Stop the Registration Bots
 

Control your vBulletin forum registration process and stop the registration bots.

This mod will check the the time it takes for a vBulletin registration form to be submitted. If the form is submitted faster then humanly possible, the registration will be denied and the admin contact will be emailed about the event. The time is settable

We will start the registration on the forum rules page in two ways. First we will add a custom hidden field with a hash. Second we will insert a randomly named hidden field with a random value. This should make it a bit difficult to program a bot since the field names on all sites will be different as well as the values.

We will use a second set of random hidden fields on the form page as well to add to the confusion.

Time stamps to check the time spent on registration submission are stored in a DB table and private.

A registration will have to come through the Rules page and the form. Every Site will be different.

Installation is very easy.

There are two templates to edit.
One database table is added.
Three hooks are utilized.
Includes uninstall code.
Adds to vBulletin options.
Set time frame option.
Includes Phrases.
Sends Mail to Admin.
No files to upload.
XML product install.
Instructions attached in zip.

Demo usage and view source at http://www.riderinfo.com/

Compatibility
This hack is known to work on vBulletin 3.6.11 PL1 and will likely work back a few versions in the 3.6.x vBulletin series. Of course it works on 3.7.x as posted too.

HISTORY
1.2.2
added admin email on/off setting
moved hook code to files to reduce overhead.
1.2.1
Added Enable/Disable setting.
Fixed coppa includes file probem
Added file upload instructions to readme file.
1.2.0
Added JS timer to registration button.
Added enable/diable for email.
Removed ACP settings for random fields on rules and reg form pages and automated.
Reworded Pharses in ACP.
Recoded rules form and reg form edits.
Renamed variables for better code following.
Added more DB fields per user reg for tracking random automation.
New Hook on start_registration for functions.
Added new functions file. includes/stb_functions.php.
1.0.3
Changed input user name on rules form to random named hidden field with hash value.
Removed \n chars from email phrases.
All changes to registration are transparent to the folks registering.
Renamed DB username field to hash.
New hook on register_signup.
1.0.2
Added new Pre Reg Name hidden field to register form edits and ACP.
Added code to deal transparently with user deciding to change name after pre submitting it.
1.0.1
Fixed typo, changed 36000 to 3600 in product file.
1.0.0
Original Release.

Installed.

Thanks! Please feel free to give some feed back, good or bad.

This was just one of those things that happened, there was no plan really. It's a follow up on some stuff I read researching another project I plan to release soon that may be very useful as well. It's the exact opposite of this in that it helps your forum avoid looking like email is spammy and gives the users and admins some really nice new ways to control some important settings that effect email.

Thanks,

I installed and the process was seamless! marked as installed ;)

noppid your back making hacks sweeeeeeeeeet :D

nice liltle hack :)

What if the user decides they want to use another name after that screen? Is there some warning that tells them that they have to use that name or is it set by default where they can't change it?

And, no, I have not had any beers, if this sounds confusing. ;)

[high]* projectego clicks install :)[/high]

Excellent! something which I need asap, as I have had to block yahoo emails from registering on my site as none of my emails get through to yahoo inboxes anymore.

Let me ponder that while I'm at an appointment this morning. We may need a "start over" link for that. That seems easy enough. Good catch.

EDIT: On second thought, if they change their mind on the name, the bot detection mechanism should be transparent. We likely need another field in the DB.

I just want to have it like the original Is Bot where if the registration time is too fast it stops the registration. Is this possible?

That's in there. It hides the time stamp in a DB table instead of passing it in the post vars or URL.

Also, does it empty the info after the registration is deemed legit, or does the info keep collecting with each registration attempt?

It dumps the info on registration and dumps the table of expired lost records that are 60 minutes or older if any exist.

Ahh, OK, great! So, are you going to update this with another field in response to my first question? And I can un-install ISBot if I am using this, right? Or do I need both of them?

You don't want to use both I don't think. I used the best ideas from that and made them a little stronger. With the ideas ya'll are sharing, we should only need one app once we get all the features sorted.

I'm still tossing around how to handle your Name thing. My best idea is to pass a hash of something from the rules page and then check the DB against that and the name no longer matters.

Or, we should just remove the username input field and display the name already chosen with a note and link. Don't like this username Anymore? Click here to start over. I like this idea best myself.

Either way would work but I think the hash idea, if done properly, would be a better way to go. If someone registers on a site that has this installed and they also register on sites that don't, they might get confused as to what the name part is all about in that section of the registration process.

