Anti-Spam Options - Is Bot: Registration Time Check

This mod calculates the time it takes to go between these two pages:

• /forum/register.php?do=register
• /forum/register.php?do=addmember

The point is to try and prevent bots from registering at your forum when the time between the two pages is humanly impossible, assuming that humans actually take the time to complete the registration page.

Should a user be blocked from registering at your forum, an email will be sent to your vB webmasteremail address and the user will see the vB noregister phrase message, so no screenshot is necessary.

[beishe8]

Those guys with the bots are reading this forum...
15 seconds not sufficient any more.
New registrations appeared on our forum with Polish (Warszawa) IPs.
25 seconds did the trick:

Quote:

The following user name with email address was blocked by the Is Bot mod:
therrorne - ***********@********.pl (16 seconds transpired)

Edit:
Looks like I have to change my opinion about that 120 second...

Quote:

The following user name with email address was blocked by the Is Bot mod:
Illereuct - homionelm@gawab.com (24 seconds transpired)

[BaconDelight]

Well, it's working like magic at my forum, and I've got it set to 4 seconds. Not only is it blocking bots, after having it installed for 3 months, I've actually stopped receiving attempts at all!

Before installing this mod, I was getting ~20-30 bot registrations per day, and was getting 15-20 blocked attempts when I first installed it. Now I literally get none.

True, I also switched to the more advanced version of the image verification, but this mod definitely aided in a big big way.

[pitzerwm]

I'm new, to VB so a noobie question. How does the bot get past the email confirmation requirement before posting?

[KURTZ]

The following user name with email address was blocked by the Is Bot mod: VerftgMtyff - tdutyyuttd@inet.ua (1 seconds transpired)

superb!

[BaconDelight]

Quote:

Originally Posted by pitzerwm

I'm new, to VB so a noobie question. How does the bot get past the email confirmation requirement before posting?

For the most part they can't, but there are mods that open up some holes in the permissions that can allow them to do so.

But even assuming the email verification is working 100%, their accounts still get created, leaving the job of clearing out all of those stupid users. This mod prevents them from even getting that far.

[KURTZ]

another one ...

The following user name with email address was blocked by the Is Bot mod: FrthGtery - gfghdfhgdfhg@inet.ua (1 seconds transpired)

[Quarterbore]

I am been fighting a serious issue with a underdeveloped site that the bots took control of without me noticing.... One of the ways I have been fighting this has been to log registration attempts.

Attached is the registration log for about 7-days on one of my sites... Note, each one of these registration failues would have been one to many spam posts! Note that the time posted in this is the registration times! Also note I am using the NoSpam question hack as well as several other hacks as well. Also, my list of banned e-mail and IP addresses is huge but they still keep comming!

I have a thread with what I am trying to look at the following link to see if there are other ways we can make the spammers life much more difficult!

https://vborg.vbsupport.ru/showthread.php?t=158544

[primesuspect]

Excellent mod, I use it on all the sites I administrate. Thank you very much for making our lives that much easier!

One request I have is the ability through GUI to change the email address or turn off entirely the ability to email the administrator when a bot is blocked. On some of my sites I am getting over 50 a day and the emails are annoying.

Keep up the good work!

[kira]

Quote:

Originally Posted by primesuspect

One request I have is the ability through GUI to change the email address or turn off entirely the ability to email the administrator when a bot is blocked. On some of my sites I am getting over 50 a day and the emails are annoying.

Seconding this! (Actually I mentioned this earlier too.)

Question to those who know PHP better than I do (which is, like, almost everyone here!): as a temporary fix, would commenting out the following line in the product help to stop the email notifications?

Code:

vbmail($vbulletin->options['webmasteremail'], $isbot_subject, $isbot_message, true);

I'm thinking of trying it but I don't want to break the product and cause a flood of bot registrations again.

[TheMilkCarton]

This can return a false positive if somebody messes up their registration info, gets an error message, clicks back, and then quickly changes whatever was wrong and hits Submit again.

However, installing the AjaxReg hack has helped this infinitely, since it uses AJAX to check every field. I do have one field though that requires A-Z input, and I'm thinking about removing it from the registration page so that this won't happen EVER.

Is there any way to keep the time from recounting itself if a user were to click back upon getting an error message?

What about putting is_bot_time1 on the Verify Age page instead? If a user clicks back to fix an error, the time won't be recounted anymore. The only problem I can see is if a bot could keep clicking back and then they'd go past the time limit, but I'm not sure how bots handle an error message?

I was also thinking how does this work with "Time Zone Registration Prevention" hack? I thought about changing the execution order so this hack goes first..

--------------------------

Well, I changed the execution order of that hack to go after this one.. but I can't really test it out since I'm not a bot..

I do want to say that I think this mod is great. In the past 11 hours it has blocked 30 registrations, although CAPTCHA would have stopped all of these. HOWEVER, for the sake of testing this I've disabled CAPTCHA on the registration page! I have a few other measures in place though, so I really doubt any bots are going to get through even with CAPTCHA disabled. If all goes well over the next few days I may keep CAPTCHA disabled entirely.. I think not having CAPTCHA makes the registration page a little less daunting, especially with the settings I had for it. (I could hardly ever read the letters myself!).

I was thinking about possible expansions to this mod... How hard would it be to add a query that updates the "Banned Email Addresses" field with the domain of the spammer when they've been denied registration? It would of course check to make sure it's not already listed, it could be turned on/off, and also have a whitelist of emails NEVER to ban, like @gmail.com or @yahoo.co.uk. I've been brainstorming and it doesn't seem that hard to do.. I think adding a query right to the register_addmember_process plugin could work. The value for the email is passed through that plugin, and that's all we'd need to write an UPDATE query to add the email.

------

Haha, in the time it took me to edit this it blocked another spammer.