Hello to all,

I think that most of you, have the same problem with me. Huge amount of spam posts in my site. I have tried any possible way to fight spam, but except the post moderation (which is a time waster), nothing was working.

A few days ago, an idea came to my mind, a simple way to do it, which finally seems to work fine, as I've 0 (zero) spam since that day. Even if the idea is simple, it's needs some knowledge to follow it, so try it in your own risk.

What you've to do (follow the steps one by one):

Turn your site off
Rename the file register.php to anything you like. eg I've renamed it to microrgister.php
Do a Search and Replace for the string register.php (case sensitive) with the name of the new file (don't forget the .php extention), in the files:
The file that you've just renamed (eg in my case microregister.php)
functions_online.php at /includes
md5_sums_vbulletin.php at /includes
email.php at /admincp
user.php at /admincp
Upload these files to your site
Login to your AdminCP
Goto Styles & Templates -> Search in Templates -> Find & Replace
Search for register.php ..... Replace with the new filename (don't forget the extention .php). Set "Test Replacement Only" to NO
Here you've to click many times "Continue", but actually the changes are in a few only templates (You'll see them marked in red).
Now goto Languages & Phrases -> Search in Phrases and search for register.php setting Case-sensitive to YES
As I remember it's about 6-8 phrases to change. 3 of them (email phrases) have more than one (4) replacements.
That's all:)As a final step, if you want to have some fun, write a file register.php with a redirection to anywhere you like and then upload it to your site. A sample code for this file is:

<?php
header("location:http://www.spammers.com");
?>


I repeat, that, if you're not familiar with such change don't even think to try it. A disadvantage is that Jelsoft releases very often new versions, so (as I believe) you've to repeate it in the future.

Maria

That's a really good idea. Vbulletin should just put an option in admincp to change it to whatever you like! Would stop a lot of bots/spammers I would imagine.

I agree, that's great, thanks for the tip. Should spamming become an issue, I'll be sure to use this.

I agree, that's great, thanks for the tip. Should spamming become an issue, I'll be sure to use this.

Thank you both of you. I post a suggestion to vbulletin.com to add an option like the one that they had at 3.x. version with the name of forumindex file. If they place the filename in variable, you can change the name very often, so your site should be totally secure from spammers.

Even since the time of my post, I had none spam registration or post.

Maria

# Goto Styles & Templates -> Search in Templates -> Find & Replace
Why not just use a Replacement Variable?

Why not just use a Replacement Variable?

Why do you think that I know to use all vb features? ...lol..lol... By coding for vB in no way means that I'm familiar with the use of the whole system. As coder, I follown the well known to me search and replace:D

Maria

Hi Everybody

MicroHellas, I am having a very similar problem to yours, and I have ONLY HALF SOLVED IT.

I have just purchased a VB4 Publishing Suite, and I haven't yet listed the forum's URL on Google or Yahoo, and already I have become a target for SPAMMERS AND PROFESSIONAL TIMEWASTERS, almost invariably with FAKE or INEXISTENT e-mail accounts or with e-mail accounts linked to Russian porn sites and almost invariably registering with weird or outright offensive names like SexPervert, TedBundyForever, LongLiveJeffreyDahmer, etc and then posting rubbish.

Upon advice from the VB customer service I have made the forum MODERATED in order to stop spammers and idiots from joining the forum.
However the other half of the problem which is still unsolved is the fact that I DON'T WANT the statistics to show the names of members who are still in the moderation queue and have not been approved yet by myself or another moderator.

Of course I have no desire to see my forum become a den for freaks or weirdoes, therefore, again, I don' t want anyone's name to appear on these Statistics until they have been fully approved.

Therefore can anyone please tell me, if at all possible, how to solve this
problem?

Kind regards

italcro

This sounds like the best idea I've seen yet for dealing with automated spammers. Here is some documentation on Replacement variables (http://www.vbulletin.com/docs/search?q=use+replacement+variable) from vBulletin.

This approach should limit automated spammers better than anything I've seen. Part of the problem is the simplicity of google searches for sites with vbulletin files and the register.php file.

Admin CP>Styles & Templates>Replacement Variable Manager> [Add New Replacement Variable]

Then you just have to rename register.php to your replacement variable to implement this simple spam blocker

Hi Everybody

MicroHellas, I am having a very similar problem to yours, and I have ONLY HALF SOLVED IT.

