Anti-Spam Options - Is Bot: Registration Time Check

This mod calculates the time it takes to go between these two pages:

• /forum/register.php?do=register
• /forum/register.php?do=addmember

The point is to try and prevent bots from registering at your forum when the time between the two pages is humanly impossible, assuming that humans actually take the time to complete the registration page.

Should a user be blocked from registering at your forum, an email will be sent to your vB webmasteremail address and the user will see the vB noregister phrase message, so no screenshot is necessary.

[Max Taxable]

Quote:

Originally Posted by toneloc

I installed this plugin 24hrs ago, right after installing vbstopforumspam and enabled it. I can see on vbstopforumspams log that they blocked 367 users so far, but I haven't received a single email about Is bot blocking any spam.

Spam is being blocked, so I'm happy about that. I just don't know if Is Bot is working on my boards.

Any other way to check?

Thanks

This solution was updated with more features...

https://vborg.vbsupport.ru/showthread.php?t=289463

[Lynne]

Quote:

Originally Posted by sv1cec

Back in the days of vB 3.0.xx when I first dealt with vB, purchased my first license and started my first site, I spend quite some time to learn php and vB's coding scheme. Seeing the various things that could be improved in the code, and after years of work, I've ended up with a heavily patched version of vB, which included a mod I published in here, called AWS (for Advanced Warning System). That mod included a number of anti-spam traps, a time limit for the registration process (just like this mod), comparison between the country entered by the member vs the location indicated by his IP address, comparison of the time zone he entered with the time zone of the country indicated by his IP address etc.

So vB knows about these things, since version 3.0. Why they do not bother to include them in their software?

The obvious answer is, because they do not care.

That may be an obvious answer to you, but it is wrong. As soon a vB includes something like this in the default software, the spammers will just catch on and change their scripts to 'break' this. Spam is better dealt with through the many different modifications around.

[sv1cec]

Really?

That's a pretty lame excuse considering what the user experience is, as expressed in this thread.

Let's see what Jelsoft could add to vB, which won't be breakable by spammers.

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration.
- Checking of validity of email address. Not very efficient but it still traps spammers.
- Matching of entered Country with IP address Geolocation information. The ability to exclude some countries would be also welcome.
- Matching of entered Time Zone with the Time Zones of the country derived from the IP address?
- Check of registering IP address against known spammers IP addresses such as spamhaus.org or sorbs.net etc.

Care to tell me how a spammer would break through a spamhaus.org check?

One more thing: if Jelsoft thinks that an anti-spam strategy should include as many traps as possible (and I agree on that), how come it only offers one of Image Verification, Question & Answer Verification and reCAPTCHA™? Why not all? Let the admins select as many as they like.

[Max Taxable]

Quote:

Originally Posted by sv1cec

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration..

Sure they will. Using the automated programs like XRumer and literally thousands of botnet zombie computers, programming a 60 second stall between filling out the form and clicking "submit" won't be all that difficult and really, won't hurt spamming efficiency. It hasn't happened yet because time checks such as this - which have been around in one form or another for years - just haven't been in widespread use.

If vBulletin or any major message board software has this time check in its native code, it won't be long at all before the botnet administrators start programming a delay into their systems.

[sv1cec]

That's exactly the point. More, many more options to trap spammers. Not just one, several. And of various intelligence. Of different nature. Selectable by the admin with various courses of action. Instead of spending time integrating social networks, I would have preferred more and more secure antispam options.

Of course, that's a personal opinion and as we know each one has his own.

[Max Taxable]

Quote:

Originally Posted by sv1cec

That's exactly the point. More, many more options to trap spammers. Not just one, several. And of various intelligence. Of different nature. Selectable by the admin with various courses of action. Instead of spending time integrating social networks, I would have preferred more and more secure antispam options.

Of course, that's a personal opinion and as we know each one has his own.

Can never have too many rounds in the anti-spam magazine, that is for sure.

[BirdOPrey5]

Quote:

Originally Posted by sv1cec

Really?

That's a pretty lame excuse considering what the user experience is, as expressed in this thread.

Let's see what Jelsoft could add to vB, which won't be breakable by spammers.

- Time limit registration option (like "Is Bot")? A spammer doesn't know the limit I've set, so they can't fight that. And their scripts are tailored for speed, they won't wait 1 minute per registration.
- Checking of validity of email address. Not very efficient but it still traps spammers.
- Matching of entered Country with IP address Geolocation information. The ability to exclude some countries would be also welcome.
- Matching of entered Time Zone with the Time Zones of the country derived from the IP address?
- Check of registering IP address against known spammers IP addresses such as spamhaus.org or sorbs.net etc.

Care to tell me how a spammer would break through a spamhaus.org check?

