Unusual question - changing the name of the register.php file

[Macsee]

OK, there are numerous plugins to combat bot registrations, and I'm using several of them.

But it seems one simple solution would be to confuse bots. Bots arrive looking to fill in a form on register.php. So if you have no form there and just some text telling users that you've moved the page to new_register.php ... that could turn out quite neat!

I'd like to try it.

One caution: If you do change the name of your register.php file, you'll also need to make changes within the file. Is that easy to do and what would need to be changed? Can I just find and replace all instances of register.php with new_register.php?

[kh99]

If you search for and replace register.php in all files, templates, and phrases, I don't see why it wouldn't work (I've heard of it being done before).

Edit: here's an idea: leave the original and change it so it does everything except the actual creation of the user.

[nerbert]

You might try editing in a hidden input in your registration form like

<input type="hidden" name="duck" value = "bird" />

then put a plugin at the beginning of register.php

PHP Code:

if($_REQUEST['duck'] == '') 
{
       die();
} 


I suspect bots have the register form ready to go and look only at the non-hidden inputs

[Macsee]

Excellent suggestions, thanks for the feedback (kh99, sorry, it doesn't seem I can give you any more "Likes" at present).

Quote:

If you search for and replace register.php in all files, templates, and phrases, I don't see why it wouldn't work (I've heard of it being done before).

Ah, but if the bot is following the link on your homepage, then changing all instances of register.php in all files, templates and phrases will point all new users to the new location of the registration page rather than sending them to the fake page which has instructions to the humans telling them where to proceed to complete their registration.

Quote:

here's an idea: leave the original and change it so it does everything except the actual creation of the user.

What lines would you disable in the page to prevent actual creation of the user?

[kh99]

Quote:

Originally Posted by Macsee

Ah, but if the bot is following the link on your homepage, then changing all instances of register.php in all files, templates and phrases will point all new users to the new location of the registration page rather than sending them to the fake page which has instructions to the humans telling them where to proceed to complete their registration.

Oh, I see, yeah. I was thinking that bots just assume it's called register.php. You could tell by looking at the web server logs, but I never have. Anyway, then you're probably right, if you just change any reference to register.php in the file you'll probably be OK.

Quote:

What lines would you disable in the page to prevent actual creation of the user?

You could take out everything having to do with the user datamanager. But now that I think about it more, if you're just talking about bots I'm not sure there's any point, because it would probably just give up if register.php isn't there, and you'd get the same result.

[Macsee]

True - these are mutually exclusive approaches. Either you show the bot no form and confuse it, or you show a form that doesn't result in account creation. My preference would be the former simply because humans sometimes don't read instructions (no! I've got to be kidding surely! ). If they see a form they might skip reading the note about it being the wrong form and they could end up filling in the form meant for bots.

It was out of academic interest that I asked about what lines to remove to prevent account creation. I figured some forum owners might want to go down that route.

--------------- Added [DATE]1351889673[/DATE] at [TIME]1351889673[/TIME] ---------------

kh99, that doesn't work.

In the register.php file if I change all instances of "register.php" to "newfilename.php" ... I hit a snag. At newfilename.php, once I enter the date of birth and click submit I get taken to register.php?do=checkdate and of course on register.php I've got just a plain text message for human visitors

[Macsee]

I've been trying to find a solution for this but to no avail. There's obviously some line/s of code in register.php that need to be amended but I can't for the life of me figure out what it is.

[kh99]

You probably need to look for templates and phrases that need to be changed. But if you want all other vb pages to stay pointing to register.php you'll have to sort out which ones to change, maybe by looking through the templates and phrases used by register.php. (If you turn on "Add Template Name in HTML Comments" you can view the html source of a page to see which templates are used, and you can usually find phrases by using "search in phrases" under the Languages & Phrases menu in the admincp).

[betterthanyours]

This isn't really necessary...you can achieve great anti spam if you put some effort into it. You can install things such as keycaptcha for example

[Macsee]

Quote:

Originally Posted by betterthanyours

This isn't really necessary...you can achieve great anti spam if you put some effort into it.

If you "put some effort" into reading the OP, you'll notice that I have put some effort into it and that I'm already aware of and use several plugins.

This thread seeks to explore one new method I've never tried before. On that topic do you have anything to contribute aside from your signature drop?