Forums | MacLife

JacKTHELioN · 2007-06-23 8:19 pm

Just a quick question. Does anyone else here who runs a forum have a problem with spambots registering on your site and just generally being a nuisance?

I setup a quick and easy php-nuke site for a guild website and at first had no authorization in place in order to register. I was trying to make it super easy for members to get registered to give them one less excuse to get off their lazy butts and onto the site. Big mistake.

We got spam out the wazoo on the forums. So i manually went through, deleted all the offending accounts, banned a bunch of ip's and deleted all the dirty posts. I then set it up so that all new registers had to reply to an email to activate their account. This has stopped most of the spam (well all of it) however I am still occasionally getting registers that don't post but do have weblinks in their profile to inappropriate websites.

Mostly this is just an annoyance and I just periodically go through and delete the offending accounts. What I want to know though is if there is an easy way to stop this altogether short of me manually authorizing each new account registered. Also, did I unleash the wrath of less then wonderful websites by leaving myself so open in the beginning and have now become a target or is this something common?

registered_user · 2007-06-23 10:17 pm

hell yeah, there is.

add a math problem and change the default agreed=true (or whatever it is). The reason for changing the agreed=true is so that the actual registration address is hidden, the math problem is to ensure that only people can get to it.

Try to register at ch54.com and you'll see what I mean. We've had literally zero spam registrations since the system has been in place, and it's a really easy thing to do.

arkayn · 2007-06-23 10:48 pm

I don't think phpbb2 has that option. I wish it did as we get a ton of spammers over at the ATAT forums.

JacKTHELioN · 2007-06-24 4:58 am

registered_user wrote:
hell yeah, there is.

add a math problem and change the default agreed=true (or whatever it is). The reason for changing the agreed=true is so that the actual registration address is hidden, the math problem is to ensure that only people can get to it.

Try to register at ch54.com and you'll see what I mean. We've had literally zero spam registrations since the system has been in place, and it's a really easy thing to do.

well i am registered over there, but it's been forever and a year since i signed up so i can't remember how you've got it set up. suppose i could try registering a new one just to check it out. also if what arkayn says is true i might be sol

registered_user · 2007-06-24 8:07 am

phpbb doesn't have an option you can just click. You have to actually hack it in. Happily, it's a pretty easy hack.

And you don't need to register an account to see it in action. Just go to the registration page and you'll see what it's all about. Once you get to that page, things are unchanged.

Last edited by registered_user (2007-06-24 8:11 am)

Miles · 2007-06-24 12:20 pm

If phpbb did have an option you could just click, it'd be essentially worthless. When it comes to anti-spam measures, obscurity really is the way to go.

JacKTHELioN · 2007-06-24 10:30 pm

well it looks like if you attempt to register from the forums on the website then you get an agreed=true page. this would be awesome except most registers are coming from the main php-nuke page which isn't set up this way. looks like i'm gonna have to figure out how to set one up for the main website. thanks again

TonyPrevite · 2007-06-26 11:23 am

registered_user wrote:
Try to register at ch54.com and you'll see what I mean. We've had literally zero spam registrations since the system has been in place, and it's a really easy thing to do.

Umm, I did, where was the math problem?

Anyway, re-naming that variable is a good idea and I thought of another one to add to it as well. Add a hidden form variable from the preceeding page and only have the reg page display if that variable is set.

Also switching from get variables to post variables will also add to it as well....

Thanks for sparking some ideas Roo wink

Last edited by TonyPrevite (2007-06-26 4:09 pm)

registered_user · 2007-06-26 5:08 pm

oh.. heh... that math problem is in the old default theme...

I'll have to edit it into the current default. The other theme submits to a page that checks the math and redirects to the page with the renamed variable, effectively keeping it super secret.

you can see it here: http://www.henceonline.org/forums/profi … e=register

TonyPrevite · 2007-06-27 4:56 pm

Cool, I didn't do the math problem, but I did change the variable and then disabled the GET array for it, so you can't access the registration page by going straight to it even if one was to figure out the new variable name.

On the agreement page I chucked the link that passed to the GET array and turned it into a form that passes the variable via POST.

So far... 100% effective after 2 days Not foolproof by any means, but it takes something that's expected and known and changes it around enough to deny those pesky submission scripts.

Last edited by TonyPrevite (2007-06-27 4:58 pm)

registered_user · 2007-06-27 6:23 pm

yep. Changing the variable alone isn't enough... they'll sniff it out. But putting it behind a form helps tons.

The reason I did that math is because just changing the variable wasn't 100% effective and I was going through the javascript in my head... I could easily automate a script to get through unless there's a challenge.

So the math problem came to be. To be honest, I didn't come up with changing that variable. matt came up with that, and it's a slick approach.

I'm glad it's working for you.

TonyPrevite · 2007-06-27 6:37 pm

I've got some other thngs in mind if they start up again, it sparked all kinds of ideas smile

Forums | MacLife

#1 2007-06-23 8:19 pm

forums and incessant spambots

#2 2007-06-23 10:17 pm

Re: forums and incessant spambots

#3 2007-06-23 10:48 pm

Re: forums and incessant spambots

#4 2007-06-24 4:58 am

Re: forums and incessant spambots

registered_user wrote:

#5 2007-06-24 8:07 am

Re: forums and incessant spambots

#6 2007-06-24 12:20 pm

Re: forums and incessant spambots

#7 2007-06-24 10:30 pm

Re: forums and incessant spambots

#8 2007-06-26 11:23 am

Re: forums and incessant spambots

registered_user wrote:

#9 2007-06-26 5:08 pm

Re: forums and incessant spambots

#10 2007-06-27 4:56 pm

Re: forums and incessant spambots

#11 2007-06-27 6:23 pm

Re: forums and incessant spambots

#12 2007-06-27 6:37 pm

Re: forums and incessant spambots

Board footer