One more thing: if Jelsoft thinks that an anti-spam strategy should include as many traps as possible (and I agree on that), how come it only offers one of Image Verification, Question & Answer Verification and reCAPTCHA?? Why not all? Let the admins select as many as they like.

1) Jelsoft hasn't been the owner/publisher of VB in years
2) Time plays no real factor in registration because they can hit multiple boards at once... Whether it takes 10 seconds to register or 60 on any one site is no big deal. So long as they set their delay equal to a human it is easily defeated
3) Again it would be minor edits to make sure timezone, location and IP match- the only reason these checks may work is because they are rare

[sv1cec]

Quote:

Originally Posted by Max Taxable

Can never have too many rounds in the anti-spam magazine, that is for sure.

You got that right my friend.

Quote:

Originally Posted by BirdOPrey5

1) Jelsoft hasn't been the owner/publisher of VB in years

You are right, I just learned that so I have to apologize for my mistake.

Quote:

Originally Posted by BirdOPrey5

2) Time plays no real factor in registration because they can hit multiple boards at once... Whether it takes 10 seconds to register or 60 on any one site is no big deal. So long as they set their delay equal to a human it is easily defeated

Indeed, but that is only if they know that this antispam measure is in effect in the site they visit. If they do it for every site their bot visits, their productivity goes down.

Quote:

Originally Posted by BirdOPrey5

3) Again it would be minor edits to make sure timezone, location and IP match- the only reason these checks may work is because they are rare

Of course, but if the admin has the option to permanently ban countries or IP ranges, that could limit his exposure. I've banned whole C-class addresses from China, I do not expect my site to have Chinese members, so I do not care. If that makes my site more secure for my membership, I have no problem doing it.

That's the reason I said in a previous comment, that the admin should have statistics from such add-ons. I add every IP that gets banned from my site, in a table in the database and I have a small program to get statistics from this log. I then enter the appropriate addresses in the ban IPs list.

Each one of the above measures I suggested, by itself, may have a minor effect on the number of spammers you avoid, all of them (or some of them) together can make a significant difference.

[sv1cec]

OK folks, for those who want to automatically enter the spam bot IP address in their banned IPs list, here is a version of the plug-in that should do it for you. It's been tested on vBulletin 4.2, I am not sure if it will work on previous versions.

----- code section ------
$vbulletin->input->clean_array_gpc('p', array(
'isbot_time1' => TYPE_UINT
));

$ipaddress = IPADDRESS;

if ($vbulletin->GPC['username'] && $vbulletin->GPC['email'])
{
$isbot_time1 = $vbulletin->GPC['isbot_time1'];
$isbot_time2 = TIMENOW;
$isbot_timediff = intval($isbot_time2 - $isbot_time1);


if ($isbot_timediff <= 15) // difference in seconds
{
$isbot_username = htmlspecialchars_uni($vbulletin->GPC['username']);
$isbot_email = htmlspecialchars_uni($vbulletin->GPC['email']);

$isbot_subject = $vbphrase['isbot_user_blocked_from_registering'];
$isbot_message = $vbphrase['isbot_the_following_name_email_blocked']
. '
User Name : ' . $isbot_username . '
Email : ' . $isbot_email . '
Time to fill registration form : ' . $isbot_timediff . ' ' . $vbphrase['isbot_seconds_transpired'] . '
IP Address : ' . $ipaddress . ' ';

vbmail($vbulletin->options['webmasteremail'], $isbot_subject, $isbot_message, true);

if ($vbulletin->options['enablebanning'] == 1 AND $vbulletin->options['banip'] = trim($vbulletin->options['banip']))
{
$banned = $ipaddress . " " . $vbulletin->options['banip'];
$db->query_write("UPDATE " . TABLE_PREFIX . "setting SET value = '" . $banned . "' where varname='banip'");
require_once(DIR . '/includes/adminfunctions.php');
build_options();
}

eval(standard_error(fetch_error('noregister')));
}
}
-------------

Copy the above code and enter it in AdminCP/Plug-in Manager/Is Bot. Just click on Edit next to the "register_addmember_process", highlight the Plugin PHP code and paste the above code in there. Click on "Save and Reload" and you are done.

To verify it's working, next time you receive an email from this plugin, compare the IP shown in the email you got, with the IPs in your banned IPs list. The newly banned IP is entered in the beginning of the list, so it should be easy to spot.

My Christmas gift to you guys.

[makaiguy]

Still using the same IsBot I installed in 2008. Recently updated the board to vB 3.8.7 PL2 and wanted to check if IsBot works in this version. Un-remmed the line that sends the email. Received 5 emails of blocked registrations in under 4 minutes, and then remmed out the email line again.

So it's confirmed that IsBot 1.0 works with vB 3.8.7.