My thoughts exactly.
I dont use any captcha or special questions.
I rely on other methods entirely. This mod being one of those methods.
I think the reg form should be as simple as possible.
I hate filling them out when i register anywhere so figure less is more.
I have not had a single bot get through in months.
Spam free forum and i owe it in part to quality mods like this.

Thanks for the feedback and suggestions, everyone.

I think the special questions work when they're images, and when you use the same one over and over again, with different answers from different or even the same images. I have quite a few questions like "how many round objects are in this picture?" Then I use a number of different pictures with different objects. Then I'll use the same picture for different question types. I read that XRumer and the like are comparing Human Verification Questions with global sites and comparing answers to similar questions (like what's 2+2? Terribly ineffective question, but I see it all the time) and easily getting through them. By generalizing a lot of my questions to different pictures, I hope to cut eliminate any effective comparisons.

Installed and it is working perfect with "KeyCAPTCHA"
I put 30 seconds. I will give you my feedback after few days :)

Thanks Kevin for the new idea

I installed it from 2 hours only and I received 106 emails in my inbox

Can I make the mod to send email if the time is more than 10 seconds and less than 30 seconds? because most of the emails I received was 1 second only !

I think that's a good idea - so you only have to get emails when it's possible that it stopped a human? I'm also going to implement some kind of way to discourage or prevent actual humans from submitting the form until enough time has elapsed, which will hopefully eliminate that concern.

Yes exactly
+
In last 24 hours there is 1 spam account registered in my forum

This only stops rapid registrations, i.e., spambots. It won't stop all spammers.

You'll also have to find the optimal duration for your site. I viewed all the emails for 4 sites over the weekend and settled on 25 seconds as optimal for me.

I've installed my new product in conjunction with yours. Not one single bot since yesterday. :-) Down from 150 daily. They can't even go thru registration so no email is sent

This is working great on 4.2 level patch 3

Stopped loads today since I installed it.

Still have to manually add the IP addresses to ban list, so that would be a great addition to this mod.

Good work.

Cheers

Sean.

Looks good - but now I feel like I'm a competitor. :)



Thanks. This is probably a good time to say, I give credit to users Max Taxable as well as calorie, because calorie wrote a mod many years ago that uses this idea, and Max Taxable has been recommending calorie's mod for a long time. I was actually skeptical because I always found that Q&A worked fine, but I can't argue with all the people who have found this method useful. Anyway, my only contribution is in making sure that an updated version of this idea remains available on vbulletin.org.

As for the ip banning, I was considering that, but the problem I have is that I feel if ips are going to be banned automatically, you also need a way to monitor the process and search and remove ips, as well as a way for someone to contact you if they get banned by mistake, and then it turns in to a major thing. What I was thinking of doing in the next release (some time this week) is to use the login "strikes" system so that at least it wouldn't be possible for anyone to try too often. I'm also going to try to include a summary email option instead of one per registration.

No I also use yours. Bots use vbulletin defined named for custom fields e.g. field1, field2, field3 etc .. mine uses an admin defined name for custom field. If they ever find out then admin simply changes the name and jQuery stops process if field is empty.

Or set a second count value option before they to add to ban IP list would be good.

If some human can sign up in 2 seconds then they super human or a bot.
Most of the ones today were 2-5 seconds that it caught for me and I just manually added their IP to the ban list. But it still a lot of work.

Good Stuff and thanks again for your time and effort!

Cheers

Sean.

Installed for testing with thanks on vBulletin 4.1.3pl5... :up:

Regards,
Doug

They already came to my site to investigate what is blocking them, but then your mod kicks in. So once I get an email from you, I simply change the field name in my mod vboptions. My mod also indicates that 99% of the bots are from China. So I blocked China an end of the story

Easier said than done. Every day there's a different IP range, even if you're using 0/24 range blocking.

easy for me. I get country from IP. A special function gets it, not from range

I've been using FASSIM and it works pretty good.

You're both missing the point. I also use a country IP blocker on 2 forums as well as a custom IP locator on those plus 2 others. My point was that new IP ranges are added almost daily to highly populated countries like China and India and it requires monthly or weekly updates of IP ranges just to keep up - even that might not work on a busy established forum which is targeted by spammers.

Battling spam is not a "set it and forget it" issue. It requires continuing vigilance and varying the tools over time as spammers adapt their own weapons to current defenses.

I agree with that. When they catch up with my mod, Kevin's mod kicks in and I simply adjust my mod with a new vbotions name for that specific required custom field. As far as IP is concerned I get the country code from a 2 lines function. If that were to return nothing then it still stops it. But so far it has always returned a country code

bottom line I am down from 150 spams daily to 0 -2 and I am happy with that. Since I stopped China, back to 0

If the majority of vb users were using good tools that would certainly discourage spammers

Don't forget also to ban certain email addresses at AdminCP >> Settings >> Options >> User Banning Options >> Banned Email Addresses.

