Those guys with the bots are reading this forum...
15 seconds not sufficient any more.
New registrations appeared on our forum with Polish (Warszawa) IPs.
25 seconds did the trick:

Edit:
Looks like I have to change my opinion about that 120 second...:o

Well, it's working like magic at my forum, and I've got it set to 4 seconds. Not only is it blocking bots, after having it installed for 3 months, I've actually stopped receiving attempts at all!

Before installing this mod, I was getting ~20-30 bot registrations per day, and was getting 15-20 blocked attempts when I first installed it. Now I literally get none.

True, I also switched to the more advanced version of the image verification, but this mod definitely aided in a big big way.

I'm new, to VB so a noobie question. How does the bot get past the email confirmation requirement before posting?

The following user name with email address was blocked by the Is Bot mod: VerftgMtyff - tdutyyuttd@inet.ua (1 seconds transpired)

superb!

For the most part they can't, but there are mods that open up some holes in the permissions that can allow them to do so.

But even assuming the email verification is working 100%, their accounts still get created, leaving the job of clearing out all of those stupid users. This mod prevents them from even getting that far.

another one ...

The following user name with email address was blocked by the Is Bot mod: FrthGtery - gfghdfhgdfhg@inet.ua (1 seconds transpired)

I am been fighting a serious issue with a underdeveloped site that the bots took control of without me noticing.... One of the ways I have been fighting this has been to log registration attempts.

Attached is the registration log for about 7-days on one of my sites... Note, each one of these registration failues would have been one to many spam posts! Note that the time posted in this is the registration times! Also note I am using the NoSpam question hack as well as several other hacks as well. Also, my list of banned e-mail and IP addresses is huge but they still keep comming!

I have a thread with what I am trying to look at the following link to see if there are other ways we can make the spammers life much more difficult!

https://vborg.vbsupport.ru/showthread.php?t=158544

Excellent mod, I use it on all the sites I administrate. Thank you very much for making our lives that much easier!

One request I have is the ability through GUI to change the email address or turn off entirely the ability to email the administrator when a bot is blocked. On some of my sites I am getting over 50 a day and the emails are annoying. :)

Keep up the good work!

Seconding this! (Actually I mentioned this earlier too.)

Question to those who know PHP better than I do (which is, like, almost everyone here!): as a temporary fix, would commenting out the following line in the product help to stop the email notifications?

I'm thinking of trying it but I don't want to break the product and cause a flood of bot registrations again.

This can return a false positive if somebody messes up their registration info, gets an error message, clicks back, and then quickly changes whatever was wrong and hits Submit again.

However, installing the AjaxReg hack has helped this infinitely, since it uses AJAX to check every field. I do have one field though that requires A-Z input, and I'm thinking about removing it from the registration page so that this won't happen EVER.

Is there any way to keep the time from recounting itself if a user were to click back upon getting an error message?

What about putting is_bot_time1 on the Verify Age page instead? If a user clicks back to fix an error, the time won't be recounted anymore. The only problem I can see is if a bot could keep clicking back and then they'd go past the time limit, but I'm not sure how bots handle an error message?

I was also thinking how does this work with "Time Zone Registration Prevention" hack? I thought about changing the execution order so this hack goes first..

--------------------------

Well, I changed the execution order of that hack to go after this one.. but I can't really test it out since I'm not a bot.. :)

I do want to say that I think this mod is great. In the past 11 hours it has blocked 30 registrations, although CAPTCHA would have stopped all of these. HOWEVER, for the sake of testing this I've disabled CAPTCHA on the registration page! I have a few other measures in place though, so I really doubt any bots are going to get through even with CAPTCHA disabled. If all goes well over the next few days I may keep CAPTCHA disabled entirely.. I think not having CAPTCHA makes the registration page a little less daunting, especially with the settings I had for it. (I could hardly ever read the letters myself!).

I was thinking about possible expansions to this mod... How hard would it be to add a query that updates the "Banned Email Addresses" field with the domain of the spammer when they've been denied registration? It would of course check to make sure it's not already listed, it could be turned on/off, and also have a whitelist of emails NEVER to ban, like @gmail.com or @yahoo.co.uk. I've been brainstorming and it doesn't seem that hard to do.. I think adding a query right to the register_addmember_process plugin could work. The value for the email is passed through that plugin, and that's all we'd need to write an UPDATE query to add the email.

------

Haha, in the time it took me to edit this it blocked another spammer. :)

Well, this mod seems pretty dead, and I doubt the dev would add this to the actual product, but I thought it was important to show the IP.

Change register_addmember_process to:

I think it helps decide whether or not I should just give in and ban a certain IP range.. my forum isn't exactly international so it really doesn't matter to me. I also think the IP in combination with the other things in the email will help you decide if it's a bot or if it's legit, since the problem I described in the post above can possibly lead to a lot of false positives.

wow sounds like just what I need!! thanks (don't know how I missed this!)

There are three (3) register templates with the phrase:

<input type="hidden" name="url" value="$url" />

Which is the correct one to add th new text line after?

