Page 2 of 3

Posted: Sat Jan 21, 2006 6:22 pm
by drathbun
I can say that the only registration "spammer" that I've had did everything manually, as far as I can tell. He put the web site link in the location field, which was still available during registration.

I've fixed that too on my current board. :-) I only show 4 fields during registration: username, password, confirm password, and email. That's it. If any of the other fields are present (website, location, and so on) then the registration data is rejected. Once the user registers, then they can enter location, signature, and so on, but not the website. The website is still protected by the method outlined in this topic.

And yes, I have set the post limit factor as a board configuration option now, so I don't have to edit the code.

Thanks for the feedback.

Posted: Tue Jan 31, 2006 10:44 am
by alosito
drathbun, great mod! If the thing with the URL field works as it is described, it is exactly what I have been looking for. I installed it today, and I will report if I have any problems.

One thing that I suggest you do is that you edit your original post and inlude the code that reddog provided to make the URL field invisible during the registration. Otherwise, the web site field remains visible and new users don't get it why they can't register if they include their URL during the registration.

Posted: Tue Jan 31, 2006 1:47 pm
by drathbun
I have actually changed my registration process so that the only 4 fields available during registration are username, email, password, and confirm password. Nothing else is available, and if anything else (website, location, signature) is filled in the registration attempt is denied. I actually found that someone used their location field to enter spam websites even after I implemented this code.

I have most of it written up, need to install on a clean 2.0.19 board and verify. Thanks for the bump.

Posted: Sun May 21, 2006 11:47 am
by Thatbitextra
drathbun: any news if this MOD will work on 2.0.20? It looks exactly like what I need :)

Posted: Mon May 22, 2006 7:48 pm
by drathbun
I keep adding things. :o At this rate I'll never get it ready to release...

Posted: Sat Jun 03, 2006 1:30 am
by ezlynx
Hey, thanks so much! I grabbed your "display newest active registered member" part (versus newest registered member). I was looking for it -- and it hit the spot (I had actually stripped the link to the profile, I was so fed up with the crap). Have some other things I need to mess with but this helps bunches. At least someone has to have activated their account to be visible.

Thanks!

Posted: Sat Jun 03, 2006 11:58 am
by Ramon Fincken
nice idea drathbun!

I added this to my public anti spam list !

Any URL means AUTOMATIC registration kill

Posted: Mon Jun 12, 2006 10:37 pm
by LVZ
[ Not BETA - 2.0.10 ? - soon to use punBB 1.3 (vaporware?) ]

I went a little further. When I removed the web site URL field from registration, URL spammers were still registering. These had to be 'bots' that could bypass my registration page. So, I made sure that any registration with a URL was AUTOMATICALLY killed by changing two files:

File #1: templates/subSilver/profile_add_body.tpl --- at about line 100, just comment out (or delete) website and location.

Code: Select all

<!--	<tr> 
	  <td class="row1"><span class="gen">{L_WEBSITE}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="website" size="25" maxlength="255" value="{WEBSITE}" />
	  </td>
	</tr>
	<tr> 
	  <td class="row1"><span class="gen">{L_LOCATION}:</span></td>
	  <td class="row2"> 
		<input type="text" class="post"style="width: 200px"  name="location" size="25" maxlength="100" value="{LOCATION}" />
	  </td>
	</tr>
-->
File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):

Code: Select all

	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();

Posted: Mon Jun 12, 2006 10:52 pm
by Ramon Fincken

Posted: Mon Jun 12, 2006 11:22 pm
by LVZ
Ramon Fincken wrote: LVZ,

... but I think you might want to take a look at this one :

http://www.phpbb.com/phpBB/viewtopic.php?t=186683


I'll be migrating to punBB 1.3 so I'm not that interested in phpBB mods - just simple quick fixes. But thanks for the link, anyway.

Re: Any URL means AUTOMATIC registration kill

Posted: Tue Jun 13, 2006 12:32 am
by drathbun
LVZ wrote: File #2: includes/functions_validate.php --- about line 190, insert this kill code (start at echo):

Code: Select all

	if ($website != "")
	{
            echo "DIE, SPAMMER, DIE !!!\r\n";
            $website = 'spammer - no URL website addresses allowed';
            mysql_close(); ob_clean(); exit();

Why do people keep insisting on adding code I already have?

Code: Select all

        if (isset($website) && ($mode == 'register')) 
        { 
                message_die (GENERAL_MESSAGE, 'Registration Attempt Ignored'); 
        } 
You can change the message to anything you want. But if the website field has a value during registration (which I know it cannot, since I have removed it from being displayed) then the registration attempt is ignored.

If you change functions_validate, as you suggest, then nobody - ever - can put in a web site. I have my code set up so that after a set number of posts (changable via the ACP) then users can put in a web site. The "fix" you suggest will prevent that altogether.

Which is fine, if that's what you want. :-) But I consider my solution better for most cases.

I'm struggling a bit with some captcha-type coding, it's not something I've played with much before. I should really "abandon" this MOD because what I'm coming back with is really not an extended version but brand new code, although it includes some of the ideas from this code.

Re: Any URL means AUTOMATIC registration kill

Posted: Tue Jun 13, 2006 1:37 am
by LVZ
drathbun wrote: If you change functions_validate, as you suggest, then nobody - ever - can put in a web site.

Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.

Re: Any URL means AUTOMATIC registration kill

Posted: Tue Jun 13, 2006 11:36 am
by drathbun
LVZ wrote: Yes, no URLs - the simplest solution for my forums. I don't need anything more complicated.

Then here's your solution:

Code: Select all

alter table phpbb_users
drop user_website;
:-D

Seriously, if you're not going to allow any websites, then there's no need to do anything other than remove the code. Although If you want to give spammers that attempt to enter a website the virtual finger ;-) then what you have written will do that.

Posted: Tue Jun 13, 2006 11:46 am
by Ramon Fincken
drathbun, will this drop [field] not require a PHP removal of code in the usercp_register.php ?

Rfn

Posted: Tue Jun 13, 2006 11:50 am
by drathbun
Sure. It was never really intended to be a serious suggestion. :-)

It would require removal of code from quite a few places, including the file you mentioned along with viewing profiles, viewtopic, memberlist...

So to be clear, please do not take my SQL statement to drop the user website field as a serious suggestion. It was only a joke. :shock: