since day one, I had two bots bypass about 2 weeks later however on that site I had forgotten to change the hidden values in admincp so they might have caught on to those from somewhere else I presume, after the change none so far.

Very nice but the 3.7 board was very weird, I will have to check thier mods to see if another was simply conflicting as they had already installed 2 other anti-bot style mods.

S-MAN

Someone else report an issue with multiple bot stopping hacks installed too. I have no idea which one is the conflict or what it may be however. Too much to install, look at, and debug.

Thanks for the heads up. :)

Just installed this, looking forward to seeing it in action. :D