SpamBot Posting Protection
 

== What this Plugin does ==
The following product will place a hidden blank text box (humans can not see these text box, but Bots can) in your Register, Posting, Replying and Quick Reply forms. When the post is submitted there will be a check done on this hidden field to see if it was filled out. If a bot has filled in the hidden field the post will be rejected and a "Spam Message" will appear.
This is not hi-tech spam prevention, but does work pretty well and does not interfere with human posting in any way. Ive implement it on Forum Extension which i wrote for the MediaWiki system and it worked out pretty good.

== Theory behind the mod ==
Spam bots automatically fill in any blank text fields they "see".
By placing a text field in the posting form and then hiding it (via css, div hiding does not work that well) only bots can see the field, humans can not. So if the field is filled in during form submission it would have to be filled in by a bot and not a human since the human can not see the field. After the post is submitted it will be checked to see if the field is empty or not. If the field is empty the post will go through, if the field has info in it, the submission will die with a Spam Message (not that the bot will read this, but the message can also work as error control).

This mod was inspired by :
http://www.mediawiki.org/wiki/Extension:SimpleAntiSpam

This product has been tested on:
vBulletin 3.6.5, 3.7.0


Installation:
Install the plugin via your AdminCP.
AdminCP -> Plugins & Products -> Manage Products -> [Add/Import Product]

There are four template edits which the plugin automatically does for you.
There is a "ReadMe" included which has the edits in there in case you want to know what they are.


Admin Options:
AdminCP ->vBulletin Options -> AWC's SpamBot Protection

• Test SpamBot Field
  This option will "un-hide" the text boxs so you can test.
  _
• Auto Ban Spammer
  When a spambot posts a thread or post they can be automatically banned to the group of your choice.
  _
• How to send Banned message (Admin, Mods, etc.) notifying a bot has been Banned.
  You can automatically send out a PM or Email to selected members notifying them a spambot has been banned.
  _
• What to Check
  You can turn On and Off what you would like the plugin to check, New Registration, New Threads or New Posts.
  _
• Move spam post
  Posts created by a spambot can be placed in a selected forum of your choice.

1.0 to 1.x Upgrade info:
If you have installed 1.0 and are upgrading to 1.x you will have to remove the template edits you made before (sorry about this, wont happen again ;) ).
Search and remove the following from your templates:



Plugin Version History:

Ver. 1.2 - Dec 25, 2008
- Added
-- AdminCP page
-- Test Option
-- Move spam post to selected forum
-- Redirect option for registration
-- PM or Email banned member name to selected members

- Changed
- How text field was added to Quick Reply (to make compatible with Vb 3.6.x)


Ver. 1.1 - Dec 22, 2008
- Changed to auto template edits
- Added new hidden field to Register form
- Added auto ban option


Ver. 1.0 - Dec 20, 2008
- Add 3 hidden fields (Quote, New Reply and New Thread) and check:
- Manual template edits


Heres the AdminCP section...
http://wiki.anotherwebcom.com/images...ot_Admincp.jpg


Its been a long time since ive dabbled with vbulletin so im sure there are other ways to implement this.

Any feed back would be great.
Enjoy.

_

will try it soon :D

Will the member posting the spam be banned?

Sounds good.
If you have the time could you post back how you think its working for you.


No, sorry.... but good idea.
Maybe if people show interest in this plugin that will be in the next version or something like the Adimn can redirect the spam post to a "spam forum" (so they can see whats being blocked) or have an auto ban for that member or a cron-job which will email/pm the Admin with a list of daily spammers or options for all of this and any other suggestions.

If there is a next version one thing which will be added is the blank text box to the sign-up form, this is something which should have been in place now... maybe ill add that tonight or tomarrow being it will not take any time to code that.

_

Just added this as an option.
As of now there is no AdminCP page for the plugin, you will have to use the Plugin Manager to active 'Auto Ban'. Please re-read the main post here for more information about this.

_

Just started to play with an Admin section along with a couple new options.

- Moving spam post to a selected forum ID
- Being able to pick what group ID Auto Ban changes members group ID to.
- Redirect URL for registration check just in case the plugin gets a false read for what ever reason, the person can get in contact with the forums Admin (can't think why this would happen, but just to be safe).
- Easy options to select what checks the plugin does.

Does this work with 3.8.0

Don't know, have not tried it.
Only version tested with has been 3.7.0

_

Will be trying this on 3.6.X unless you know it doesnt work.

Another good feature would be that the admin, or someone specified in admincp would be notified through pm/email that XXX user was banned. Know what I mean?

Sounds good, please post back how it works.

Working on 1.2 now, will try and add this as an option in the AdminCP.

as of now 1.2 has...
- AdminCP page (added thorugh .xml, no file uploads or edits)
- test option
- move to selected forum
- registration redirect

Just tested 1.1 with Vb 2.6.5 and the Quick Reply was the only thing which did not work; New Thread, Registration and New Reply (via clicking the New Reply link) all worked.

