Rename register.php by BOP5
 

Brought to you by BirdOPrey5 / Qapla.com

It's great when you stop spam bots during registration but this mod gives you a chance to stop them BEFORE they even attempt to register.

I have received multiple reports from people who say their "register.php" was getting hammered with spam requests- so much so it was like a denial of service attack. Even if they disabled registration they would waste so much resources their site was slow or worse- had to be taken offline.

What this mod does is allow you to rename the register.php file- my theory is many of the vBulletin spamming bots are hard coded to look for register.php. Using a unique name will throw them off, at least for a while.

To manually change the name of register.php would have meant dozens, maybe hundreds of manual edits to files and templates previously.

This mod makes it as simple as possible. At worst you will need to edit 2 phrases and 1 file, and some people don't need to edit anything at all.

Compatible with VB 3.8.x (and 3.7, and 3.6 probably too) and all VB 4.x.x versions.

Basic Instructions
1) Import XML File
2) Go to mod settings in Admin CP
3) Rename your register.php file via FTP or some other means- make it a unique value but only use basic letters, numbers, underscores, or hyphens. Something like "joeregister999.php"
4) In the mod settings, set the value of register.php to the new file name you chose.
5) If you require email verification during registration follow the next setting in the Admin CP and edit the phrases listed (activateaccount and activateaccount_chnage phrases in Email Body)
6) Finally, if you use Facebook Connect on your forum make the manual file edit of class_bootstrap.php as instructed.

Now enjoy your new filename for register.php, I hope it reduces server load and spam in general.

------------------------------------------------------

Please "Mark as Installed" if you use this. :)
Donations always appreciated. :up:
Nominate MOTM if you LOVE it! ;)

----

Note- if having problems sending activation codes or other Admin CP related activities use the solution in post #197.

Reserved.

Awesome and working perfect, very easy to change and should help tremendously...

2 thumbs!

Looks good Joe, thanks for sharing.

thanks :) Subscribe to This Mod

Anything that will reduce overhead from spammers, bots and idiots is a winner. Installed and tested in 4.2.1 with no issues.

Edit: Seeing a LOT less activity which frees up resources. I was thinking, could/would you do a version of this mod that would change the post/reply on the board? THAT's the other place comment spammers suck bandwidth. Just thinking...

I know for a fact they are, it's not a theory. I've been downloading and experimenting with several auto-spam programs and XRumer in particular is that way, but not just for vBulletin. For just about everything out there, it is programmed to "know" where the register form is, know what's required for the form, etc. It looks in the files for the version number, then goes from there.

This is a nice little speed bump for the auto-register software programmers to pull their hair out over, for awhile. And it will take them a long time to figure it out, since most of the autospam programs don't inform their owners of failed registrations, much less why the registration failed. This must be discovered manually. And with each installation of your Mod here allowing the installer to choose a unique name for the registration file? Makes it REALLY hard to automate a response!

I'd install this if I ran version 4. Nice job Joe! Simple and elegant, just the way I like anti-spam mods to be!

This mod is also compatible with vBulletin 3.x as well. I just didn't list it in the 3.x forum yet.

thank you sir, this will help me tremendously .:up:

Awesome Mods!!~~....

Joe as always a Superb mod mate thank you! Will be using this very soon

Just to let you know the class_bootstrap.php lines to edit if using Facebook Connect are the same for all of vB 4.2.x.

Lines #237 & #294.

I will try it.
Installed + nominated

Thanks Joe :)

Joe, you're always coming up with amazing mods that help the community.

Thank you for everything that you do -- it doesn't go unnoticed! :)

It's working thanks joe! Great mod, installed nominated

This is an awesome mod, and I might install it. However, if enough forums install it, it might easily be bypassed. Spam software can be changed to just search any page's html for the word "register" and the associated link, and use that url instead of the hard-coded one they use now. Then our next weapon/step would be to obfuscate the link (using javascript, etc), and then the spammers would eventually find a way to bypass that, but not as easily. However, the more difficult we make it the better, and as long as everyone isn't using this, it might last quite a while. :)

I had a question about using google analytics funnels/goals to track registration completion. Register.php is in my goal path (it's the trigger), and I think this mod would permanently break analytics being able to track percentage of registration completions (attempts vs success, etc). However, it's still probably worth it. :)

I'm well aware of the capabilities of the auto-spam software. The part you might have missed is, each person who installs this Mod gives the register page a different name. It can be anything. And it will likely be as unique as the person installing it. It may or may not have the word "register" in it somehow.

