Anti-Spam Options - Rename register.php by BOP5

Brought to you by BirdOPrey5 / Qapla.com

It's great when you stop spam bots during registration but this mod gives you a chance to stop them BEFORE they even attempt to register.

I have received multiple reports from people who say their "register.php" was getting hammered with spam requests- so much so it was like a denial of service attack. Even if they disabled registration they would waste so much resources their site was slow or worse- had to be taken offline.

What this mod does is allow you to rename the register.php file- my theory is many of the vBulletin spamming bots are hard coded to look for register.php. Using a unique name will throw them off, at least for a while.

To manually change the name of register.php would have meant dozens, maybe hundreds of manual edits to files and templates previously.

This mod makes it as simple as possible. At worst you will need to edit 2 phrases and 1 file, and some people don't need to edit anything at all.

Compatible with VB 3.8.x (and 3.7, and 3.6 probably too) and all VB 4.x.x versions.

Basic Instructions
1) Import XML File
2) Go to mod settings in Admin CP
3) Rename your register.php file via FTP or some other means- make it a unique value but only use basic letters, numbers, underscores, or hyphens. Something like "joeregister999.php"
4) In the mod settings, set the value of register.php to the new file name you chose.
5) If you require email verification during registration follow the next setting in the Admin CP and edit the phrases listed (activateaccount and activateaccount_chnage phrases in Email Body)
6) Finally, if you use Facebook Connect on your forum make the manual file edit of class_bootstrap.php as instructed.

Now enjoy your new filename for register.php, I hope it reduces server load and spam in general.

------------------------------------------------------

Please "Mark as Installed" if you use this.
Donations always appreciated. :up:
Nominate MOTM if you LOVE it!

----

Note- if having problems sending activation codes or other Admin CP related activities use the solution in post #197.

[BirdOPrey5]

Are you certain you deleted (or renamed) register.php and didn't make a copy of it under a new name? If register.php still exists it will work even if you aslo have a page like dshsah23h2.php to register on.

[BirdOPrey5]

You may want to disable registration completely and use my "Really Fast Registration" mod in its place, that will be a significant change for the spam bots to overcome. Only downside is registration needs to be very basic, no custom questions.

https://vborg.vbsupport.ru/showthread.php?t=301283

[Scalemotorcars]

Wow, thanks for the fast response.

Im sure its changed. I used a password generator with numbers, letters, uppercase, and lowercase to get about a 14 character random URL then renamed the old one via FTP. Register.php just 404's now.

Do you think there is any chance the cache in the spambot is till allowing it access? Long shot but maybe.

As for the quick registration, I'm concerned it will not work with my spam plugin. Like I said it catches 99.9 of the bots. All I'm trying to accomplish now is to get the bots off the server. Hitting it every few seconds is really adding to my load.

[BirdOPrey5]

I don't know... Is there at least a temporary delay when you rename the registration page before the spam registrations start again? If not I wonder if it is possible there is a backdoor on your forum being exploited for registrations. One way to check would be to turn off registrations for a bit and confirm no new people register.

[Scalemotorcars]

Quote:

Originally Posted by BirdOPrey5

I don't know... Is there at least a temporary delay when you rename the registration page before the spam registrations start again? If not I wonder if it is possible there is a backdoor on your forum being exploited for registrations. One way to check would be to turn off registrations for a bit and confirm no new people register.

It was about a 4 hour delay but that's a good ideal I'm going to try turning it off the rest of today and see what happens.

I'll post back.

[Scalemotorcars]

So far no new attempts to register when New Registration is turned off so I guess that's good news.

Is there a way to hide/spoof the url that's displayed for this? A URL rewrite so they can't just copy what's displayed in the browser and plug in the new URL into the bot.

[Scalemotorcars]

I just wanted to add that this mod is helping allot actually. I was being hit with spambots every few seconds all day every day trying to register. So far after a few days Im down to about 100 a day. That's a big change, thanks.

Still, it would be nice to be able to hide the URL somehow. I'm sure it can be done but I'm no wiz with htaccess so maybe someone would be willing to take up the challenge.

[BirdOPrey5]

I can't think of anyway to hide a URL that it would still work.

[In Omnibus]

You might want to try blocking bots by user agent at the server level.

[Hostboard]

Quote:

Originally Posted by Scalemotorcars

I just wanted to add that this mod is helping allot actually. I was being hit with spambots every few seconds all day every day trying to register. So far after a few days Im down to about 100 a day. That's a big change, thanks.

Still, it would be nice to be able to hide the URL somehow. I'm sure it can be done but I'm no wiz with htaccess so maybe someone would be willing to take up the challenge.

Here is an example on how you can achieve this:

Code:

<html>
<head>
 <Title>Hide the URL from Address bar</title>
</head>
<body>
 <a href="http://www.google.com">Normal Link</a>
 <a href="javascript:void(0)" onclick="location.href='http://www.google.com'">Hide Link</a>
</body>
</html>