While I don't put myself out to be an expert with vBulletin using the Replacement Variable isn't hard. And there is a delete option once you do it so it is reversible.
AdminCP => Styles and Templates => Replacement Variable Manager
then you should see Default Style [Add New Replacement Variable] in the right side of the page.
I replaced register.php with registerXXXXX.php and it changed register.php for all of the templates, so no matter which template a bot accesses a bogus register.php would be accessed, more on that later.
This worked fine for me. But, there's always a but in the room, that only took care of the templates where register.php was a variable. Then I had to search the templates for register.php and replace them with my new file name. Not all instances of register.php are variables.
The only problem I've found so far is that when I tried to send an activation code through the AdminCP, I got redirected to my new register.php page by the script. I searched the forum admin files for register.php and found the culprit in the user.php file in the admin folder.
I'm sure there is going to be at one more problem but I'll fix it when I find it. By the way I found a ../register reference in that same user.php file and guessed, without looking at it, that it should be changed as well, but since it's in the admin side of things it's probably only going to affect the admin, me.
user.php line 334
PHP Code:
print_form_header('../register', 'emailcode', 0, 0);
construct_hidden_code('email', $user['email']);
print_submit_row($vbphrase['email_activation_codes'], 0);
Here are other occurences of register.php that I changed
In the new registerXXXX.php file
line 543
PHP Code:
$vbulletin->url = iif(strpos($vbulletin->url, 'registerXXXX.php') !== false, $vbulletin->options['forumhome'] . '.php' . $vbulletin->session->vars['sessionurl_q'], $vbulletin->url);
and line 1136
PHP Code:
'registerXXXX.php?' . $vbulletin->session->vars['sessionurl'] . 'a=ver' => $vbphrase['activate_your_account'],
admincp/email.php line 202
PHP Code:
$activate['link'] = $vbulletin->options['bburl'] . "/registerXXXX.php?a=act&u=$userid&i=$activate[activationid]";
includes/functions_online.php line 1732
PHP Code:
case 'registerXXXX.php':
includes/md5_sums_vbulletin.php line 47
PHP Code:
case 'registerXXXX.php':
I also edited my robots.txt file but that wasn't doing any good anyway because these bots don't read that file anyway
I copied my old register.php file and made a register.php_bu for the archives and made a new register.php file
PHP Code:
<?php
header("location:http://www.justice.gov/criminal/cybercrime/");
?>
I'm only on my second day and so far haven't seen ANY spam registrations. This is a lot easier, for me, than the other spam stoppers I've seen and I'm going to go with it. Even with only doing the replacement variable and renaming the file I continued to get registrations so it didn't shut down my site. I made the rest of the edits tonight.
The good news is that I haven't seen legit registrations drop off and there is no way for a legit user to accidentally be blocked by an ip block which has happened to me in the past from parts of the world that have spammers and legit registrations.
Disclaimer- I fully expect someone with more knowledge than me to tell me I'm full of crap and I will salute you for showing us something I overlooked. If you accept that the register.php file name is the weak link in the battle against spammers, this tightens things up without loosing functionality and makes a forum harder to spam than the next one which is about all we can hope for.
More Information