I have just purchased a VB4 Publishing Suite, and I haven't yet listed the forum's URL on Google or Yahoo, and already I have become a target for SPAMMERS AND PROFESSIONAL TIMEWASTERS, almost invariably with FAKE or INEXISTENT e-mail accounts or with e-mail accounts linked to Russian porn sites and almost invariably registering with weird or outright offensive names like SexPervert, TedBundyForever, LongLiveJeffreyDahmer, etc and then posting rubbish.

Upon advice from the VB customer service I have made the forum MODERATED in order to stop spammers and idiots from joining the forum.
However the other half of the problem which is still unsolved is the fact that I DON'T WANT the statistics to show the names of members who are still in the moderation queue and have not been approved yet by myself or another moderator.

Of course I have no desire to see my forum become a den for freaks or weirdoes, therefore, again, I don' t want anyone's name to appear on these Statistics until they have been fully approved.

Therefore can anyone please tell me, if at all possible, how to solve this
problem?

Kind regards

italcro

Wow.. I feel for you.

I gave the Human Verification Manager a shot and is working really nice for me, I choose the Questions and Answer way and although simple questions I don't think no robot can answer them.... yet. ;)

Good luck.

What I know is, that is 17 days now that I've activated this trick and I've 0 (zero) spamm registrations, while only in 5 days since the time that I've installed the Gold release I had 248!! At that time I was moderating new registrations but it was a time waster.

Maria

I implemented this approach early this morning using the replacement variable manager. I also added a redirect for bots that automatically assume register.php.
I'd like to see this listed so it could be in the running for the Mod of the Month. After spending too many hours dealing with spam, I'd vote for it.

A redirect to Justice Department Cyber Crime (http://www.justice.gov/criminal/cybercrime/) looks like another place that might be effective to deter spammers.

Wow.. I feel for you.
I gave the Human Verification Manager a shot and is working really nice for me, I choose the Questions and Answer way and although simple questions I don't think no robot can answer them.... yet. ;)
Good luck.

Hi Barcena
Sorry, what do you mean by Human Verification Manager?
Can you please elaborate?

Also, now I am starting to have a doubt.
it seems to me that spammers are those who "abuse electronic messaging systems to send unsolicited bulk messages indiscriminately".

Someone who registers with multiple identities to a forum with obscene or offensive
names, possibly with e-mail addresses coming from porn websites (such as, say, ivan@porn.ru) and just posts profanities, I am not sure if that can be defined as SPAM.

What does everyone thinks here?

Kind regards

Italcro

Here's something I'm trying - if you have access to your .htaccess, and mod_rewrite is enabled:

Completely forbid access to your /register.php unless the referrer is coming from your own site (that is, the user clicked the 'Register' link on your site). This prevents bots from directly accessing /register.php.

Just replace "domain\.tld" with your own domain.

EDIT: I've fixed the rewrite code so activations now work.


RewriteEngine On
RewriteCond %{QUERY_STRING} !^a=act&u=(.*) [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ - [F]


Or, if you're inclined, create a sticky locked thread where you rant on a bit at bots, and redirect them to that instead, or use the topic to explain to people that they need to use the register link on the main site instead of accessing /register.php directly.


RewriteEngine On
RewriteCond %{QUERY_STRING} !^a=act&u=(.*) [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ http://www.domain.tld/showthread.php?t=12345 [R,L]


I've only just done this on my site (using the latter option), so I'll see how the spambot registrations go from now on.

This method is probably less painful than renaming register.php. Not sure if it's as effective though.

Here's something I'm trying - if you have access to your .htaccess, and mod_rewrite is enabled:

Completely forbid access to your /register.php unless the referrer is coming from your own site (that is, the user clicked the 'Register' link on your site). This prevents bots from directly accessing /register.php.

Just replace "domain\.tld" with your own domain.


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ - [F]


Or, if you're inclined, create a sticky locked thread where you rant on a bit at bots, and redirect them to that instead, or use the topic to explain to people that they need to use the register link on the main site instead of accessing /register.php directly.


RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ http://www.domain.tld/showthread.php?t=12345 [R,L]


I've only just done this on my site (using the latter option), so I'll see how the spambot registrations go from now on.

This method is probably less painful than renaming register.php. Not sure if it's as effective though.


Couldn't this also stifle legitmate registrations. Say if a forum member links directly to the register page, or if you run a promotion with a "Register here" link in them?

