Trying to prevent registration abuse...

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
globetrotting
Registered User
Posts: 217
Joined: Thu Jan 15, 2004 8:14 pm
Location: globetrotting
Contact:

Die, you spammer

Post by globetrotting »

Thanks a lot for the explanation, Sander Marechal! :)
That really sounds easy, although I'm not yet able to understand everything I would be modifying there.

I have been reading another, much more complicated and less well explained option in another thread here: http://www.phpbb.com/phpBB/viewtopic.php?p=1258520 .
Before trying to modify my script, I'd like to point the attention of some cracks there to your proposition here and listen, what they say (I'm travelling with a small computer, have no local testserver and if something goes wrong, i'm &%$§! ).

Thanks again :)
Das Sein ändert das Bewußtsein
sander marechal
Registered User
Posts: 66
Joined: Sun Feb 15, 2004 8:45 pm
Location: The Netherlands
Contact:

Post by sander marechal »

The modification I made is easy to understand. I added an extra variable to the registration form. If that variable is not there when you process a new registration then it must be a spambot (because spambots work with the default registation form without the extra variable).

I also checked the link you posted and it's similar to what I did. They just check the website given by the new member instead of an extra variable. There's an upside and a downside to either method:
  • My scripts still allows genuine people to register with a website. Their method disallows that (inconvenient), but you can still change the website when editing your profile later on.
  • Their method will also deter real people signing up to just to get their URL in the memberlist. My method only stops the bots from registering.
So you see, just pick whatever suits you best.
sander marechal
Registered User
Posts: 66
Joined: Sun Feb 15, 2004 8:45 pm
Location: The Netherlands
Contact:

Post by sander marechal »

Note: The above code contained an error that is now fixed. Darned me for modding by board to such an extent I cannot even copy/paste code from it anymore...
PK Barbie Doll
Registered User
Posts: 71
Joined: Sun Sep 01, 2002 5:22 pm
Location: Uncharted Territories
Contact:

Post by PK Barbie Doll »

sander marechal wrote: Hehe, I just found an even easier way in another thread on this forum. Open up your profile_add_body.tpl and add the following on line 3 (just below the <form> command):

Code: Select all

<input type="hidden" name="mysecretvar" value="1">
Next, open up includes/usercp_register.php and find this bit around line 255:

Code: Select all

	$passwd_sql = '';
	if ( $mode == 'editprofile' )
	{
		if ( $user_id != $userdata['user_id'] )
		{
			$error = TRUE;
			$error_msg .= ( ( isset($error_msg) ) ? '<br />' : '' ) . $lang['Wrong_Profile'];
		}
	}
	else if ( $mode == 'register' )
	{
Just below that, add these lines:

Code: Select all

	//First, weed out any remote register scripts. Easily identifyable since they have no mysecretvar set
	if( !isset($_POST['mysecretvar']) )
	{
		message_die(GENERAL_ERROR, 'Die, you spammer >:( ');
	}
You can replace 'mysecretvar' for another variable name if you want to.


you rule the pit! thanks :)
Shof515
Registered User
Posts: 1169
Joined: Wed Mar 19, 2003 4:36 am

Re: Trying to prevent registration abuse...

Post by Shof515 »

tk-123 wrote: (I'm running phpBB 2.0.3, by the way)

it mightt help to upgrade to 2.0.10
Whos missing up my sig?
firlefanz
Registered User
Posts: 81
Joined: Tue May 04, 2004 9:16 am
Contact:

Post by firlefanz »

Hello,

I would like to say Thanks to sander marechal, I found this thread searching for the spam registering bots and I installed your solution posted here three days ago, since then no spam bot in view!

Thanks, it seems to help.
Firle
User avatar
globetrotting
Registered User
Posts: 217
Joined: Thu Jan 15, 2004 8:14 pm
Location: globetrotting
Contact:

Spammer died

Post by globetrotting »

firlefanz wrote: ... I installed your solution posted here three days ago, since then no spam bot in view!


Same here since 5 days now! :)
(Although I changed the message's text as I was afraid of the spammer's revenge.)

