[ABD] Anti-Registration-Spammers

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

I can say that the only registration "spammer" that I've had did everything manually, as far as I can tell. He put the web site link in the location field, which was still available during registration.

I've fixed that too on my current board. :-) I only show 4 fields during registration: username, password, confirm password, and email. That's it. If any of the other fields are present (website, location, and so on) then the registration data is rejected. Once the user registers, then they can enter location, signature, and so on, but not the website. The website is still protected by the method outlined in this topic.

And yes, I have set the post limit factor as a board configuration option now, so I don't have to edit the code.

Thanks for the feedback.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
alosito
Registered User
Posts: 42
Joined: Mon Oct 31, 2005 4:58 pm

Post by alosito »

drathbun, great mod! If the thing with the URL field works as it is described, it is exactly what I have been looking for. I installed it today, and I will report if I have any problems.

One thing that I suggest you do is that you edit your original post and inlude the code that reddog provided to make the URL field invisible during the registration. Otherwise, the web site field remains visible and new users don't get it why they can't register if they include their URL during the registration.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

I have actually changed my registration process so that the only 4 fields available during registration are username, email, password, and confirm password. Nothing else is available, and if anything else (website, location, signature) is filled in the registration attempt is denied. I actually found that someone used their location field to enter spam websites even after I implemented this code.

I have most of it written up, need to install on a clean 2.0.19 board and verify. Thanks for the bump.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Thatbitextra
Former Team Member
Posts: 7604
Joined: Mon Mar 21, 2005 5:04 am
Location: A place where something is or could be located; a site.
Contact:

Post by Thatbitextra »

drathbun: any news if this MOD will work on 2.0.20? It looks exactly like what I need :)
Styles KB
My MODs: Choose Who to Accept PMs From (Prevents unwanted PMs!) | Warn of Old Topic Before Posting Reply
Style: subBlack (Now updated to phpBB 2.0.22 and 5 new color schemes!)
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

I keep adding things. :o At this rate I'll never get it ready to release...
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
ezlynx
Registered User
Posts: 81
Joined: Tue Sep 10, 2002 8:34 pm

Post by ezlynx »

Hey, thanks so much! I grabbed your "display newest active registered member" part (versus newest registered member). I was looking for it -- and it hit the spot (I had actually stripped the link to the profile, I was so fed up with the crap). Have some other things I need to mess with but this helps bunches. At least someone has to have activated their account to be visible.

Thanks!
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

nice idea drathbun!

I added this to my public anti spam list !
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
LVZ
Registered User
Posts: 27
Joined: Fri Apr 30, 2004 7:35 pm
Location: Las Vegas
Contact:

Any URL means AUTOMATIC registration kill

Post by LVZ »

[ Not BETA - 2.0.10 ? - soon to use punBB 1.3 (vaporware?) ]

I went a little further. When I removed the web site URL field from registration, URL spammers were still registering. These had to be 'bots' that could bypass my registration page. So, I made sure that any registration with a URL was AUTOMATICALLY killed by changing two files:

File #1: templates/subSilver/profile_add_body.tpl --- at about line 100, just comment out (or delete) website and location.

Code: Select all

<!--	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />
	  </td>
	</tr>
	<tr> 
	  <td class="row1"><span class="gen">{L_LOCATION}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="location" size="25" maxlength="100" value="{LOCATION}" />
	  </td>
	</tr>
-->
File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):

Code: Select all

	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();
Last edited by LVZ on Mon Jun 12, 2006 11:28 pm, edited 5 times in total.
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
LVZ
Registered User
Posts: 27
Joined: Fri Apr 30, 2004 7:35 pm
Location: Las Vegas
Contact:

Post by LVZ »

Ramon Fincken wrote: LVZ,

... but I think you might want to take a look at this one :

http://www.phpbb.com/phpBB/viewtopic.php?t=186683


I'll be migrating to punBB 1.3 so I'm not that interested in phpBB mods - just simple quick fixes. But thanks for the link, anyway.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: Any URL means AUTOMATIC registration kill

Post by drathbun »

LVZ wrote: File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):

Code: Select all

	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();

Why do people keep insisting on adding code I already have?

Code: Select all

        if (isset($website) && ($mode == 'register')) 
        { 
                message_die (GENERAL_MESSAGE, 'Registration Attempt Ignored'); 
        } 
You can change the message to anything you want. But if the website field has a value during registration (which I know it cannot, since I have removed it from being displayed) then the registration attempt is ignored.

If you change functions_validate, as you suggest, then nobody - ever - can put in a web site. I have my code set up so that after a set number of posts (changable via the ACP) then users can put in a web site. The "fix" you suggest will prevent that altogether.

Which is fine, if that's what you want. :-) But I consider my solution better for most cases.

I'm struggling a bit with some captcha-type coding, it's not something I've played with much before. I should really "abandon" this MOD because what I'm coming back with is really not an extended version but brand new code, although it includes some of the ideas from this code.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
LVZ
Registered User
Posts: 27
Joined: Fri Apr 30, 2004 7:35 pm
Location: Las Vegas
Contact:

Re: Any URL means AUTOMATIC registration kill

Post by LVZ »

drathbun wrote: If you change functions_validate, as you suggest, then nobody - ever - can put in a web site.

Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: Any URL means AUTOMATIC registration kill

Post by drathbun »

LVZ wrote: Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.

Then here's your solution:

Code: Select all

alter table phpbb_users
drop user_website;
:-D

Seriously, if you're not going to allow any websites, then there's no need to do anything other than remove the code. Although If you want to give spammers that attempt to enter a website the virtual finger ;-) then what you have written will do that.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken »

drathbun, will this drop [field] not require a PHP removal of code in the usercp_register.php ?

Rfn
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Sure. It was never really intended to be a serious suggestion. :-)

It would require removal of code from quite a few places, including the file you mentioned along with viewing profiles, viewtopic, memberlist...

So to be clear, please do not take my SQL statement to drop the user website field as a serious suggestion. It was only a joke. :shock:
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Locked

Return to “[2.0.x] MODs in Development”