I implemented this approach early this morning using the replacement variable manager. I also added a redirect for bots that automatically assume register.php.
I'd like to see this listed so it could be in the running for the Mod of the Month. After spending too many hours dealing with spam, I'd vote for it.

A redirect to Justice Department Cyber Crime (http://www.justice.gov/criminal/cybercrime/) looks like another place that might be effective to deter spammers.

could you do a guide how to do it via the replacement variable manager? sounds like a great little mod, as we are also sick of these robots.

Couldn't this also stifle legitmate registrations. Say if a forum member links directly to the register page, or if you run a promotion with a "Register here" link in them?

Potentially. That's why the second method is probably better because you get a chance to explain what is going on.

While I don't put myself out to be an expert with vBulletin using the Replacement Variable isn't hard. And there is a delete option once you do it so it is reversible.
AdminCP => Styles and Templates => Replacement Variable Manager
then you should see Default Style [Add New Replacement Variable] in the right side of the page.
I replaced register.php with registerXXXXX.php and it changed register.php for all of the templates, so no matter which template a bot accesses a bogus register.php would be accessed, more on that later.

This worked fine for me. But, there's always a but in the room, that only took care of the templates where register.php was a variable. Then I had to search the templates for register.php and replace them with my new file name. Not all instances of register.php are variables.

The only problem I've found so far is that when I tried to send an activation code through the AdminCP, I got redirected to my new register.php page by the script. I searched the forum admin files for register.php and found the culprit in the user.php file in the admin folder.

I'm sure there is going to be at one more problem but I'll fix it when I find it. By the way I found a ../register reference in that same user.php file and guessed, without looking at it, that it should be changed as well, but since it's in the admin side of things it's probably only going to affect the admin, me.

user.php line 334
print_form_header('../register', 'emailcode', 0, 0);
construct_hidden_code('email', $user['email']);
print_submit_row($vbphrase['email_activation_codes'], 0);


Here are other occurences of register.php that I changed

In the new registerXXXX.php file

line 543
$vbulletin->url = iif(strpos($vbulletin->url, 'registerXXXX.php') !== false, $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'], $vbulletin->url);


and line 1136
'registerXXXX.php?' . $vbulletin->session->vars['sessionurl'] . 'a=ver' => $vbphrase['activate_your_account'],


admincp/email.php line 202
$activate['link'] = $vbulletin->options['bburl'] . "/registerXXXX.php?a=act&u=$userid&i=$activate[activationid]";


includes/functions_online.php line 1732
case 'registerXXXX.php':


includes/md5_sums_vbulletin.php line 47
case 'registerXXXX.php':


I also edited my robots.txt file but that wasn't doing any good anyway because these bots don't read that file anyway

I copied my old register.php file and made a register.php_bu for the archives and made a new register.php file

<?php
header("location:http://www.justice.gov/criminal/cybercrime/");
?>


I'm only on my second day and so far haven't seen ANY spam registrations. This is a lot easier, for me, than the other spam stoppers I've seen and I'm going to go with it. Even with only doing the replacement variable and renaming the file I continued to get registrations so it didn't shut down my site. I made the rest of the edits tonight.

The good news is that I haven't seen legit registrations drop off and there is no way for a legit user to accidentally be blocked by an ip block which has happened to me in the past from parts of the world that have spammers and legit registrations.

Disclaimer- I fully expect someone with more knowledge than me to tell me I'm full of crap and I will salute you for showing us something I overlooked. If you accept that the register.php file name is the weak link in the battle against spammers, this tightens things up without loosing functionality and makes a forum harder to spam than the next one which is about all we can hope for.

Hi Barcena
Sorry, what do you mean by Human Verification Manager?
Can you please elaborate?

Also, now I am starting to have a doubt.
it seems to me that spammers are those who "abuse electronic messaging systems to send unsolicited bulk messages indiscriminately".

Someone who registers with multiple identities to a forum with obscene or offensive
names, possibly with e-mail addresses coming from porn websites (such as, say, ivan@porn.ru) and just posts profanities, I am not sure if that can be defined as SPAM.

What does everyone thinks here?

Kind regards

Italcro

I consider spam anyone who register on my site with other intention than to legitimate participate of the site, I have no mercy with those.

You will find the Human Verification Manager at your left, on the Admin CP. Settings==>Human Verification Manager=>Question and Answer verification. You should write your own answers and questions. The ReCaptcha is really good also, keeps spammers out at least on my site while you help to write a digital book.

