ric323 wrote:From your descriptoin it is registering like a bot.
i.e. it doesn't matter what fields you hide, it is submitting the registration info directly, so it never sees your regiatration page.
What IP MOD exactly are you using? I suspect it is adding info in what is posted to register, so this technique is simply not providing that info.
I'm less sure how it could bypass the RAC MOD, unless someone has tuned a BOT to answer your question specifically. I also don't know how your 'pick the correct images" MOD works, but there may be a way to bypass it also. Could you post a link to that MOD file?
Well I'm not sure if the "hacks" (aka mods) I installed from these links are the same ones as some of the mods on this board, but from the descriptions they sound like they are.
The log registration IP mod is here:
http://www.phpbbhacks.com/download/2975
And the photo visual confirmation is here:
http://www.phpbbhacks.com/download/7937 (this one uses pics of animals and cars - the registrant has to pick the animals from the cars).
I simply changed the animal and car photos in the mod to something more specific when I installed it. However, less than 3 minutes after I actually installed the mod, one of those bots I have described above got through and managed to register. I can't see how someone would have tuned the bot to bypass that specifically after only 2 minutes, especially when it would have to a) learn which photos always appear and b ) actually be able to recognise which ones are correct.
The photo visual mod seems to have stopped human spammers from registering because they simply don't know the answer, but the bots still get through.
As for the RAC Mod, the question isn't something so straight forward either. It asks "what is maria sharapova's first grand slam title?" - a fan would easily know this, but not a bot and not necessarily a human spammer (incidentally it has also stopped the human spammers too but not the bot in question). Again, while the bot could have been tuned to answer this question specifically (I suppose it is possible that hundreds of spammers know the answer to this question), it shouldn't be able to get through this after just a few minutes of installing again.
So this bot must be designed to get through all these defences somehow.
But of course, one has to ask again: what is the incentive for the bots to keep registering if the website or signature fields never show up and they haven't even filled them in? Are they just registering for the sake of inputting their birthdays? Surely if they can bypass all of these mods then wouldn't they at least post some links in the website and signature fields rather than just filling in their date of birth?
Just to explain further, this is a screenshot of how the profile (myprofile space) of normal users or even human spammers etc would look on my forum:
That is the only way their profiles can appear when they register.
Then this screenshot here is how the profiles appear for those spammers I have been referring to in my posts here so far. It's always exactly the same pattern:
As you can see, the birthday field is always filled in. This causes headaches later because all of these spammers' birthdays appear at the bottom of the forum en masse and the profiles have to be amended each day.
Even if there isn't some mod to stop these spammers, is there some way for the birthdays to not appear at the bottom of the forum for these particular users, but to appear for everyone else who is legitimate?
Oh, and the other thing this bot can do is that it can still have usernames (and all variations of it) that have been specifically disallowed in the ACP.
This is really annoying.
Any help would be appreciated.