Yeah, familiarity breeds contempt. Keep it as similar as possible.

Ok, unique hash coming up. we'll all have a unique name for that hidden hash field too. That'll keep um confused. ;)

Sounds good. Looking fiorward to it.

Thank you!

I think we can handle a changed name better with a check on submission. If this don't match that, name was changed, lookup record with old name not new name.

I'm thinking about this before I pull the trigger on any code.

Name changes are dealt with now. And there is one more, unique to your site, hidden field added to the Registration form.

Great ideas folks! Ya'll can view the source code for the form at the demo site listed above in the mod description.

Let me read it over and see if I'm happy.

Upgrade will be to add one edit to the register template and install the product.

Just curious, how did you do the name change? Sounds like you canceled the hash idea.

A direct link to the source code would be better as there is no way I can figure out where it is on the site.

Sorry for the confusion, I meant view the HTML form code. The Code is not posted except in the release file here and that is the old code.

Yeah, the hash was getting over complicated. We deal with the name change by using a second hidden field and track it with a unique name you set.

Seems to be working and handling errors properly on my site. I had installed a bug and messed things up for a while. But we stomped it.

Anyway, if you view the two forms, you'll see where we grab the pre-name on forum rules and then place it in a hidden on the reg form. That allows for tracking the record and the name changing.

The Pre-reg name field on rules is settable, the hidden field name that saves it on the reg form is settable, and we have the settable hiddens on each form.

Lot's of confusion. I confused myself even coding it.

Shouldn't the registration permissions implemented in vb script stop the bots already? Or is this a bot detector for possible bot attempts to register?

OK, well, I'll have to look at how you've done it before I decide if i want to install it. I'm not sure changing the way vb does the registration for the name is the way to go for me. I think it would be a little confusing to new members, but that is just me.

no, ur not alone, it would confuse other members aswell

Well, change is hard. Nothing changes what so ever on the registration page. People just have to type a name on the rules page now as well as check a box.

I set out to change it on purpose.

Instead of collecting the name and using that, we could GEN and Pass some hash off I guess. But as i said, my purpose was to make things different.

The more I type, the more I like passing the HASH. I didn't want to pass it. But that is more random and gives us control better.

Ok, you win. That's a better Idea. That changes things a lot for us and not for the user at all.

Easy turnover too.

You DO suck up rather well. ;)

But I think no changes for the user throws them off to what is really happening behind the scenes, which is what we want to do, right?

Well, I didn't really consider that at first. I originally set out to upset that. But the more you and others typed, the more I realized most want transparency. So, no big deal. I'm getting mellower with age. ;)

It's done and working. I need a break and I'll take a look with fresh eyes in a while, run a test and post code. I want to be available when I post in case I missed something.

If you think about it, transparency is better for something like this as the bots won't see anything different and won't know what is up on the surface. If they experience changes in the way things usually are, they can adapt that much quicker. Simplicity at it's finest, so to speak.

Posted for your review.

:D installed thanks.

Will this work with 3.6.8?

I'm planning on upgrading but won't have time to reinstall all my mods for at least three weeks.

Not working for me.

I add the product but then when I hit Register, accept the terms and click continue it says I left a required field blank (never shows the form to register).

I am using this alongside the ajax registration and am using recaptcha as my image verification

It might. I'm running it on www.riderinfo.com on vBulletin 3.6.10

Did you do the template edits in the instructions? Without them, that is exactly what will happen. Check your ACP settings for Stop the Registration Bots too.

I had the same problem. Went back and triple-checked that I had added the correct hidden fields to the correct templates as described in the text file. I had done everything correctly.

However, I had used some really long hidden field names using a mixture of upper-case letters, lower-case letters, and numbers. On a hunch I changed the hidden field names to some 8-to-10 character all lower-case letters and it started working.

Thanks for the heads up. I didn't make any notes on the limitations of those fill ins.

I'm thinking of automating the process 100% and generating everything random on a per registration basis and using the table we have to store the values.

I edited the description fields to add text that clears that up. It should help.

We also eliminated 4 of the fill in fields and made them auto generated. We track them via the db and that makes things very random. The only field that won't change names unless the admin updates it is the hash field name on the rules and user reg page. Changing them once in a while will keep things very confusing.

I'm trying to get as close to possible to set it and forget it. We may me able to make a cron job that resets those too so things shake up very often and random.