Fight the spam registration bots!

[spamper]

I think I found a way to defeat spammers. I posted the MOD in MOD in Development. See my signature.

[espicom]

Retaliation is useless, unless you're a law enforcement professional and can get them charged and convicted with crimes. Anything you might do otherwise simply infuriates them, and makes you a target. They've got over 5 million proxies at their disposal to take your site off-line, should they want to.

[rugbyman2000]

Hi guys

I am an admin of an animal rescue public adoption forum (http://www.forgottenfriend.org/forum). Admittedly I am not the best forum admin from a technical standpoint, but this patch sounds like it would be perfect to stop the spam bots from registering on our forums. I probably delete 5-10 spam registrations a day and it gets really annoying! It is especially bad to have porn links, etc show up on the memberlist before I delete them (even though the accounts aren't activated they still show up on the memberlist in the mean time).

Here is my question: Where exactly do I copy and paste the code? Sorry it is such a juvenile question, but my background is a lot more with animals than it is with computers Thanks anyone for your help if you can give me the step-by-step on where I copy and paste the code text.

THANKS!
Jesse
Forgotten Friend Reptile Sanctuary
http://www.forgottenfriend.org

[espicom]

Detailed instructions are available in the MOD section:

ConfusaBOT Lite
ConfusaBOT ACP

The difference is that the "Lite" version requires you to edit your constants.php file to change the variables, while the ACP version gives you a place to change them in the Admin Control Panel.

But a better option for "simple" is something like the VIP MOD; a link to it can be found in the Preventing SPAM - Bots and Humans topic. Replacing the Visual Confirmation image generator is also relatively simple, and puts an end to most BOT registrations.

[sjj1805]

This post appeared on a user board which I am a moderator.

Hi
Somebody here know about XRumer autosubmitter?
Give me some info or link to description.... thanks.

Also, do you know when XRumer 4.0 Platinum Edition will be released?

P.S. Sorry for my post in "Pocket Software" folder...

Now this really is taking the biscuit!!
I did a Google Search on this and this is what I found:

XRumer is a software application that automatically posts your messages to forums, guestbooks, bulletin boards and catalogs of the links (as well as into livejournals and wiki). In a word it is an autosubmitter. Currently available version is XRumer 3.0 Gold Edition. More info about updates...
Below are listed main specification and features of XRumer

# Multithreaded submitting: over 50 simultaneously running threads possible! (30 threads are recommended for optimal performance under 128 Kbps bandwidth)
# Software can perform registration at forums (if necessary for posting messages) and automatically fill in the required fields. Upon successful registration XRumer posts the user-specified message and/or links.
# The powerful built-in proxy-server checking script locates available proxy-servers worldwide, choosing anonymous addresses among them.
# Software is able to work with lots of different types of forums and guestbooks: phpBB and PHP-Nuke with any modifications, yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, phorum.org, wiki, different types of bulletin boards and even custom-written code.
# Attention: unique feature – software works around EVERY possible type of protection from automatic registration, including:
- Pictocode protection (tickets, captcha), which look something like: "Enter the number you see in the box". Details...
- E-mail activation protection. Details...
- Java-script protection. Details...
# During the process of posting a detailed log is created with precise path-links to posted messages so that you can check every link and every posted message afterwards.
# A built-in proprietary "Question-answer" system.
# A variations system, using which you can post up to 10000 messages all looking different but with similar contextual meaning and the user-defined hyperlinks in them. It helps to broaden the key queries (for Search Engine optimization) and protect your posts from being filtered out by Search Engines (that is, your posts will be included in SERPs).
# If the forum has more than one category, the software chooses the one most suitable for the message, otherwise it sends the message to off-top, flame sections or the like, and in case those do not exist - to the most visited category on the forum.
# BB-code can be used.
# The following forum base processing tools are included: repeated links deletion, hit descending sort, service denial according to customizable black list, and various filters. The program informs the users about availability of new versions and possesses many other powerful features.

The system is fully user-independent and requires minimum skills to handle: you only need to choose the proper links database, create a message text with one or several hyperlinks and hit the 'Start' button. THAT IS ALL.

XRumer software package includes the Hrefer program and databases with links to more than 102.000 forums. Minimum required system specifications:

Windows 98/2000/XP, 1GHz or faster processor, 256Mb RAM. Price: $450. Purchase...