I learned of a new (to me) and very dubious "anonymous" email service today and added it to my list: mailnesia.com

That website describes its service as follows:

My current vBulletin banned email addresses list looks like this:

@djbaxter Yes you can totally block China. You don't do it with IP range. You do it with TLD
That was so funny last night. As I was watching Black Hack Down, I was looking at my who's online and all those red dots of no permission kept on popping up as machine guns was erupting on TV
At one point I was tempted to redirect to China military site. Let them crack down on their people

As it currently stands.
I redirect anyone that trips this mod to a bot trap which writes to the .htaccess file.
Now that does give an option to be unbanned.
This is not my code by any means. Just free stuff on the net.
Why couldnt this mod have this basic idea implemented into it?
That would fix the problem if ip addresses changing, old bans etc.
I mean if it was to be coded to suit this mod then you would add a "melt ip after X" option and perhaps a way to view the bans.

Here is how it spits it out for me.

http://www.ftw.net.au/blacklist.dat

Like i said its really simple yet it stops them in there tracks.

Thanks again everyone. I'll consider putting something like that in. I'm working on it here and there when I get a chance, but I hope ot have another version out soon.

I'm working on a version with more features, but it's going to take a while so I thought I'd release an update with the features I've had ready for a couple weeks now. Also, some people may be happy with the basic functions, so I'm thinking of maintaining this one as a "light" version.

There are no bug fixes so there's no pressing reason to update, but I've added the following:

- Timer for enforcing the minimum time for legitimate registrations
- Optional maximum time limit
- Time limits for filtering email notifications
- Option to post notifications to a thread

The posting to a thread feature is simple and requires an existing thread, but I'll be improving it in future versions.

Thank You

Ack - 1.1.0 had a small problem with posting notifications to threads (if you use that option), so I fixed it and called it 1.1.1 (this is only a problem if you downloaded v1.1.0, within the past couple hours or so, but if you did you should update).

Sorry for any inconvenience.

thank you for the update...

Whoohoo!!,... not surprised here. ;)

kh99,
Can you explain the setting for Force Wait for Minimum Time
How does it also not force the spambots to wait for same amount of time?

It uses javascript to prevent the "Complete Registration" button (the submit button) from being pressed until the minimum time has passed. But a spambot doesn't press the button to submit the form (and probably just ignores the javascript) , so it doesn't have to wait.

Thanks for the quick reply kh99. Can I ask how do they submit the form then ..just curious.

Well, I'm not any kind of expert on spamming software, but anyway: your browser is just a program on your computer that displays web pages. If you're looking at your forum's registration page, for instance, and you press submit, the browser takes all the info you entered in the form and packs it up into an http request, connects to your server, and sends it. But any program can connect to your server and send a request, and it's actually pretty easy to write a program that can send a request that looks exactly the same as one coming from your browser. And if you write your own program you don't have to pay any attention to the submit button or to javascript that enables or disables it, you just send your "fake" request whenever you want.

Anyway, I'm not that great at explaining things like this - I hope it makes some sense.

Yes that helps thanks.

One last question I promise :)
Limit Notifications By Registration Time

If I set the range to be 0-60 or 1-60
Would I be able to get a message for both successful and denied registrations

Yes, if you set the high end of the notification range to be more than the minimum time, you'll get notifications of successful registrations.

Perfect - I have now officially selected yours as my timer-based Mod vs the others.
Mainly cause it has the option to feed the notifications to a thread.

Thanks much

You're welcome.

Yeah, when it comes to timer-based anti-spambot mods, there's a choice of 3 that I know of for vb4. There are a few people who seem unhappy about this being one of them, but at the time I created it, one of the other two had been deleted by the author and the other had a problem and wasn't working. Since then, the deleted one has been restored and the other one was fixed, but this one's here now and I'm not going to abandon the people who installed it, or remove it just because someone else wants a monopoly on the idea. But having said that, I have no reason to encourage people to use mine over another one, so I think some of those unhappy people are imagining a competition that doesn't exist.

Anyway, feel free to ask any other question or suggest features. I have another update in the works which should have some logging and stats, and maybe a few other things.

Sorry - I guess I lied about another question :D

I was able to get the first message logged to a thread
but haven't been able to get anymore since to appear
though the new ones do show up in an email.

Is it a one or the other option? any ideas on how to troubleshoot this?

Hmm...well, it's not one or the other, you should be able to get both. But there is something I just remembered - the notification range only applies to the emails. For the thread posting, you'll only get rejection notices (and you should get all of them). So maybe that's the issue?

I kind of threw the thread posting option in there just before releasing that version, and I expect to apply the time limits (or maybe a separate set of limits) to the thread posting in a later version. Sorry if that messes up your plans.

If you are getting rejection emails but no posts, I'm not sure why that would happen, and unfortunately the only thing I can think right now is for me to do more testing to see if I can figure it out. Double check the settings (if you haven't already) to make sure the threadid and userid are correct.

I havent seen any 'unhappiness' or 'imagining' in your thread. Did I miss something?