This solution was updated with more features...

https://vborg.vbsupport.ru/showthread.php?t=289463

That may be an obvious answer to you, but it is wrong. As soon a vB includes something like this in the default software, the spammers will just catch on and change their scripts to 'break' this. Spam is better dealt with through the many different modifications around.

Really?

That's a pretty lame excuse considering what the user experience is, as expressed in this thread.

Let's see what Jelsoft could add to vB, which won't be breakable by spammers.

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration.
- Checking of validity of email address. Not very efficient but it still traps spammers.
- Matching of entered Country with IP address Geolocation information. The ability to exclude some countries would be also welcome.
- Matching of entered Time Zone with the Time Zones of the country derived from the IP address?
- Check of registering IP address against known spammers IP addresses such as spamhaus.org or sorbs.net etc.

Care to tell me how a spammer would break through a spamhaus.org check?

One more thing: if Jelsoft thinks that an anti-spam strategy should include as many traps as possible (and I agree on that), how come it only offers one of Image Verification, Question & Answer Verification and reCAPTCHA™? Why not all? Let the admins select as many as they like.

Sure they will. Using the automated programs like XRumer and literally thousands of botnet zombie computers, programming a 60 second stall between filling out the form and clicking "submit" won't be all that difficult and really, won't hurt spamming efficiency. It hasn't happened yet because time checks such as this - which have been around in one form or another for years - just haven't been in widespread use.

If vBulletin or any major message board software has this time check in its native code, it won't be long at all before the botnet administrators start programming a delay into their systems.

That's exactly the point. More, many more options to trap spammers. Not just one, several. And of various intelligence. Of different nature. Selectable by the admin with various courses of action. Instead of spending time integrating social networks, I would have preferred more and more secure antispam options.

Of course, that's a personal opinion and as we know each one has his own.

Can never have too many rounds in the anti-spam magazine, that is for sure.

1) Jelsoft hasn't been the owner/publisher of VB in years
2) Time plays no real factor in registration because they can hit multiple boards at once... Whether it takes 10 seconds to register or 60 on any one site is no big deal. So long as they set their delay equal to a human it is easily defeated
3) Again it would be minor edits to make sure timezone, location and IP match- the only reason these checks may work is because they are rare

You got that right my friend.

You are right, I just learned that so I have to apologize for my mistake.

Indeed, but that is only if they know that this antispam measure is in effect in the site they visit. If they do it for every site their bot visits, their productivity goes down.

Of course, but if the admin has the option to permanently ban countries or IP ranges, that could limit his exposure. I've banned whole C-class addresses from China, I do not expect my site to have Chinese members, so I do not care. If that makes my site more secure for my membership, I have no problem doing it.

That's the reason I said in a previous comment, that the admin should have statistics from such add-ons. I add every IP that gets banned from my site, in a table in the database and I have a small program to get statistics from this log. I then enter the appropriate addresses in the ban IPs list.

Each one of the above measures I suggested, by itself, may have a minor effect on the number of spammers you avoid, all of them (or some of them) together can make a significant difference.

OK folks, for those who want to automatically enter the spam bot IP address in their banned IPs list, here is a version of the plug-in that should do it for you. It's been tested on vBulletin 4.2, I am not sure if it will work on previous versions.

----- code section ------
$vbulletin->input->clean_array_gpc('p', array(
'isbot_time1' => TYPE_UINT
));

$ipaddress = IPADDRESS;

if ($vbulletin->GPC['username'] && $vbulletin->GPC['email'])
{
$isbot_time1 = $vbulletin->GPC['isbot_time1'];
$isbot_time2 = TIMENOW;
$isbot_timediff = intval($isbot_time2 - $isbot_time1);


if ($isbot_timediff <= 15) // difference in seconds
{
$isbot_username = htmlspecialchars_uni($vbulletin->GPC['username']);
$isbot_email = htmlspecialchars_uni($vbulletin->GPC['email']);

$isbot_subject = $vbphrase['isbot_user_blocked_from_registering'];
$isbot_message = $vbphrase['isbot_the_following_name_email_blocked']
. '
User Name : ' . $isbot_username . '
Email : ' . $isbot_email . '
Time to fill registration form : ' . $isbot_timediff . ' ' . $vbphrase['isbot_seconds_transpired'] . '
IP Address : ' . $ipaddress . ' ';

vbmail($vbulletin->options['webmasteremail'], $isbot_subject, $isbot_message, true);

if ($vbulletin->options['enablebanning'] == 1 AND $vbulletin->options['banip'] = trim($vbulletin->options['banip']))
{
$banned = $ipaddress . " " . $vbulletin->options['banip'];
$db->query_write("UPDATE " . TABLE_PREFIX . "setting SET value = '" . $banned . "' where varname='banip'");
require_once(DIR . '/includes/adminfunctions.php');
build_options();
}

eval(standard_error(fetch_error('noregister')));
}
}
-------------

Copy the above code and enter it in AdminCP/Plug-in Manager/Is Bot. Just click on Edit next to the "register_addmember_process", highlight the Plugin PHP code and paste the above code in there. Click on "Save and Reload" and you are done.

To verify it's working, next time you receive an email from this plugin, compare the IP shown in the email you got, with the IPs in your banned IPs list. The newly banned IP is entered in the beginning of the list, so it should be easy to spot.

My Christmas gift to you guys.

Still using the same IsBot I installed in 2008. Recently updated the board to vB 3.8.7 PL2 and wanted to check if IsBot works in this version. Un-remmed the line that sends the email. Received 5 emails of blocked registrations in under 4 minutes, and then remmed out the email line again.

So it's confirmed that IsBot 1.0 works with vB 3.8.7.