Wow, installed fast and appears to work perfectly (and works alongside captcha image verification).

Loving it - I'll give it a few more days, then maybe I can actually stop moderating all new members! Yahoo!

Why do you use both? Has captcha image verification ever stopped a spam bot?

just to add a comment about 3.7 , I have disabled NoSpam to check if the vbuletin human verification builtin is enough and for now, 4 days open and not a spam bot so I think in 3.7 "NoSpam" addon will be useless

How does "vbuletin human verification" work? Is it as friendly (simple) to users as this mod? Captcha is a horrible thing as far as user-friendliness is concerned, hope that is not something similar to captcha.

it works exactly like this mod, you can setup any number of question and answers and I can see with the "Track guest addon" spambots attempts to register but they do not pass the verification:)

Hmmm.... Why was captcha created in the first place?

I have an identical mod installed on several phpBB installations and it reduced the spambot registrations to zero. I am SO glad to finally find it for vBulletin. Thank you.

Installation could not have been easier.

I've been using this hack now for a while and I must say this is by far one of, if not the best hack I've ever installed.

Prior to using it, I was getting anywhere from 10 - 30 spam bots registering on my forum a day, and around 15 or so spam posts per day. After installing this hack its been reduced to around 1 spam post per day, some times none.

At first the results were minimul (My recomendation - DO NOT use a mathmatical question). My question was "What is 10 + 10". The spam bots go by that no problem. When I changed my questions to "What Company makes the PlayStation 3?" the Spam bots stopped registering almost immediatly. Now the spam posts are all done manualy by kids trying to advertise their own forums, and I'll take that spam any day over porn and pharmacuticals.

Great job!

I think some people don't fully understand how to keep bots out and let real people register or post. I have no idea what company makes Playstations. I know it's a game, but beyond that, it's obviously something that would keep me and many others from being able to participate on your forums and maybe learning more about a technology and product I might want to use.

I have a flooring forum. TheFloorPro.com. My question is an easy one that has reduced my spammers to zero and my registrations easy. The question? "What is this site about, Floors, or Ceilings?" Not only that, but you can misspell floors from here to the end of the ether and still get it right (okay, that might be an exaggeration, but you can make all the common misspellings of floors).

But you're right, this is one great modification. Prob'ly the best and most trouble free mods I have. Thanks to the author.

Jim

I'm fully aware of how to let the real people in, and like your question, if you have stubled upon my site you know who makes the PlayStation 3 - its Sony.... I get what your saying and have to admit, I think I'll be changing my question to something similar to yours. Its idiot proof as it is, but doing what you have done makes it hillbilly proof.

Of course never use mathematical question they are too easy to be broke, I'm using the human verification system builtin vbulletin 3.7 with 5 questions without any other verification like image or nospam and for now 0 bots registered with theses questions:

• What are the 4 last letters of the word 'Security' ?
• Finish DeNiro's famous phrase in Taxi 'Are you talking to...'
• What's a poc ? An explo...
• G.Bush is president of the US...
• The #1 search engines around the world is Goo...

This stopped 100% bots.

Edit: Post removed.

Oh bravo, never mind actually reporting it *quietly*, just alert every script kiddy that comes here that there may be something to hack. Geez! :rolleyes:

What about the few real hackers there is outta there who found that bug and exploited it so far before it has been found ? Thanks for the info ZomgStuff

You aren't doing any of us a bit of good by telling us about this exploit. You are allowing hackers with nothing better to do than to screw up our sites that they have a new project now. The best way to report an exploit is to report it to the developer. That has ALWAYS been the preferred method and probably always will be.

Jim

I deleted my post, but I just wanted to let you guys know that someone is possible, so you don't have a false sense of security an then bam.

This can be a rather simple fix, and the best part is that you could fix it with a number of different ways.

Welcome to the Full-Disclosure world. you didn't have to remove your post... Now you can wait 3month for a new patch... I have been alerting about a zoints tag bug recently and it has been patched the same day... Now do not expect that.

If it takes more than a week I'll just edit the mod for myself I'll gladly tell someone what to edit to fix it.

Thank you for the nice mod.

In your main post, you make no mention of the integration file. I downloaded and opened it on the off chance that I might need it, but I am still unsure whether I do or not. Should the template mods be applied only if the product doesn't install properly?

Why don't you follow proper procedures and report the found vulnerability so staff can handle it?

I already did before I made the post.

Sorry about all the drama. :o

All one would have to do is quickly Google Playstation 3 to find out who makes it. The idea of these questions is to make it impossible for a bot to guess. But even a question you don't have immediate knowledge of is still suitable if the question is easily sought out. If a person is getting into computer games for the first time, this is one of the first things he would come across. Not to mention, a page refresh and you'd get a new question.