[karlsemple]

sjj1805this is not new news This bot has been about for a long while now, it is one of the better bots and needs some strong anti spam measures in place to block it, it slices through the standard captcha like a hot knife through butter.

[divisator]

So .. what do you call "strong anti spam measures"? ... Will it be enough to replace the default captcha or do you need something like the calculating captcha were the user has to calculate a very simple result in order to get registered?

[espicom]

Replacing the standard CAPTCHA goes a long way to defeating the bots - anything that changes your board from "standard" makes it more difficult for them. I put the FREECAP image generator in place shortly after it was posted; since then, not one has managed to even attempt to solve the CAPTCHA.

I log all attempts by spammers to get registered, and all but two (which were done manually) were blocked by multiple methods.

"Strong anti spam measures" do not have to be complex to work...

[divisator]

That's true... I've only replaced the agree-variable ...

Before: three a day
After: NONE *cheers*

[lawnmowerman]

Just thinking it can be easily bypassed by simple checking.

Quite true. But the bots in question never bother checking such things. Their first entry into the system is to do an HTTP POST to profile.php, with all the right variables filled in. Only, once you've made this simple mod, they're no longer "all the RIGHT variables", because one is wrong. And, ideally, very few boards will do it the same way, so each board's variation needs to be checked.

Plus, combined with the "Instant Ban" MOD, their first attempt will likely be the last one they can manage from that IP...

Layers of protection... Nothing that can't be picked apart by a human or a more intelligent script on the attacking end, but it raises the cost of doing it, just as putting in User Activation and not displaying inactive member profiles.

hi all im writing this cause i am having numerous spam bots or spam people registering on my forum site i have version 2.0.22 but i still have a problem of getting funny email addresses to register i need to find out how to make my site stable enough to prevent bots and human spammers from registering on site im not very good at programming so if someone can give me some pointers it would help me alot and if you need the url to my forum i can supply you with that so some one can go see if there is a problem somewhere and can be fixed correctly thank you
calvin

[lawnmowerman]

Just thinking it can be easily bypassed by simple checking.

Quite true. But the bots in question never bother checking such things. Their first entry into the system is to do an HTTP POST to profile.php, with all the right variables filled in. Only, once you've made this simple mod, they're no longer "all the RIGHT variables", because one is wrong. And, ideally, very few boards will do it the same way, so each board's variation needs to be checked.

Plus, combined with the "Instant Ban" MOD, their first attempt will likely be the last one they can manage from that IP...

Layers of protection... Nothing that can't be picked apart by a human or a more intelligent script on the attacking end, but it raises the cost of doing it, just as putting in User Activation and not displaying inactive member profiles.

hi all im writing this cause i am having numerous spam bots or spam people registering on my forum site i have version 2.0.22 but i still have a problem of getting funny email addresses to register i need to find out how to make my site stable enough to prevent bots and human spammers from registering on site im not very good at programming so if someone can give me some pointers it would help me alot and if you need the url to my forum i can supply you with that so some one can go see if there is a problem somewhere and can be fixed correctly thank you
calvin

[SANDZ]

Hey Guys, From last couple of months i am just going to control panel and deleting spam registrations manulay. One thing i noticed that all these spams have one common thing in their email. which is word (mail)
some time its joined with other words like freemail or onemail kind of thing.
Isnt it anyway that we can ban this word mail during registrations. so whoever using their emails with word mail it can not be registered.(except hotmail)or any other geniuane mail.
I am sorry if it dosnt make any sence.I am totaly layman there is anything about computer languages.

regards
SANDZ

[stevemaury]

In general, banning is not effective, because it treats the symptoms, not the disease. You want to be at a place where the email address cannot even be submitted. You want to stop registration. Most effective MODs do this. Even InstaBan stops the registration before it bans the IP.

[Lumpy Burgertushie]

at the very least, you have to set registration to "user". you apparently have it set to "none" otherwise they would have to put in a valid email address so they could get the email and click on the link to register.

now, that does not keep them from going in the memberlist, just keeps them from being activated and being able to post.

[johns1124]

Thanks all

I was finally able to stop all bots in their tracks with 3 lines of code. No more bot problems.