Error log

[fungolfer]

Hi everyone,

is there any way to log those errors which come up when the registration question is answered wrong or if someone forgot to answer the question? At the moment I have up to 100 registartions each day but lots of them still never show up in any error log. I just see them in "who is online" when they register a new account. I also would like to ban the IP adress of these bots or spammers. Right now the logs only show banned IPs but I'd like to log a bit more. Any idea? Looked for a Mod but didn't find one which logs the failed registrations.

SMF 2.0.15

[Kindred]

Banning bots and spammers is basically pointless -- especially by IP -- even I can get a new IP in seconds. (and if I can do it, and spammer can)

If they are not getting through, then don't worry about it. Your system is working as it should and their attempts don't hurt you.
If they are getting through, then just improve your questions and/or add more to the draw pile (you should have at least 20-30 questions in your pile - asking 1-2 at registration)

[a10]

Early in my forum life I was desparate to control everything. Now life is good, controlling only what matters :O)

Am letting the zillions of bot ip's 'visit' the forum (like any normal guests), no harm done.
Good questions stops 100 % of bot registrations (the 4 human spammers pr year are no problem to deal with).

[Aleksi "Lex" Kilpinen]

Early in my forum life I was desparate to control everything. Now life is good, controlling only what matters :O)

Early in my life I was desperate to control everything. Now life is better, trying to control only what matters.

True. So true.

[Kiriakos GR]

Banning bots and spammers is basically pointless -- especially by IP -- even I can get a new IP in seconds. (and if I can do it, and spammer can)

Nothing is pointless.
Defense of your base this is your duty.
Over 1000 Hosting bots banned so far, among with any Proxy which does unsuccessful Registration or Log in.
With my SMF Nintendo no one will play free of charge other than me.

[Arantor]

No, really, banning spammers by IP is pointless. On a previous forum I used to run, I had tens of thousands of IP bans - except after the spammer had spammed, they never came back, so never ever ever ever triggered any of those bans.

Given proxies, VPNs and the general state of mobile phone use where IPs change frequently, it's really pointless to try to ban by IP these days.

[Kiriakos GR]

I just see them in "who is online" when they register a new account.

Use this magnifying glass and use IP Ban range (last three digits)
https://db-ip.com/

By locating and ban few junk servers every day, in a week time you will have build some bricks of defense.
In a month time the bricks will form a handmade firewall - FREE OF CHARGE.

[vbgamer45]

Should be we do proxy,vpn bans checking on forum signup? You think that would be good for a mod?
I do a low level check on signups for createaforum that blocks some of the headers that pass along from signing up.

[Arantor]

By locating and ban few junk servers every day, in a week time you will have build some bricks of defense.
In a month time the bricks will form a handmade firewall - FREE OF CHARGE.

Except for all the processing your forum will be doing for nothing.

Should be we do proxy,vpn bans checking on forum signup? You think that would be good for a mod?
I do a low level check on signups for createaforum that blocks some of the headers that pass along from signing up.

If restricted solely to signup that could be OK but remember that people might them put themselves behind a proxy (either intentionally a la CloudFlare or unintentionally if they're on their forum at work).

[vbgamer45]

Yeah I just do on new forum creation for createaforum to get rid some of the undesirables out there.

[Kiriakos GR]

Given proxies, VPNs and the general state of mobile phone use where IPs change frequently, it's really pointless to try to ban by IP these days.

I want to see them paying money for changing IPs. 
I do really enjoy this... because their playing with my server it does not cost them anything.

Actually I love seeing in the eyes of those dump-ass server administrators the feeling of pain, they spent time to see why their bot gets blocked?  they try to redirect IPs, they bother to waste time and resources for a Blog of multimeters.
I am not a seating duck, I am a fighter duck thanks to my brain and special software tools that I am using.

And because it is a bad idea talking about your home bugler alarm details to strangers,  i have no other comment on this topic.   
 
   

[Kiriakos GR]

Should be we do proxy,vpn bans checking on forum signup? You think that would be good for a mod?

Lovely idea if this can correlate with  https://db-ip.com/ results.
Unfortunately this service is not free of charge about large amount of IPs detection per day.

[Aleksi "Lex" Kilpinen]

I want to see them paying money for changing IPs. 

Get any home DSL or mobile connection, and it will be cheaper than renting a server... For real.

[Arantor]

Except it doesn't cost money to switch IPs! Even with your ideas of banning it costs them nothing. It will, however, cost your server more resources over time.

I assure you bots do not operate the way you think they do, but your naivety vs my years of dealing with this, you win again.

[Kiriakos GR]

Except it doesn't cost money to switch IPs! Even with your ideas of banning it costs them nothing. It will, however, cost your server more resources over time.

I assure you bots do not operate the way you think they do, but your naivety vs my years of dealing with this, you win again.

You seem to know everything of hacking costs.
Either way if you ever setup SMF for productive work, and you are thinking to protect it, then buy the largest dog that your money can pay for.
Us the lesser smarter ones, we will protect our property by using any available weapon and strategy.

 

[Arantor]

Dude, I run sites every day whose hosting bill is in the thousands of dollars every month. I deal with this stuff on a professional basis, and I assure you the measures you think are helping don't help.

[Kindred]

Kiriakos, as usual, you are making claims and making suggestions to other users which are based in illusion.