Cheers.

You will find the Human Verification Manager at your left, on the Admin CP. Settings==>Human Verification Manager=>Question and Answer verification.

Cheers.

Human Verification can be found at
Admin CP => vBulletin Options => Human Verification Manager

Human Verification can be found at
Admin CP => vBulletin Options => Human Verification Manager

--------------- Added 15 Jan 2010 at 20:54 ---------------

I just identified a problem with the new registration activations. The email that is sent doesn't show the link as registerXXXX.php as desired if you follow the instructions above.

If you follown my steps, everything works fine. There are some email templates which need modification, and as I remember all of them have 4 instances to replace.

In my opinion don't trust so much the variable replacement, as still exist so many bugs in vb4.

Maria

Thanks I'm definitely going to try it again tonight. This makes so much more sense than the other approaches.

I didn't do all of the replacements in the phase and language manager.

--------------- Added 1263604427 at 1263604427 ---------------

I just completed this and followed your instructions, including catching all of the phrases and language edits and it's working fine. I've added a small script on my register.php page to record ip addresses of those who try to register through that page to see if I miss anything that looks legit.

Here's something I'm trying - if you have access to your .htaccess, and mod_rewrite is enabled:

Completely forbid access to your /register.php unless the referrer is coming from your own site (that is, the user clicked the 'Register' link on your site). This prevents bots from directly accessing /register.php.


Drat. I've come up with an issue with this approach - it prevents people from activating their accounts.

I'll have a fix for it soon. Just need to somehow exclude the activation link from the redirection... I'm just having trouble with it at the moment.

Thanks I'm definitely going to try it again tonight. This makes so much more sense than the other approaches.

I didn't do all of the replacements in the phase and language manager.

--------------- Added 16 Jan 2010 at 03:13 ---------------

I just completed this and followed your instructions, including catching all of the phrases and language edits and it's working fine. I've added a small script on my register.php page to record ip addresses of those who try to register through that page to see if I miss anything that looks legit.

Yes, works fine. Now I can definetelly say it. But somehow I missed the spamm registrations ...lol... My site has just 47 members... Less than the mods that I've post here 3 years now:D

lovely,

Should make a suggestion on Vbulletin.com about adding funktion to config.php
to rename register.php to your likeings..

just like we renamed admincp and modcp folders..

Fixed! People can now successfully activate their accounts from the link mailed to them.

The corrected code is below. Essentially it's fixed by adding the following rewrite condition to the TOP of the ruleset:


RewriteCond %{QUERY_STRING} !^a=act&u=(.*) [NC]



Just replace "domain\.tld" with your own domain.

EDIT: I've fixed the rewrite code so activations now work.


RewriteEngine On
RewriteCond %{QUERY_STRING} !^a=act&u=(.*) [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ - [F]


Or, if you're inclined, create a sticky locked thread where you rant on a bit at bots, and redirect them to that instead, or use the topic to explain to people that they need to use the register link on the main site instead of accessing /register.php directly.


RewriteEngine On
RewriteCond %{QUERY_STRING} !^a=act&u=(.*) [NC]
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.tld/ [NC]
RewriteRule register.php$ http://www.domain.tld/showthread.php?t=12345 [R,L]



For what it's worth, this seems to have reduced quite a lot of bot registrations.

I think this is a great idea as it does cut down on general automated scripts that look for register.php however, I also suggest using something like the StopForumSpam plug in to deal with some of the other spammers or those that figure out that you changed the name of the page.

As far as questions/answers there are those that will go to the trouble of figuring out all of your Q&A and put them into the script to deal with.

Multiple levels of defense are all good, as long as it doesn't compromise the registration of legitimate users.

I hope that 4.1 (or maybe 4.0.3) will get the option to change the register.php name.

StopForumSpam for 4.x: https://vborg.vbsupport.ru/showthread.php?t=230921

does anyone know how to create a redirect using php

i want it to redirect to a dfferent site within 5 seconds is this possible

what about changing also the way create new thread and post work ?
that would stop Auto Posting Apps.

example:

newreply.php
newthread.php

to

newcomment.php
newtopic.php

What happens at upgrade time?

What happens at upgrade time?

Still haven't upgrade, as I haven't time. Most probably I'll go directly to 4.0.2, but for sure I need to do the same work. In any case is better to do some extra work, than to moderate registrations. I had NOT EVEN A SINGLE spamm registration, since the time that I used this method.