If a spambot administrator wants to manually find the register page, he/she can do so like any legitimate human can. But as I explained, the auto-spam programs don't inform of failed registrations or the reason for them. And while typically hitting 1000s of sites each session, they don't take any time trying to discover if registrations fail to start with. Auto-spamming is all about automation and speed.

I accurately described this Mod as a "speed bump." But I also accurately explained why it's a better speed bump than most.

Installed, and Thank You.

I am in the process of testing this out, and I noticed while watching whos online.

While the whos online shows several hits to the new registration filename, I suspect these are just bots hitting the links. And even though it shows as unknown location (can this be changed?), I am wondering that this mod is specifically for those registration bots with register.php built in, if you BOP5 have noticed that some of those bots look for the login phrase link instead of just hitting the filename?

Sorry if this is a redundant question, but if I missed it my fault.

Thanks again.

Good catch! Updated to version 1.1.0 to fix the Who's Online issue. It will now say "Registering."

Do you have vb3.8 version of this? Thank you!

Yes ! Compatible with VB 3.8.x (and 3.7, and 3.6 probably too) and all VB 4.x.x versions.

This same mod is compatible with both VB 3.x and VB 4.x.

I have been watching the hits on whos online for the last day, and today I have noticed that a couple of registration bots have hit the new url I implemented with this new mod. I verified the ip with stopforumspam and it is indeed.

My question is, are the bots programmed to use a variable that has the vb software identify the registration filename, through a phrase or something? Otherwise how could this bot know my new filename especially since it has been less than 24 hours since installation?

Gots me confused.

Installed and working perfectly.
Many thanks.

I guess I'm missing the point here I suppose, but 48 hours in and I'm still getting the same amount of bogus registrations as before this install.

Ehh ... count me as a "nogo" into the otherwise solid "go" reports.

I am sure there is some spam software that is smart enough to follow the "Register" link from the forum homepage regardless of the filename of register.php, but on the other hand I am sure there is spam software that is NOT that smart and looks for register.php to begin with.

It won't stop all spam but I strongly believe it stops some spam.

I sware some people are just targets, my sites been up for 4yrs same server, and zero bots....

Over a million posts on your site, 25000 some odd members,...

AND NOT ONE SPAMBOT ??!!

Now THAT is impressive ! :)

Do the image(s) related to the re-named register link still have the word "register" in their file names? The auto-spam programs do scan pages and can go to links.

Just a thought.

End it with this.

https://vborg.vbsupport.ru/showthread.php?t=289463

I found a small problem.
I needed to resend the activation code for a new member.
In User Manager/Quick User Links/Email Activation Codes

The page is not found as it is looking for register.php
I easily changed web page address to my renamed register.php file but it would be nice to know what to change to correct this.

You're right- Fixed in new version 1.1.5. Thank you for pointing it out.

I added another plugin in the Admin CP user editing to deal with the name change. :up:

Many thanks, that did the trick.

I was planning to try this out over the weekend when I had more time but yesterday I had a bot swarm large enough to take out MySQL with a "too many connections" error (dedicated server). I got up early this morning to add this to 4 forums.

Where's your donate button, BOP5? I don't see one here or on your site.

...

D'oh! Maybe I'm up a little TOO early. "Support Developer" :o

Thank you, it is much appreciated.

(On my site you need to register to see the donate link because I do it via the subscription system.)

That sounds alot more like a DDoS attack than just garden variety spam.

No.

1. They were hitting register.php and some of them got by the spambot timer add-on and registered with the usual spambot signature registration info.

2. There were enough hits in a short enough period of time to breach the "too many connections" limit had it been a DDoS attack there would have been a lot more over a longer period of time. I experienced one of those several years ago and they're unmistakable in their scope. This was a spambot swarm.

Re: The bolded. How?Got'cha.

The simple answer is because they exceeded the minimum time required by the add-on to be identified as human. Maybe that was because some of the bots have been reworked to compensate for anti-bit timers. Maybe it was because the bot swarm slowed down site response time enough that they met the crtiteria. I don't know.

But I can say that while the anti-bot timer certainly prevented a large number of spambot registrations for me, it didn't catch them all.

On the other hand, the effectiveness of the combination of the anti-bot timer and this add-on has been astounding so far.

I figured it might be.

Alot of people don't realize the timer add-ons are all page load time dependent. Terrible proxies the botnets usually use, and other factors can contribute to slow load times thus letting some autospam bots get registered.

Spam fighting requires layers of defenses and vigilance by site owners, for sure. It's not a casual undertaking.

What version of the timer add-on are you using? I'm still on the original v1.1.