Thanks a lot, sander marechal - the more, as the "patch" was really easy and quick to set in place!

MArtin
Das Sein ändert das Bewußtsein
sander marechal
Registered User
Posts: 66
Joined: Sun Feb 15, 2004 8:45 pm
Location: The Netherlands
Contact:

Post by sander marechal »

Your welcome :)

Just remember that it doesn't stop all bots or human spammers. It stop 99% of it though. If that's not enough then try this: http://www.phpbb.com/phpBB/viewtopic.php?p=1258520
firlefanz
Registered User
Posts: 81
Joined: Tue May 04, 2004 9:16 am
Contact:

Post by firlefanz »

HI!

Either I did something wrong or the changes keeping spam bots away are TOO good.

A new user registered and my forum send an email to activate.
When clicking on the link he gets the following error from my board:
Could not obtain user information

DEBUG MODE

SQL Error : 1054 Unknown column 'user_newpasswd' in 'field list'

SELECT user_active, user_id, username, user_email, user_newpasswd, user_lang, user_actkey FROM phpbb_users WHERE user_id = 15

Line : 35
File : /www/htdocs/v094823/phpBB2/includes/usercp_activate.php


I have some other mods installed like Country flags, and a ranking system, but until now this worked. Could somebody give me a clue what went wrong?

Thanks a lot!
Firle
firlefanz
Registered User
Posts: 81
Joined: Tue May 04, 2004 9:16 am
Contact:

Post by firlefanz »

I think I found the problem, I inserted a new column user_newpasswd into my users table. Seems to be working again, thanks.

Firle
gulfstream
Registered User
Posts: 20
Joined: Sat Dec 06, 2003 6:22 am
Contact:

Testing?

Post by gulfstream »

sander marechal wrote: The modification I made is easy to understand. I added an extra variable to the registration form. If that variable is not there when you process a new registration then it must be a spambot (because spambots work with the default registation form without the extra variable).

I also checked the link you posted and it's similar to what I did. They just check the website given by the new member instead of an extra variable. There's an upside and a downside to either method:
  • My scripts still allows genuine people to register with a website. Their method disallows that (inconvenient), but you can still change the website when editing your profile later on.
  • Their method will also deter real people signing up to just to get their URL in the memberlist. My method only stops the bots from registering.
So you see, just pick whatever suits you best.


Very cool. Thanks. I've been getting pounded by bogus registrations, most with Russian urls in the profile websites. I'm assuming they are bot generated. Anyway to test to see if the modifications work? How do you simulate a bot attempt?

Rock on! 8)
User avatar
globetrotting
Registered User
Posts: 217
Joined: Thu Jan 15, 2004 8:14 pm
Location: globetrotting
Contact:

It works for me! :)

Post by globetrotting »

Hi guys,

after 4 weeks of running this mod, i can say, that it works great for me: No spam-user (with .ru) since! :!:

Very grateful, thx a lot! :)
Das Sein ändert das Bewußtsein
lucraft
Registered User
Posts: 9
Joined: Sun Nov 21, 2004 2:57 pm
Contact:

Thank you

Post by lucraft »

I too have been suffering with the idiot from boom.ru.

I've applied the patch, now hoping for some piece and quiet.
User avatar
Gideon5L2F
Registered User
Posts: 242
Joined: Thu Oct 09, 2003 6:33 pm
Location: New Zealand
Contact:

Well I done the changes.

Post by Gideon5L2F »

Well I done the changes as recommended. Nothing spectacular happened. Nothing blew up. 8O Should know within a few days if its going to work. Will come back and let yez know. :)
ymmotrojam
Registered User
Posts: 279
Joined: Thu Oct 07, 2004 10:10 pm

Re: Trying to prevent registration abuse...

Post by ymmotrojam »

tk-123 wrote: I'm running phpBB 2.0.3, by the way

I didn't read all of this thread, but I would definitely recommend upgrading to the latest version of phpbb, which is 2.0.11, and then applying any mods to rememdy the situation. Just upgrading by itself has it's own security advantages.
Locked

Return to “2.0.x Discussion”