MOD Description: A new tactic for combatting registration bots (spammers), full description and screen shots below
MOD Version: 0.5.0
MOD Download: Download 0.5.0 ALPHA (Zip)
Last Stable version: N/A
Demo Board: http://www.phpbb2mods.com
This MOD incorporates the EZ Registration MOD which truncates the list of fields visible during registration. If you have already installed that MOD (released here) then the install instructions for this MOD need to be adjusted. I will provide notes for how to do that eventually, but they are not present as of this download. This MOD will probably be incompatible with other MODs that use switches to show / hide fields during the registration process.
- released ALPHA 0.5.0
- added download
- updated screenshots
There are a lot of different options already out there to combat registration robots (regbots), and this is yet another. I am in the process of testing it now on a board that gets almost 100% spam registrations. I will consider this a success if I can block most (if not all) of the spammers. If it doesn't work, I will not bother to release this MOD. So why start the topic now? Good question.
Mainly because I wanted to post it for feedback at the moment. I have a blog as well as several phpbb boards. My blog was getting hammered by comment spammers, and over time I developed what seems to be an effective way to combat the comment bots. At first I added a simple checkbox that says "Please click the checkbox to confirm your comment" and that worked for quite a few bots, but I still got a lot of spam posted. Then I added four checkboxes, and marked one of them as the "validation" checkbox. I still got a lot of spam. Then I thought to actually check the status of the checkboxes, and learned something very interesting.
The comment bots did one of two things. They either ignored the checkboxes entirely, or they marked them all. It makes sense, when you think about it. The bot-writer would not know about the confirmation checkbox since it was custom code of my own. So they ignore it. Or the bot-writer could be a little more flexible and look for checkboxes and simply mark them, ensuring that everything on the form is filled out. But only very rarely did a bot have the smarts (or perhaps it was a human) to mark exactly one checkbox out of a set of four. To make life more interesting, the "valid" checkbox position changes randomly from one comment to another.
Long story short: I have converted this into a reg-bot stopper for phpBB. During the registration process a user sees only four fields: username, email address, password, and password confirmation. Under those fields are a number of checkboxes. The exact number of checkboxes is determined by an ACP (Admin Control Panel) entry. Even the names of the checkboxes on the form are controlled by the ACP. The way you mark the "valid" checkbox is settable on the ACP. And finally, I am considered (but have not implemented) a banning step.
ACP for 0.5.0
Registration Screen for 0.5.0
Temporary Ban (new in 0.5.0)
This MOD is fairly simple to install. I have it installed on one board right now, and will be adding it to two others over the weekend. If testing seems to indicate that this is working, I will go through the full release process here. If testing seems to indicate that it's not as bot-proof as I hope, then I probably won't bother.
This will be for phpBB2 only to start with.
Comments, feature requests, or suggestions cheerfully accepted at this time.