Go Back   vb.org Archive > vBulletin Modifications > vBulletin 3.8 Modifications > vBulletin 3.8 Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Is Bot: Registration Time Check Details »»
Is Bot: Registration Time Check
Version: 1.0.0, by calorie calorie is offline
Developer Last Online: Nov 2023 Show Printable Version Email this Page

Category: Anti-Spam Options - Version: 3.6.8 Rating:
Released: 12-29-2006 Last Update: Never Installs: 735
Uses Plugins Template Edits
 
No support by the author.

This mod calculates the time it takes to go between these two pages:
  • /forum/register.php?do=register
  • /forum/register.php?do=addmember
The point is to try and prevent bots from registering at your forum when the time between the two pages is humanly impossible, assuming that humans actually take the time to complete the registration page.

Should a user be blocked from registering at your forum, an email will be sent to your vB webmasteremail address and the user will see the vB noregister phrase message, so no screenshot is necessary.

Download Now

File Type: zip isbot.zip (1.7 KB, 4054 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #452  
Old 12-19-2012, 03:44 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by toneloc View Post
I installed this plugin 24hrs ago, right after installing vbstopforumspam and enabled it. I can see on vbstopforumspams log that they blocked 367 users so far, but I haven't received a single email about Is bot blocking any spam.

Spam is being blocked, so I'm happy about that. I just don't know if Is Bot is working on my boards.

Any other way to check?

Thanks
This solution was updated with more features...

https://vborg.vbsupport.ru/showthread.php?t=289463
Reply With Quote
  #453  
Old 12-19-2012, 05:05 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sv1cec View Post
Back in the days of vB 3.0.xx when I first dealt with vB, purchased my first license and started my first site, I spend quite some time to learn php and vB's coding scheme. Seeing the various things that could be improved in the code, and after years of work, I've ended up with a heavily patched version of vB, which included a mod I published in here, called AWS (for Advanced Warning System). That mod included a number of anti-spam traps, a time limit for the registration process (just like this mod), comparison between the country entered by the member vs the location indicated by his IP address, comparison of the time zone he entered with the time zone of the country indicated by his IP address etc.

So vB knows about these things, since version 3.0. Why they do not bother to include them in their software?

The obvious answer is, because they do not care.
That may be an obvious answer to you, but it is wrong. As soon a vB includes something like this in the default software, the spammers will just catch on and change their scripts to 'break' this. Spam is better dealt with through the many different modifications around.
Reply With Quote
Благодарность от:
Max Taxable
  #454  
Old 12-19-2012, 06:31 PM
sv1cec sv1cec is offline
 
Join Date: May 2004
Location: Athens, Greece
Posts: 2,091
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Really?

That's a pretty lame excuse considering what the user experience is, as expressed in this thread.

Let's see what Jelsoft could add to vB, which won't be breakable by spammers.

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration.
- Checking of validity of email address. Not very efficient but it still traps spammers.
- Matching of entered Country with IP address Geolocation information. The ability to exclude some countries would be also welcome.
- Matching of entered Time Zone with the Time Zones of the country derived from the IP address?
- Check of registering IP address against known spammers IP addresses such as spamhaus.org or sorbs.net etc.

Care to tell me how a spammer would break through a spamhaus.org check?

One more thing: if Jelsoft thinks that an anti-spam strategy should include as many traps as possible (and I agree on that), how come it only offers one of Image Verification, Question & Answer Verification and reCAPTCHA™? Why not all? Let the admins select as many as they like.
Reply With Quote
  #455  
Old 12-19-2012, 06:57 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sv1cec View Post
- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration..
Sure they will. Using the automated programs like XRumer and literally thousands of botnet zombie computers, programming a 60 second stall between filling out the form and clicking "submit" won't be all that difficult and really, won't hurt spamming efficiency. It hasn't happened yet because time checks such as this - which have been around in one form or another for years - just haven't been in widespread use.

If vBulletin or any major message board software has this time check in its native code, it won't be long at all before the botnet administrators start programming a delay into their systems.
Reply With Quote
  #456  
Old 12-19-2012, 07:08 PM
sv1cec sv1cec is offline
 
Join Date: May 2004
Location: Athens, Greece
Posts: 2,091
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's exactly the point. More, many more options to trap spammers. Not just one, several. And of various intelligence. Of different nature. Selectable by the admin with various courses of action. Instead of spending time integrating social networks, I would have preferred more and more secure antispam options.

Of course, that's a personal opinion and as we know each one has his own.
Reply With Quote
  #457  
Old 12-19-2012, 07:49 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sv1cec View Post
That's exactly the point. More, many more options to trap spammers. Not just one, several. And of various intelligence. Of different nature. Selectable by the admin with various courses of action. Instead of spending time integrating social networks, I would have preferred more and more secure antispam options.

Of course, that's a personal opinion and as we know each one has his own.
Can never have too many rounds in the anti-spam magazine, that is for sure.
Reply With Quote
  #458  
Old 12-19-2012, 07:50 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by sv1cec View Post
Really?

That's a pretty lame excuse considering what the user experience is, as expressed in this thread.

Let's see what Jelsoft could add to vB, which won't be breakable by spammers.

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration.
- Checking of validity of email address. Not very efficient but it still traps spammers.
- Matching of entered Country with IP address Geolocation information. The ability to exclude some countries would be also welcome.
- Matching of entered Time Zone with the Time Zones of the country derived from the IP address?
- Check of registering IP address against known spammers IP addresses such as spamhaus.org or sorbs.net etc.

