* Will not stop bot-registrations.
* But will stop bots from becoming active.
Then you'll like this one:
the normal activation link is altered. This is the link needed to activate your account.
( Scroll down for examples )
Now when a spambot hits the 'normal' url this will happen:
* account is NOT activated
*admin gets a warning per email
In the email is the ip, the proxy ip, membername and a clickable
link to the members profile..
Installing takes 4 minutes of work.
It will not ask for any database changes..
Make a backup of your files first !
Instructionset:
1.0.2. Instructionset wrote: OPENCode: Select all
usercp_register.php
*******************************
FIND
# You'll have to do this FIND -- AFTER, ADD combination *4* times !!Code: Select all
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey
AFTER, ADDCode: Select all
, 'U_ACTIVATE2' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkey .'&eow='.$user_actkey
*******************************
OPENFINDCode: Select all
includes/usercp_sendpasswd.phpAFTER, ADDCode: Select all
'U_ACTIVATE' => $server_url . '?mode=activate&' . POST_USERS_URL . '=' . $user_id . '&act_key=' . $user_actkeyCode: Select all
.'&eow='.$user_actkey
OPENFINDCode: Select all
languages/lang_english/email/user_welcome_inactive.tplAFTER, ADDCode: Select all
Subject: Welcome to {SITENAME} Forums Charset: iso-8859-1 {WELCOME_MSG}Code: Select all
Warning ! Do not click the first activation link, but scroll down for the correct link.
FINDCode: Select all
{EMAIL_SIG}
AFTER, ADDCode: Select all
Correct link: {U_ACTIVATE2}
OPENFINDCode: Select all
usercp_activate.phpAFTER, ADDCode: Select all
if ( !defined('IN_PHPBB') ) { die('Hacking attempt'); exit; }Code: Select all
// MOD Ramon Fincken // Phpbbinstallers.com // Block normal act_key requests V1.0.2 if( !(isset($HTTP_GET_VARS['eow'])) || ! trim($HTTP_GET_VARS['eow']) === trim($HTTP_GET_VARS['act_key']) ) { // Delete user, or ban... // START settings $admin_email = 'board@board.com'; $html_on = true; // END settings $headers = "From: PhpBB-board <".$admin_email .">\r\n"; $headers .= "Reply-To: PhpBB-board <".$admin_email .">\r\n"; $headers .= "MIME-Version: 1.0\r\n"; if($html_on) $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $user_id = intval($HTTP_GET_VARS[POST_USERS_URL]); $username = convert_id($user_id); $user_ip = htmlspecialchars($_SERVER['REMOTE_ADDR']) . ' '.htmlspecialchars($_SERVER['HTTP_X_FORWARDED_FOR']); $the_post_vars_value = "ip => $user_ip\n<br />"; $the_post_vars_value .= "userdata_username => ". $username."\n<br />"; // Member of this board.. // http://www.board.com/profile.php?mode=viewprofile&u=3 $map = $board_config['script_path'] . '/'; $the_post_vars_value .= '<a href="http://' . $_SERVER['HTTP_HOST'] . $map. append_sid("profile.$phpEx?mode=viewprofile&" . POST_USERS_URL . "=" . $user_id) . '">Click here to see the profile of '.$username.'</a><br /><br />'; $the_post_vars_value .= "http_referer => ". $_SERVER["HTTP_REFERER"]."\n<br />"; $the_post_vars_value .= "http_user_agent => ". $_SERVER["HTTP_USER_AGENT"]."\n<br />\n<br />"; if ( !empty($HTTP_POST_VARS) ) { $the_post_vars = $HTTP_POST_VARS; while (list($key, $val) = each($the_post_vars)) { $the_post_vars_value .= "$key => $val\n<br />"; } } // TODO: use $emailer mail($admin_email,'Phpbb: Spam activation attempt','<html>Post vars are below:<br /><br />'.$the_post_vars_value.'</html>',$headers); message_die(GENERAL_MESSAGE, $lang['Wrong_activation']); } else { // MOD Ramon Fincken // Phpbbinstallers.com // Block normal act_key requests V1.0.2
FINDBEFORE, ADDCode: Select all
?>Code: Select all
} // MOD Ramon Fincken // Phpbbinstallers.com // Block normal act_key requests V1.0.2
DIY INSTRUCTIONSCode: Select all
** find the 'eow' in usercp_register.php and in usercp_activate.php now change it to some bogus text like 'sies' or 'lciw' do NOT enter a number, just alphabetical characters ( a till z ) ** find the $admin_email in usercp_activate.php and enter your own admin email
Example of the activation mail:
Welcome to board.com Forums
Warning ! Do not click the first activation link, but scroll down for the correct link.
Please keep this email for your records. Your account information is as follows:
----------------------------
Username: testuser
Password: testpass
----------------------------
Your account is currently inactive. You cannot use it until you visit the following link:
http://board.com/board/profile.php?mode ... 3a8513d09d
Please do not forget your password as it has been encrypted in our database and we cannot retrieve it for you. However, should you forget your password you can request a new one which will be activated in the same way as this account.
Thank you for registering.
--
Thanks,
The Management
www.board.com
Correct link:
http://board.com/board/profile.php?mode ... 3a8513d09d
Example of admin mail: ( subject = Phpbb : Spam activation attempt )
Username is below
--------------------------------------------------------------------------------
Text is below
--------------------------------------------------------------------------------
Post vars are below:
ip => 123.456.789.10
userdata_username => testuser
Click here to see the profile of testuser
http_referer =>
http_user_agent => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
forumsoftware[AT}creativepulses[DOT}nl [/size]
Well my edvice change the email template so its not like the phpBB one. Then people who don't like to read(Me) or people who are not very smart can not get cought. 
I would be an awesome way to prevent spammer users