Maria

I'm still getting a few spam registrations but they have definitely slowed way down.

To see what I'm missing, I wrote this to take a look occasionally, while I sip a beer in my new free time.

I used http://www.maxmind.com/app/csv to help determine the countries from the ip addresses


added spamlog table with fields id_spamlog, ip, viewdate, num_spam
added geoip_data table with fields country_full, ip32_start, ip32_end
http://www.maxmind.com/app/csv


https://vborg.vbsupport.ru/external/2010/02/97.jpg

<?php
session_start();
include '/admin/config.php'; // connect to database

foreach ($_POST as $key => $value) { $$key = $value; }
?>
<table><tr><td colspan="4">
<form action="" method="post" name="theform" >

Find the last <input type="text" name="lastspam" value=" ">
<input type="submit" name="action" value="bots">

</form></td></tr>
<?php

if(isset($lastspam)){


$sql = "SELECT id_spamlog
FROM spamlog
ORDER by id_spamlog DESC LIMIT 1";
$result = mysql_query($sql)
or die(mysql_error());

list($num) = mysql_fetch_row($result);
// echo "num $num";

$id =($num - $lastspam);

while($num > $id) {
$sql = "SELECT id_spamlog, ip, viewdate, num_spam
FROM spamlog
WHERE id_spamlog = '$num' ";
$result = mysql_query($sql)
or die(mysql_error());

list($id_spamlog, $ip, $viewdate, $num_spam) = mysql_fetch_row($result);

if(!empty($id_spamlog)){
echo "<tr><td> id </td><td></td><td>ip </td><td>Country</td><td>Date</td><td></td> <td>Attempts</td></tr>";

/*<td>ip32_start / ip_spam / ip32_end</td> */

//break ip address into four section
// 404232216 = 16777216*24 + 65536*24 + 256*24 + 24

$ip32 = explode(".", $ip);

$ip32_spam = (16777216*$ip32[0] + 65536*$ip32[1] + 256*$ip32[2] + $ip32[3]);

// echo "16777216*$ip32[0] + 65536*$ip32[1] + 256*$ip32[2] + $ip32[3]<br>";
// echo "ipspam - $ip32_spam<br> ";

$ip32_spam = str_replace(' ', '', $ip32_spam);

$ip32_spam = abs($ip32_spam);

$sql = "SELECT country_full, ip32_start, ip32_end
FROM geoip_data
WHERE '$ip32_spam' between ABS(ip32_start) AND ABS(ip32_end) ";
$result = mysql_query($sql)
or die(mysql_error());

list($country, $ip32_start, $ip32_end) = mysql_fetch_row($result);


echo "<tr><td> $id_spamlog</td><td width=\"10\"></td><td>$ip </td><td>$country</td><td>$viewdate</td><td width=\"20\"><td>$num_spam</td> </tr>
<tr><td height = \"20\"></td></tr>";
}
$num--;
}
echo "</table>";
}
?>

Further down in this spam log some bots try as many as 8 times a day.
Yesterday there were 78 different ip addresses trying to register.

Shoot...

Even more easy is to ask questions at the registration time...

Like my site is a Dodge Cummins support site. So I ask question about the the Cummins engine at registration time. Like how may cylinder does a Cummins have etc. If you a true Cummins fan you would know this simple answer is 6 (six)... But the bots have never made it in the door yet...

So really you don't need to go out on a limb codeing use the tools you already got...

But to the OP I love the idea of sending the bot to another site... :D Neat trick but just a bit to much moding for me... I'm not really wanting to chop up the code...

... Even more easy is to ask questions at the registration time...


I'm with you - I was deleting a few new registrations a day until I added a question/answer. Mine is a simple what is 12-2 question, which stopped them cold.

thisgeek, i like your way very mucho. Very clever as I don't have to worry about any upgrades.

I would like to go one step further and incorporate dtv100's idea and do the same for new threads and replies, can you give me a clue to the .htaccess code.

many thanks

tristan

Maria, thanks very much for sharing. I was searching how to do this exact thing last night when I found this thread. I implemented it this morning. Oh boy, what a boring day I've had ever since, not a single spam registration to deal with. :-)

P.S. I've implemented your mod on my vB 3.8.x.

Guys, i change register.php everywhere. but look https://vborg.vbsupport.ru/external/2013/07/33.png
when i click register on main page, nothing change. when i click a have blank screen.