Don't make people jump through hoops to use your site. Security is one thing, requiring anyone to first search Google to find the answer to your security question will only cause people to leave.

It has been proven over and over that it doesn't take a difficult question to thwart bots. Just "keep it simple stupid." It's the site owner/manager that should be doing the work (staying on top of the security game), not the user you want to visit your site. Make it too simple for them and too hard for the bots. It ain't a difficult concept. It's an ego that always seems to get in the way of simplicity. Most folks already know you have smarts - you had enough to develop the site. Don't rub it in with inane questions.

Maybe on your site. I only need one question. I want members to join my site. If I don't make it easy enough for them, they'll join another site. It seems to work for me. I have ZERO spam registrations - I never have had to kill one since installing this hack.

Jim

hi guys,

i got 1 spam using this anti machine.... maybe they hack this mod...

I'd hardly call it a hoop jump. If people coming to my site are interested in learning more about the site's subject, then how is directing them to one of the very basics of the subject a deterrent? If you've come to my site to learn more about Video Games, but looking up an easy to find answer makes you leave, then I can't imagine you were all that interested in learning in the first place. I once visited a boat site where the nospam question was in relation to motors and sizes. I didn't have a clue what that was, but I really needed to get registered. I Googled the question, found it and got in. And it was a much harder question then who makes PlayStation.

Your still under the presumption that this is a difficult question. If your into video games even in the most marginal sense, you already know the answer. If your not even remotely interested in Video Games, then its highly unlikely that you would be trying to join such a forum for legitimate purposes. Even a casual gamer already knows the answer to that question. Sony is kind of a well know company.

Well, that kind of defeats the purpose of the mod. I'm sure on a more conservative forum, only one is needed (for now). Certain sites are more heavily targeted by such bots, and single question can eventually be worked around.

I have a specialty forum, devoted to TCG gaming. I don't really need it to be that easy, in that I only need one question. Besides, what color is the sky, what color is a banana and Darth Vader is from _____ Wars aren't exactly brain teasers for the crowd we draw.

Your also under the, very common, impression that most vB.com members seem to be under, in that all of us are looking to draw each-and-every single member we can get our grubby little hands on. And that's simply not true. A good portion of us would rather have a conservative, active membership of people who at least have basic intelligence to look up who Darth Vader is, then a million page memberlist of users who register and never return. It's a matter of necessity. That's why the mod was created to support multiple questions. One question wouldn't do much for forums that are hit by 30+ spam bots on a daily basis.

There isn't a form of spam protection that's 100% fool proof. A real person can very easily register an account for his bot to post in, or he can post the stuff himself.

DJ, you go boy. Do what you want. I don't feel like arguing with pomposity. What a waste of quotes. :p

Pomposity? Who was arguing? I was making my point. You suggested that a question was too hard and that more then one was too many. I was pointing out that both depend on your forum's needs. Nothing more. Nothing less.

Installed it on my forums, and two days straight no spammers signed up. great!
I do have one question though, if I have "Multiple registrations per user" enabled, and if a user tried to sign up, he still gets the "No Spam! question hasn't been answered correctly" eventhough there was no NoSpam! question displayed in the first place. i gather i have to edit the template, but I'm not certain which one and what code to add and where.

Hopefully this will put an end to all the spam registrations that I get, I must get over 20 spam registrations per day and it was really starting to p*** me off!

Lets hope this stops it..

Thanks

Hi,

this is a very helpful add-on. In the last weeks we got so many spam registrations that managing them became really annoying and time consuming. Since we installed your tool, that`s over and only human-created registrations come through.

thank you - all the best,
Sacha

Thank you for creating / sharing this.

Can the answers include space, such as
What movie was Hans Solo in...:Star Wars?

edit: Yes they can

This is really a creative, and more personal, way of eliminating spam.
It also allows you to ask questions that are relevant to your forum. It's nice to make online be as 'human' as possible.

thanks

I have a bunch of spaces in my answers. Haven't had a problem yet.

I'll certainly be installing this on our new site, as soon as several problems have been corrected. Thanks for taking the time to post this here.

This work with vB 3.7 BETA 4? If not, will you be releasing one for 3.7?

Regards Jason :)

Thanks for mentioning. Right, the error was that I forgot to include a
in one of the answers

I'll edit my post, thanks

Very easy install. Thanks for sharing.

Giving this a go as I get shed loads of spammers.

Many thanks.

questions i installed this and get this in the Questions and answers for NoSpam, i see that at the bottom. my question is please type "1985" into the following box:1985:
"Error:
You did not enter a valid value for this setting.

it seems to work but was wondering what this was

You probably shouldn't put a colon at the end of your answer. I believe that is for separating your answers only, not as a closing tag.

yep that seems to do it