As Arantor has pointed out - your methods accomplish nothing and cost the spammers nothing - and cost your server resources needed to process hits. Heck, now that I know how your system works, I bet I could hang your system - or at least visibly slow it down (if I cared enough to bother)

fungolfer, add questions. Don't bother with IP bans. It will stop the spammers cold.

[Sir Osis of Liver]

Only problem with questions is some people can't think of enough to make it effective, or the questions are too easy ('How much is 3 + 3?'), and some are too difficult (registrants have to Google them to find answers).  I've seen all of these just within the past couple days.  You can supplement questions with an image, like this.  It's simple to do, any image can be used that's sufficiently complex to generate a lot of questions, and if you use an original image it's a one-off, 100% effective stopping bot registrations.

[fungolfer]

Thank you all for the input. Very interesting discussion for me. When I took over the forum 5 years ago I had 6.000 members. Only 700 were real group members. Also the forum had over 25.000 posts and only about 2.000 were no spam. It took me all my time to clean up the forum and get rid of all the spammers and bots. I read that spammers only post once and never come back? Hmmm, maybe in a perfect world, but not in my forum Well, I will deal with the Infos I get.

I like Sir Osis of Livers suggestion and will try to get a picture like that. Never had that in my mind. I love the idea

So thanks again all and have a spam free time

[a10]

I like the picture idea :O)

Am using this kind of questions, see https://www.simplemachines.org/community/index.php?topic=531660.msg3776163#msg3776163

Very easy to make dozens of those. Got 3 questions active.
Year after year with zero bots, and zero problem for real people.

[fungolfer]

Also very nice idea Will help alot

Thank you very much Folks

[Sir Osis of Liver]

Here's the code if you want to play with it.

Register.template.php

Code Select Expand



// If we have either of these, close the list like a proper gent.
if (!empty($context['profile_fields']) || !empty($context['custom_fields']))
{
echo '
</dl>
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}

/// Image verification

echo '
<div class="title_bar">
<h4 class="titlebg">', $txt['verification'], '</h4>
</div>

<div class="windowbg2" style="height: 230px;">
<span class="topslice"><span></span></span>

<div style="text-align: center; margin: 10px 0 0 0;">
<img src="', $settings['images_url'], '/verif3.png" />
</div>

<span class="botslice"><span></span></span>
</div>';

if ($context['visual_verification'])
{
echo '
<div class="windowbg2">
<span class="topslice"><span></span></span>
<fieldset class="content centertext">
', template_control_verification($context['visual_verification_id'], 'all'), '
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}



This is for 2.0, formatting is slightly different in 2.1.  You can use your own image.

[fungolfer]

Thank you very much Sir, will give it to my php admin and try it out

[delta5]

The scanner plug-in mod from stopforumspam.com seems to work very well. It checks all registration attempts against a huge spammer database and blocks the ones that have hits in the database.

[Kindred]

yes... SFS is good....  but why not just stop the spammers before they eveb get to the point where they need to be checked. USE GOOD QUESTIONS.

[delta5]

I actually do use both. I have not had a spambot get registered (knock on wood) since I installed the sfs mod. I love it.

[AlanDewey]

Sir Osis

That image is a fantastic idea.  I have created an image for my site.

Unfortunately, every time I edit Register.template.php    I get errors   :-( 

Am I supposed to replace that section of code, or add yours to the template?

Thank you (in advance.)


Forum version: SMF 2.0.17 (more detailed)
Current SMF version: SMF 2.0.17
GD version: bundled (2.1.0 compatible)
Database Server: MySQL
MySQL version: 8.0.15
PHP: 7.1.26
Server version: Microsoft-IIS/10.0

[vbgamer45]

Attach you edited register.template.php what errors do you get?

[Sir Osis of Liver]

This is the core code in Register.template.php -

Code Select Expand



// If we have either of these, close the list like a proper gent.
if (!empty($context['profile_fields']) || !empty($context['custom_fields']))
{
echo '
</dl>
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}

if ($context['visual_verification'])
{
echo '
<div class="title_bar">
<h4 class="titlebg">', $txt['verification'], '</h4>
</div>
<div class="windowbg2">
<span class="topslice"><span></span></span>
<fieldset class="content centertext">
', template_control_verification($context['visual_verification_id'], 'all'), '
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}



Replace it with this -

Code Select Expand




// If we have either of these, close the list like a proper gent.
if (!empty($context['profile_fields']) || !empty($context['custom_fields']))
{
echo '
</dl>
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}

/// Image verification

echo '
<div class="title_bar">
<h4 class="titlebg">', $txt['verification'], '</h4>
</div>

<div class="windowbg2" style="height: 230px;">
<span class="topslice"><span></span></span>

<div style="text-align: center; margin: 10px 0 0 0;">
<img src="', $settings['images_url'], '/verif3.png" />
</div>

<span class="botslice"><span></span></span>
</div>';

if ($context['visual_verification'])
{
echo '
<div class="windowbg2">
<span class="topslice"><span></span></span>
<fieldset class="content centertext">
', template_control_verification($context['visual_verification_id'], 'all'), '
</fieldset>
<span class="botslice"><span></span></span>
</div>';
}



It adds the image and cleans up the formatting a bit.

[AlanDewey]

:-)     No errors now.

Y'all are very helpful !

Thank You