Thanks ... :)

Regards,
Badger

Edit: Ignore question. As a test, I added it to the template called "register" only and it must have worked, as after about an hour, I got this:

Quote:

The following user name with email address was blocked by the Is Bot mod: mubssnono - jastyfestap@mail.ru (2 seconds transpired)

I have the setting at 5 seconds. Is that about right based upon what I've been reading here?

how do i edit..when i click on on the xml it shows all the codes but i cant edit them

where do i exactly put this sorry not sure where to put please guide:

Change register_addmember_process to:

PHP Code:
$vbulletin->input->clean_array_gpc('p', array(
'isbot_time1' => TYPE_UINT
));

if ($vbulletin->GPC['username'] && $vbulletin->GPC['email'])
{
$isbot_time1 = $vbulletin->GPC['isbot_time1'];
$isbot_time2 = TIMENOW;
$isbot_timediff = intval($isbot_time2 - $isbot_time1);

if ($isbot_timediff <= 15) // difference in seconds
{
$isbot_username = htmlspecialchars_uni($vbulletin->GPC['username']);
$isbot_email = htmlspecialchars_uni($vbulletin->GPC['email']);

$isbot_subject = $vbphrase['isbot_user_blocked_from_registering'];
$isbot_message = $vbphrase['isbot_the_following_name_email_blocked']
. ': ' . $isbot_username . ' - ' . $isbot_email
. ' (' . $isbot_timediff . ' ' . $vbphrase['isbot_seconds_transpired'] . ')';
$isbot_message .= "\n\r\n\rAttempt was made from: ". IPADDRESS ."";

vbmail($vbulletin->options['webmasteremail'], $isbot_subject, $isbot_message, true);

eval(standard_error(fetch_error('noregister')));
}
}

Thanks ... :up:

I made that change completely replacing existing plugin code with yours....

Regards,
Badger

Mystic, You edit the plugin after it's been installed. Go to the Plugin Manager.

Badger, 5 seconds is extremely low. I constantly have bots taking up to 14 seconds (I have it set at 15), and my other hacks catch the rest that take over 15 seconds.

Roger that ... :up:

I'll raise it to 15 seconds....

BTW, what other hacks to you use to catch the rest?

Thanks .. :)

Regards,
Badger

thanks milkcarton very kind of you to reply

That would be great to auto ban both IP and email address. Because they keep on trying over and over. I've got mine set at 5 seconds. The way those bots seem to work, they try first, then they retry with a delay. If they get banned the first time, then all would be good.

ok, this is how I auto ban them. I set mine to 5 seconds

In the Is Bot plugin at register_addmember_process, right before PutAnd let them try again with a longer time frame :-)

You must have fast bots because mine usually take over 5 seconds on the *first* time.

After studying over 200+ of the last few days' attempts, I've realized it's meaningless to ban a specific IP or a specific email.. They ALWAYS change and even if they do re-attempt it's always from a different IP.

After getting several hundred attempts, I've also realized they are ALL covered by already very comprehensive banlist, and they ALL register from a specific timezone... so I might set the Execution Order of the timezone registration prevention hack higher than this, just so I don't get so many freaking emails.

What I have noticed is that there are a few select bots that always attempt with the exact same username. I'm already blocking them otherwise, so it's pointless to try banning them by username, though.

Also, Lionel...

Do you keep CAPTCHA on with all the options enabled? This mod isn't really doing anything for you then.. :p Probably 50% of your bots are taking over 5 seconds to register, and the thing that's keeping them from your forum is the CAPTCHA. I guess it can be useful with the things you've added to it, but you're probably getting a bunch of useless emails (unless of course you turned those off).

I, on the other hand, have disabled CAPTCHA (to make registration easier!) and with my suite of mods I've managed to avoid several hundred attempts in the past few days! I let one slip through on purpose to test my anti-spam mods, and those work well, too. :)

Eine gute sache!!!Bis jetzt funktioniert er einwandfrei....Danke:up:

Installed on 3.6.8 PL2 with CAPTCHA enabled...we'll see what's what...and post accordingly.

Thanks for this hack.

could you tell em if this works on 3.5.4?

thank you!

Hi there,

I installed this mod and haven't gotten a single email yet I have had several bot signups. Is there anyway to check if this is working? I'm using 3.6.8 Patch Level 2.

Thanks,

Sean

Really strange, did the bots stop? I had this mod installed for several months and I was blocking about 10-20 bots every day. Now I dont get anymore emails about blocked bots? Anyone else experiencing this?

Sorry I didn't do the template mod so I should be set now!

Thank you for such a useful mod. Even with captcha and random reg questions, I was STILL getting bot registrations!!!!

With this mod I am trapping several bot attempts daily.

Thanks! :)

IsBot is an awsome MOD! It blocked 12 bots today and we still have 5 hours left! I think the bot traffic is increasing.... Definitely a very useful tool!!

Sean

Question: Instead of blocking the user, can we get a PM telling us who the user is? Cause eventually they will just delay the bots.

Thanks.

Thanks, this add-on is great and saving me some 30 - 60 minutes a day in admin time which I spent deleting 'spam' members.

This has to be the bast Hack I have installed so far in 10 days it has stopped 200+ bots from registering!

Great hack, saving me lots of time and effort, thanks a lot!

As simple as this is, it saves a TON of time and has stopped pretty much all automatic spam bots. Thanks a lot!

This mod is a blessing from the skies!

One question, though - any chance to disable the "user blocked" e-mails?

Just comment out the mail sending line in the plugin and you are good.

Oh I love those emails ! I would not disable it for a thousand dollars!
I have a filter which transfers all of them to a folder.
When I see that some of them is near the time limit: increase it.
From Ukraine and Poland: They are relatively slow.10-24 secs.
Russia: The best! 1-5 secs.

Tweaking the timer is not a too good idea. If you make it too long, you will start catching legit users. In other words be very very careful with it.

I'm guessing that's the line that starts with "vbmail".

Yeah, I enjoyed those e-mails at first as well (serves you right, spammers!), but then me and the mails have decided to part ways :)