Care to tell me how a spammer would break through a spamhaus.org check?

One more thing: if Jelsoft thinks that an anti-spam strategy should include as many traps as possible (and I agree on that), how come it only offers one of Image Verification, Question & Answer Verification and reCAPTCHA?? Why not all? Let the admins select as many as they like.
1) Jelsoft hasn't been the owner/publisher of VB in years
2) Time plays no real factor in registration because they can hit multiple boards at once... Whether it takes 10 seconds to register or 60 on any one site is no big deal. So long as they set their delay equal to a human it is easily defeated
3) Again it would be minor edits to make sure timezone, location and IP match- the only reason these checks may work is because they are rare
Reply With Quote
  #459  
Old 12-19-2012, 08:10 PM
sv1cec sv1cec is offline
 
Join Date: May 2004
Location: Athens, Greece
Posts: 2,091
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
Can never have too many rounds in the anti-spam magazine, that is for sure.
You got that right my friend.

Quote:
Originally Posted by BirdOPrey5 View Post
1) Jelsoft hasn't been the owner/publisher of VB in years
You are right, I just learned that so I have to apologize for my mistake.

Quote:
Originally Posted by BirdOPrey5 View Post
2) Time plays no real factor in registration because they can hit multiple boards at once... Whether it takes 10 seconds to register or 60 on any one site is no big deal. So long as they set their delay equal to a human it is easily defeated
Indeed, but that is only if they know that this antispam measure is in effect in the site they visit. If they do it for every site their bot visits, their productivity goes down.

Quote:
Originally Posted by BirdOPrey5 View Post
3) Again it would be minor edits to make sure timezone, location and IP match- the only reason these checks may work is because they are rare
Of course, but if the admin has the option to permanently ban countries or IP ranges, that could limit his exposure. I've banned whole C-class addresses from China, I do not expect my site to have Chinese members, so I do not care. If that makes my site more secure for my membership, I have no problem doing it.

That's the reason I said in a previous comment, that the admin should have statistics from such add-ons. I add every IP that gets banned from my site, in a table in the database and I have a small program to get statistics from this log. I then enter the appropriate addresses in the ban IPs list.

Each one of the above measures I suggested, by itself, may have a minor effect on the number of spammers you avoid, all of them (or some of them) together can make a significant difference.
Reply With Quote
  #460  
Old 12-25-2012, 02:04 PM
sv1cec sv1cec is offline
 
Join Date: May 2004
Location: Athens, Greece
Posts: 2,091
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

OK folks, for those who want to automatically enter the spam bot IP address in their banned IPs list, here is a version of the plug-in that should do it for you. It's been tested on vBulletin 4.2, I am not sure if it will work on previous versions.

----- code section ------
$vbulletin->input->clean_array_gpc('p', array(
'isbot_time1' => TYPE_UINT
));

$ipaddress = IPADDRESS;

if ($vbulletin->GPC['username'] && $vbulletin->GPC['email'])
{
$isbot_time1 = $vbulletin->GPC['isbot_time1'];
$isbot_time2 = TIMENOW;
$isbot_timediff = intval($isbot_time2 - $isbot_time1);


if ($isbot_timediff <= 15) // difference in seconds
{
$isbot_username = htmlspecialchars_uni($vbulletin->GPC['username']);
$isbot_email = htmlspecialchars_uni($vbulletin->GPC['email']);

$isbot_subject = $vbphrase['isbot_user_blocked_from_registering'];
$isbot_message = $vbphrase['isbot_the_following_name_email_blocked']
. '
User Name : ' . $isbot_username . '
Email : ' . $isbot_email . '
Time to fill registration form : ' . $isbot_timediff . ' ' . $vbphrase['isbot_seconds_transpired'] . '
IP Address : ' . $ipaddress . ' ';

vbmail($vbulletin->options['webmasteremail'], $isbot_subject, $isbot_message, true);

if ($vbulletin->options['enablebanning'] == 1 AND $vbulletin->options['banip'] = trim($vbulletin->options['banip']))
{
$banned = $ipaddress . " " . $vbulletin->options['banip'];
$db->query_write("UPDATE " . TABLE_PREFIX . "setting SET value = '" . $banned . "' where varname='banip'");
require_once(DIR . '/includes/adminfunctions.php');
build_options();
}

eval(standard_error(fetch_error('noregister')));
}
}
-------------

Copy the above code and enter it in AdminCP/Plug-in Manager/Is Bot. Just click on Edit next to the "register_addmember_process", highlight the Plugin PHP code and paste the above code in there. Click on "Save and Reload" and you are done.

To verify it's working, next time you receive an email from this plugin, compare the IP shown in the email you got, with the IPs in your banned IPs list. The newly banned IP is entered in the beginning of the list, so it should be easy to spot.

My Christmas gift to you guys.
Reply With Quote
Благодарность от:
Max Taxable
  #461  
Old 03-14-2013, 02:03 PM
makaiguy's Avatar
makaiguy makaiguy is offline
 
Join Date: May 2004
Location: Aiken, SC, USA
Posts: 150
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Still using the same IsBot I installed in 2008. Recently updated the board to vB 3.8.7 PL2 and wanted to check if IsBot works in this version. Un-remmed the line that sends the email. Received 5 emails of blocked registrations in under 4 minutes, and then remmed out the email line again.

So it's confirmed that IsBot 1.0 works with vB 3.8.7.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:54 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05727 seconds
  • Memory Usage 2,351KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (9)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (2)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete