Changing Register.PHP to stop Spammers?

[SissysDad]

Spammers use Auto Bots to find my forum.  I know they are programmed to find any site using SMF looking for maybe "Powered by SMF", or some internal code that SMF uses.

I have been watching to see how Captcha is working for everyone and I read that Spammers are finding ways to crack that now unless you have images that are so hard to read that even humans have a hard time seeing what the image is.

Since Auto Bots are programmed to go find Register.php and sign up, I thought I would change mine to signupone.php or something else.  I would like to do this easily so I can change it from time to time so Spammers do not catch on.  When someone clicks on Register, they will go to the same page, but it will just not be called Register.php anymore.

Is there a way to do this without nearly a complete rewrite of everything?

[KGIII]

They'll find that easily enough. This is my solution:

GarbledURLs:
http://custom.simplemachines.org/mods/index.php?mod=563

It didn't take more than about a month before I was off their list and was able to enable guest posting.

[elfishtroll]

Spammers use Auto Bots to find my forum.  I know they are programmed to find any site using SMF looking for maybe "Powered by SMF", or some internal code that SMF uses.

I have been watching to see how Captcha is working for everyone and I read that Spammers are finding ways to crack that now unless you have images that are so hard to read that even humans have a hard time seeing what the image is.

Since Auto Bots are programmed to go find Register.php and sign up, I thought I would change mine to signupone.php or something else.  I would like to do this easily so I can change it from time to time so Spammers do not catch on.  When someone clicks on Register, they will go to the same page, but it will just not be called Register.php anymore.

Is there a way to do this without nearly a complete rewrite of everything?

Actually, KG, while your mod is very useful *and I've downloaded it I wonder if it doesnt duplicate  other mods?

for instance, there is a BBCODE permissions mod, which allows you to set permissions to ANY kind of bbcode, for instance images, they could still post an image in your forum (which may or may not link to offensive content)


SissysDad has actually pointed on the ideal protection against spammers, namely genetic diversity. With all copies of SMF being literal clones of each other, it only takes one virus (i.e. spammer/hacker) to infect them all, automatically!

renaming REGISTER.php and the following will definitely help.
example.
Have your main register php have a  link to a popup page that generates a cookie.
The link could be generated by javascript so that it wont even be visible by automated bots

the registration routine, not seeing that cookie, would simply discard the registration attempt.

The Registration functionality is the ideal place for this sort of activity, as it is not called from multiple places or has 'hook' significance (since you can register someone yourself directly from to the database if you wish)
Your method, while very useful, may not be the very best solution for his registration issue as it doesnt seem to prevent them from registering (and possibly sending nasty PM's or other behaviour-which is the next thing we are seeing from these bloody bots)

[fallen_angel]

My solution was to use this script, just a simple one line include at the top of register.php to prompt potential new members for a password. The password was available in the announcements section of my forum, so human users would be able to find it easy enough, but bots wouldn't know what the expected response to the password field should be. It cut my spammer problem down to zero overnight. I also contemplated rather than using a password, using a simple question with the answer to that question being the 'password' (principle demonstrated on this contact form where I got the idea from - I've switched most of my site contact forms over to this now).

With the upgrade to 1.1.2 I took the password protection off to see how the CAPTCHA stood up, but over the past couple of days on one forum I've had 3 or 4 new suss members, accounts unactivated yet, and a couple of bouncing welcome emails. At the moment I'm considering whether to make the CAPTCHA image more complicated, or whether to reinstate the password protection or a variation of it.

[elfishtroll]

thats EXACTLY what I'm talking about!

(btw, the second site you linked to is supported by a script/htaccess combo called bad-behaviour which also "protects" you from bad bots (but it has too many false positives for my taste and false negatives-
)


the problem with the bloody captha is that it is too hard to read for humans (if its not , then bots can read it) (and annoying as hell)

[KGIII]

The problem with most of these protections (and the GarbledURLs isn't really a SPAM protection utility so much as it is one to make things easier for the administrators) is that a real human being can come in and just abuse the system if they want to work hard enough. Even the forementioned mod is subject to abuse by someone willing to make 10 posts first.

[susb]

In addition to the visual verification, I installed the Custom Profile Field Mod:

http://custom.simplemachines.org/mods/index.php?mod=319

I show a field on registration and force input which keeps the automatic spambots away.

We also have our staff members approve each member.

[bilgiligenc]

thats EXACTLY what I'm talking about!