Anti-Spam Options - Spambot Stopper - Prevent Spambots from Registering

What is it?
----------------------------
This mod rejects registrations where the form is filled out in less than a minimum time. You can configure one of the following actions to be taken when an automated registration is detected:

- Show a "No Permissions" page
- Display the "Successful Registration" message but without creating an account
- Redirect the user to any URL you choose
- Reload the registration page with an error message of your choosing

You can also provide a list of email addresses to be notified each time a registration is blocked.

In the future, I'd like to add some simple logging and statistics, and a summary type of email notification (because people seem to quickly get tired of the single emails).

Note: I coded this myself from scratch, but I would like to acknowledge a couple of previous mods that used this same idea, by users Calorie and noppid, and maybe others. In any case, I believe this one adds some features that the others don't have.

Other advantages: no ads or links, no abuse of update notifications, no disappearing features, no threats to delete the mod (it will never be deleted, at least by me). Also, translations are allowed.

Installation:
----------------------------
1) If you have "Is Bot", "Stop the Registration Bots", "Spammers Suck!", or another mod that works on registration time, note any admincp settings for that mod then uninstall it.

2) Import the product XML file from the Product Manager.

3) Go to Settings > Options > Spambot Stopper Options and configure the desired settings.

4) IMPORTANT: try to register a new user to make sure that there are no problems with humans registering. If you want, you can also temporarily set the minimum time to a higher value (like 60 seconds) and test to see if the spammer rejection is working.



History:
----------------------------
1.0.1 (Feb 1, 2013)

• Initial Release

[kh99]

Quote:

Originally Posted by RyanC

So I have this installed and it's working great on a very large forum.... However about five times a day I get an email from a user complaining of this error on registration attempt:

Any idea what could be causing this?

All I can say is that it doesn't look like anything from this mod. "whois" looks up domain names, so I would guess that maybe it's another mod that checks email domain or maybe the user's ip address. In any case, my mod doesn't include that file.

[DamasGate]

Installed

Impressed with the idea

Thank you

[Prune Danish]

I installed it. It's so nonintrusive that there was no reason not to.

It would be nice with a log -- just a simple text-file -- that records at least the IP and time stamps. Not only is such a log necessary if a legitimate user complains that he hasn't received a mail. I'm also unable to vote on your product if I don't know what it's doing.

Another feature I miss -- but this is probably outside your scope -- is when a bot answers our human verification questions. It would be nice to know WHICH question the bot has successfully answered.

[kh99]

I understand. If you read the vb4 thread you saw that logging was mentioned a lot of times, but I never got around to adding it. I actually had a verison where all the data was collected for logging (including the answer to the hv question, if that option was turned on), but I just never got around to completing it. I haven't completely given up on the idea.

[Prune Danish]

Quote:

Originally Posted by kh99

I understand. If you read the vb4 thread you saw that logging was mentioned a lot of times, but I never got around to adding it.

Thanks for answering.

No, I haven't looked at the vb4 thread. I was just referring to the top of the present page, where you write, "In the future, I'd like to add some simple logging and statistics". I tried registering at my site a few days ago (before installing Spambot Stopper) and for some reason I never got a confirmation mail, even though hundreds of spam accounts were being created at the same time.

If Spambot Stopper had been installed I would of course have blamed it.

Quote:

Originally Posted by kh99

(including the answer to the hv question, if that option was turned on)

So it is possible?

That would be nice. We were hit by something like XRumer and several hundreds of accounts were added.

For years we have relied om questions/answers. When we were hit I switched to reCaptcha, which didn't slow them down in the slightest. Then I deleted the easiest questions (but not all) and added some new ones.

That solved the problem for now, but if Spambot Stopper could tell us which questions are being answered correctly -- before rejecting the bots -- we could stay one step ahead of the spammers.

[kh99]

Well, I'm not sure when or if I'll get around to updating this. Now that I think about it I don't think the vb3 version is even up to date with the vb4 version. But in case this helps, a while back I wanted to know the same thing. I was wondering if spammers were registering by making many guesses of the questions or if they somehow knew the answers. So I found the section of code that checked the answer, and I edited the file and put in code to write information to a log file. But I guess you have to be able to do at least basic php programming to do that.

I'm going to think about that. Maybe it's possible to make a simple mod for that that wouldn't require file edits.

[Prune Danish]

Quote:

Originally Posted by kh99

So I found the section of code that checked the answer, and I edited the file and put in code to write information to a log file. But I guess you have to be able to do at least basic php programming to do that.

Great minds think alike. I did just that.

In the hook named "register_start / Check Elapsed Time" I added the following code after "$email = kh99_sbs_fix_string($vbulletin->GPC['email']);"

Code:

           $answer = $_REQUEST['humanverify']['input'];          
           $hash   = $_REQUEST['humanverify']['hash'];

           $questionx = $db->query_first("
				SELECT answer
				FROM " . TABLE_PREFIX . "humanverify
				WHERE hash = '" . $db->escape_string($hash) . "'");
         
           $question_num = $questionx['answer'];

           $fd = fopen ($_SERVER["DOCUMENT_ROOT"]."/<some-path>/<some-file>", "a");
           if ($fd) {
           		$ipaddr = $_SERVER["REMOTE_ADDR"];
           		fwrite ($fd, date("r")." $ipaddr $username $email \n");
           		fwrite ($fd, "\t\t Question number $question_num: $answer  \n");
           		fclose ($fd);
           		}

Just alter "<some-path>" and "<some-file">" to proper names.

Thanks for the inspiration. I gave Spambot Stopper an "Excellent" vote. It's a good product and an excellent inspiration.

[kh99]

Thanks, glad you figured it out.

And just to be clear, I didn't mean to imply that you didn't know php programming, but of course not everyone does so I didn't want to assume that you'd be able to do it yourself.

[Prune Danish]

Quote:

Originally Posted by kh99

I was wondering if spammers were registering by making many guesses of the questions or if they somehow knew the answers.

Wow. Within 10 minutes I have had 5 "visits" Each made 4 attempts but did not supply an answer.

[Prune Danish]

Quote:

Originally Posted by kh99

And just to be clear, I didn't mean to imply that you didn't know php programming, but of course not everyone does so I didn't want to assume that you'd be able to do it yourself.

No, that's fine. I've coded some php, but this is the first time I've touched a hook. It did take several tries.