[ABD] Anti-Registration-Spammers

drathbun · Post by **drathbun** » Sat Jan 21, 2006 6:22 pm

I can say that the only registration "spammer" that I've had did everything manually, as far as I can tell. He put the web site link in the location field, which was still available during registration.

I've fixed that too on my current board.

I only show 4 fields during registration: username, password, confirm password, and email. That's it. If any of the other fields are present (website, location, and so on) then the registration data is rejected. Once the user registers, then they can enter location, signature, and so on, but not the website. The website is still protected by the method outlined in this topic.

And yes, I have set the post limit factor as a board configuration option now, so I don't have to edit the code.

Thanks for the feedback.

alosito · Post by **alosito** » Tue Jan 31, 2006 10:44 am

drathbun, great mod! If the thing with the URL field works as it is described, it is exactly what I have been looking for. I installed it today, and I will report if I have any problems.

One thing that I suggest you do is that you edit your original post and inlude the code that reddog provided to make the URL field invisible during the registration. Otherwise, the web site field remains visible and new users don't get it why they can't register if they include their URL during the registration.

drathbun · Post by **drathbun** » Tue Jan 31, 2006 1:47 pm

I have actually changed my registration process so that the only 4 fields available during registration are username, email, password, and confirm password. Nothing else is available, and if anything else (website, location, signature) is filled in the registration attempt is denied. I actually found that someone used their location field to enter spam websites even after I implemented this code.

I have most of it written up, need to install on a clean 2.0.19 board and verify. Thanks for the bump.

Thatbitextra · Post by **Thatbitextra** » Sun May 21, 2006 11:47 am

drathbun: any news if this MOD will work on 2.0.20? It looks exactly like what I need

drathbun · Post by **drathbun** » Mon May 22, 2006 7:48 pm

I keep adding things.

At this rate I'll never get it ready to release...

ezlynx · Post by **ezlynx** » Sat Jun 03, 2006 1:30 am

Hey, thanks so much! I grabbed your "display newest active registered member" part (versus newest registered member). I was looking for it -- and it hit the spot (I had actually stripped the link to the profile, I was so fed up with the crap). Have some other things I need to mess with but this helps bunches. At least someone has to have activated their account to be visible.

Thanks!

Ramon Fincken · Post by **Ramon Fincken** » Sat Jun 03, 2006 11:58 am

nice idea drathbun!

I added this to my public anti spam list !

LVZ · Post by **LVZ** » Mon Jun 12, 2006 10:37 pm

[ Not BETA - 2.0.10 ? - soon to use punBB 1.3 (vaporware?) ]

I went a little further. When I removed the web site URL field from registration, URL spammers were still registering. These had to be 'bots' that could bypass my registration page. So, I made sure that any registration with a URL was AUTOMATICALLY killed by changing two files:

File #1: templates/subSilver/profile_add_body.tpl --- at about line 100, just comment out (or delete) website and location.

Code: Select all

<!--	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />
	  </td>
	</tr>
	<tr> 
	  <td class="row1"><span class="gen">{L_LOCATION}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="location" size="25" maxlength="100" value="{LOCATION}" />
	  </td>
	</tr>
-->

File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):

Code: Select all

	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();

Ramon Fincken · Post by **Ramon Fincken** » Mon Jun 12, 2006 10:52 pm

LVZ,

great job, but I think you might want to take a look at this one :

http://www.phpbb.com/phpBB/viewtopic.php?t=186683

and a whole bunch of lists you you don't have to invent the wheel again

Some lists wrote: English: [FREQUENTLY ASKED] Anti spambot @ phpbbinstallers.com
Dutch: Phpbb.nl's Spambots explanation and a list of mods available
Dutch: Spambots explanation and a list of mods available
English: Phpbb.com's "Anti spam thread"

LVZ · Post by **LVZ** » Mon Jun 12, 2006 11:22 pm

Ramon Fincken wrote: LVZ,

... but I think you might want to take a look at this one :

http://www.phpbb.com/phpBB/viewtopic.php?t=186683

I'll be migrating to punBB 1.3 so I'm not that interested in phpBB mods - just simple quick fixes. But thanks for the link, anyway.

drathbun · Post by **drathbun** » Tue Jun 13, 2006 12:32 am

LVZ wrote: File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):
Code: Select all
	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();

Why do people keep insisting on adding code I already have?

Code: Select all

        if (isset($website) && ($mode == 'register')) 
        { 
                message_die (GENERAL_MESSAGE, 'Registration Attempt Ignored'); 
        }

You can change the message to anything you want. But if the website field has a value during registration (which I know it cannot, since I have removed it from being displayed) then the registration attempt is ignored.

If you change functions_validate, as you suggest, then nobody - ever - can put in a web site. I have my code set up so that after a set number of posts (changable via the ACP) then users can put in a web site. The "fix" you suggest will prevent that altogether.

Which is fine, if that's what you want.

But I consider my solution better for most cases.

I'm struggling a bit with some captcha-type coding, it's not something I've played with much before. I should really "abandon" this MOD because what I'm coming back with is really not an extended version but brand new code, although it includes some of the ideas from this code.

LVZ · Post by **LVZ** » Tue Jun 13, 2006 1:37 am

drathbun wrote: If you change functions_validate, as you suggest, then nobody - ever - can put in a web site.

Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.

drathbun · Post by **drathbun** » Tue Jun 13, 2006 11:36 am

LVZ wrote: Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.

Then here's your solution:

Code: Select all

alter table phpbb_users
drop user_website;

Seriously, if you're not going to allow any websites, then there's no need to do anything other than remove the code. Although If you want to give spammers that attempt to enter a website the virtual finger

then what you have written will do that.

Ramon Fincken · Post by **Ramon Fincken** » Tue Jun 13, 2006 11:46 am

drathbun, will this drop [field] not require a PHP removal of code in the usercp_register.php ?

Rfn

drathbun · Post by **drathbun** » Tue Jun 13, 2006 11:50 am

Sure. It was never really intended to be a serious suggestion.

It would require removal of code from quite a few places, including the file you mentioned along with viewing profiles, viewtopic, memberlist...

So to be clear, please do not take my SQL statement to drop the user website field as a serious suggestion. It was only a joke.

advertisements