This will be fixed in 1.2
1.2 will be fully compatible with Vb 3.6.5 along with all the new feathers, including:
PMing or Emailing Banned member name (and what they posted) to selected forum members (via member ID's).

Will be uploading 1.2 in the next day or two.

_

OK, heres 1.2 with all the options and suggestions which people have posted and a few more.

Currently the plugin has been tested on vB 3.6.5 and 3.7.0 and all options work fine.

_

Thank you very much for this. I have three other bot protections in place designed to stop them from registering in the first place, but should one get through they've then got yours to contend with. Good work!

Thanks pigpog.

This plugin also has a registration check (its simple, but should help), there is an option in the AdminCP where you can turn that check on or off.

If you have any suggestions for this plugin, please post.

Take care.

_

Being theres been more then a few downloads and no complaints, guess thats good.

thanks a lot, been getting swamped with them recently :)

fingers crossed this helps., i will check the ip's against the stop forum spam list i have as its to big to add to the banned ip's section :)

most seem to come from te far east so there easy to spot...

thanks for this, the simple ideas are often the best ;)

Your welcome...
Best of luck.

had 1 since install, its helped a lot but not perfect, maybe it needs to appear as a required field to the bot ?

Glad to here its working for you.
In the AdminCP there is a 'Test' option which will make the "SpamBot Text Field" visable, you can test it out if you want.
Im sure there are bots out there which will get by this protection, like said above, its not hi-tech :)

Do you by change have this plugin set up so the spam post are filtered to a seperate forum, so you can see what has been blocked ?
Just wounding, i do not have vB installed anywhere that gets alot of traffic to test out how the plug-in works on a large scale.

Thanks again for your feed back.

_

i dont filter the posts, cant see the need if joe blogs cant see it.

just wondering if theres a way to mimic a required field in the hidden option so the script readers see that and assume they have to post in the signup screen

Ohh... was just wondering if you might have just to test out the plugin and see how well (or not) it works.

Not sure what you mean.
On the registration screen you want to add a "spambot" hidden field under the 'Required' section ?
If so... ive never looked at the vB code for that, but would assume the vB code just checks the fields after they are submitted. When the require fields are visable, during the screen when a person is filling them out, there is nothing special about them. The code which checks them after they are submitted is where the "magic" is done. Could be wrong, will check it out is thats what your looking for.

_

i guess having a * next to the box may trick the bots, not sure.

i will turn on the diverted post when im home tonight and we will see whats being stopped :)

Maybe, not sure eather.

If you really feel like testing it out, can you turn that on as you said, but turn off the registration check ?

Like said in the PM.
A quick day test (full 24 hours) with open forum posting (letting guests post with out being logged in) the same code used in a different forum stopped around 70 spam-bot posts. Thats with no protection period, completely open and nothing got by. Im sure the type of bot posting has alot to do with it, maybe i was hit by the dumb ones during the testing :D


_

ok all setup, lets see what happens next :D

we dont allow guests to post tho so thats got to stay off tbh

uvwx993 weoskee@gmail.com
vg286031 vgoldzone20@pc1520.com

they were stopped from signing up in the past 2 days, now i wonder what the 2nd one could possibly want lol

Could i use it for vbb 3.8.0?

did Anyone do it? :P thanks.

i think this has already been added to the spam bot scripts as its no longer working :(

It worked fine till now (i dont know exactly but it's still effected with my forum), but i want to use it in my others, it's using vbb 3.8 :( dont know if it could work, anyone have the answer?

Just installed it on one of my forums which gets horribly spammed so will know pretty quickly if it still works...

Edit: So far it's working very well, moved from 50+ spammers per day to 1 or 2...and they're actual people spamming.

The name for a field is generated by a script random or it is constant?

Don't know if the plug-in works with 3.8.x

constant

_

downloaded

Is this Mod working for 3.8.x ? Anyone has experience in that matter ?

It works as far as not breaking things, but, nothing actually gets past the other defenses I have, so, I don't know if it still works in terms of banning people for filling it in. It's just a simple form, so, I imagine it would, but, maybe a name of something has changed.

Either way though, the automatic template edits are forced, and it causes a W3C Validation error because it injects the CSS directly in the middle of the page instead of at the top. So, I'm probably going to disable this for now, or maybe remove the CSS entry from the plugins and add it back in manually myself.

i downloaded it......

it stopped a few bots but some are still getting through :(

Can anyone confirm that it works fine with 3.8.x?

Can we change the name of the hidden field?

Have spammers anticipated or is this mod still effective?

Anyone do this for 4.1 yet?

If a user uses Roboform password manager to generate their password and fill in their name and e-mail, this plug-in blocks the registration. I've had this stop me from registering on a few forums, I had to start over and enter everything by hand. When I first had it happen, I just thought the forum was broken, and I left.

There are millions of legitimate users that use password manager type of tools to fill out forms.

I strongly suggest you add a manual warning to users that they can not use password manager type of tools to sign up for your site.

I strongly suspect your turning away legitimate users with this tool.

I'm contacting Roboform to see if a work-around can be programmed.