Page 30 of 40

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Tue Jul 28, 2009 11:59 pm
by Agent F
I'm having a problem with a guest board. Bots like to post a lot of links and for my users' security, I've disabled BBCode for Guests. Unfortunately, URLs are automatically parsing so links not posted in BBcode are still being displayed. Any suggestions or know of a way to fix auto-URL parsing for Guests?

Example:

Code: Select all

[url=www.google.com]Google[/url]
doesn't work, but the below does.

Code: Select all

www.google.com

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Fri Jul 31, 2009 1:14 am
by TerryE
I've just backed out using custom fields. We used to use drop-downs for users to record their host OS and product version, but the bots now just contain code to process these custom selections and make a random pick for each field. This is enough to counter the use of custom fields as anti-bot deterrents. Also, they are a pain to maintain because you can't easily insert new entries mid-list.

Independent Qs such as entering the current product version (which is obtainable from the download site) is a far more potent defence. These will defeat robots and deter spurious manual registrations. I use my own custom code, but there are a few standard mods which support this feature.

Now that we've done this, we've also dropped back to the old non-GD captcha. The current GD algo is just far too complicated for people with the slightest visual impairments (such as colour blindness), and we get far too many emails to the admins as a consequence.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Fri Jul 31, 2009 2:22 am
by narqelion
TerryE wrote:I've just backed out using custom fields.
I've never used them as anti-spam registration fields, only as profile fields.
TerryE wrote:Independent Qs such as ...
My own challenge response via the email registration process has worked beautifully for me, since it is an atypical approach I think it will be effective much longer than the more common implementations.
TerryE wrote:Now that we've done this, we've also dropped back to the old non-GD captcha.
I disabled it completely, I found it stopped more legitimate human registrants than bots. :lol:

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Fri Jul 31, 2009 4:40 am
by Seraphic
I was hit hard with bots on my old 3.0.4 forum. Almost complete with my new 3.0.5 which includes custom profiles. One simple drop down yes or no, while the other is a code box with ten different options. Also lowed the allowed number of registration attempts to three. That should keep them at bay for awhile (well maybe). Might also have to set account activation to admin if worst comes to worst.
Seraphic wrote:So when using custom profiles to add a dropdown box for registration, why is using more then two options considered easier then just two? Wouldn't using say five options be harder then just two for a bot?
Posted this before and was interested on thoughts

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Fri Jul 31, 2009 5:36 am
by Agent F
Using a drop-down box only allows 1 wrong answer, so the more options you're adding, the more correct options there are. It doesn't do any better to add more Yes answers than one. With a number field, you can specify the range of correct answers. If you only want one, set the lowest and highest allowed number to be the same.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Sat Aug 01, 2009 10:01 am
by alanbenjy
Can I limit all registrants to say .co.uk and .eu email addresses?

Stupid Question for you

Posted: Sun Aug 02, 2009 9:26 pm
by pixelpadre
I did the drop down thing for anti spam with yes no.

Heres the stupid question.........

Why won't the registration process accept yes from the drop down menu? Nobody elaborated on that fine point.

I'd like to know just in case I do some other custom profile questions, like..... are you over the age of 18 for example.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Mon Aug 03, 2009 3:17 pm
by TerryE
Seraphic wrote:Wouldn't using say five options be harder then just two for a bot?
?? This is just a case of for (i=0;i<n;I++) ... with n = 5 instead of two. Once you can parse the select tag in the form, picking random choices is easy. Getting a robot to answer Qs like "What is President Obama's Christian name?" or "Please enter the current version number of our product?" is a little more of a challenge.

Re: Stupid Question for you

Posted: Tue Aug 04, 2009 7:30 am
by Mick
pixelpadre wrote:Why won't the registration process accept yes from the drop down menu? Nobody elaborated on that fine point
The settings for the "profile type specific options" are as follows.

Note you are rejecting the default value - so if more than two choices are provided you will have made it easier rather than harder to pass.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Wed Aug 05, 2009 10:22 am
by pixelpadre
That answer doesnt help me. I read it too but it doesnt explain how the default value is rejected or why the default value is rejected.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Wed Aug 05, 2009 10:36 am
by JimA
pixelpadre wrote:That answer doesnt help me. I read it too but it doesnt explain how the default value is rejected or why the default value is rejected.
Because this is against spambots, and spambots usually just pick the default answer. So by rejecting the default answer, you can loose lots of bots.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Wed Aug 05, 2009 11:19 am
by pixelpadre
You are not answering my question.

I know what the purpose is.

My question is a technical reason why the default value is not accepted.

What if I wanted to make sure that the member was over the age of 18 and so i made a custom profile that asks "are you over the age of 18?". If the answer the default value of yes, then they would be rejected?

Are you telling me that the programming is intentionally written to disallow someone from selecting the default values?

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Wed Aug 05, 2009 11:31 am
by JimA
In your case you would set the default answer to "No".

Then the users would need to change it to Yes themselves, and then you know that they have changed the box themselves to show you that they're over 18. And not that they, if the default answer was Yes, just left it as it was and might give you the wrong answer.

This is just the way it's build, and will only work if the field is required.

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Wed Aug 05, 2009 2:47 pm
by pixelpadre
You are still avoiding my question Jim.

Are you telling me that the programming is intentionally written to disallow someone from selecting the default values? Soley 100% for the purpose of avoiding spam?

Re: Preventing Spam in 3.0 [*Read First Post*]

Posted: Thu Aug 06, 2009 7:08 am
by onehundredandtwo
pixelpadre wrote:Soley 100% for the purpose of avoiding spam?
Umm, not necessarily. A board might not want people under the age of 21 on their board, so they might use Custom Profile Fields. I'm sure many administrators would also use this for other reasons as well.

AND YOU DON'T NEED TO YELL TO GET AN ANSWER!!! If you don't want to use the feature, then don't.