Saturday, April 21. 2007PHPBB Anti-spam Registration QuestionTrackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I've written a script that provides a randomly selected arithmetic problem involving one of four possible common operators. It creates a select list from which the user can select an answer, one of which is the correct answer. This list always varies and the answer is never the one visible. This is applied to registrations and to anonymous posts. A decoy equation is planted in the source code.
Another gadget for registrations varies the name attribute of the username input field. The string starts from a random selection of letters from the alphabet and winds up transformed and converted three different ways before it's finally added to the attribute. For anonymous posts there is also a widget that replaces the normal message textarea with one that prevent user from pasting content either with the keyboard or with gui menus. This is meant for the human spammers who have no patience for typing when it comes to adding numerous links. Of course, it applies to bulletin boards with policies that allow anonymous posters to post links.
awesome! thanks for this. i've been looking around for an easy-to-follow and concise set of instructions... simple and efffective
I want to thank you for a great simple fix. I was getting over 100 spam registrations a week before I implemented this on our forum. So far so good - not a single one!
Nice, simple and elegant. Thanks for the mod, I've installed it and tested it. Say bye bye spambots
I thought the correct answer was Anakin... Or was it Anakin Skywalker?
I figured someone would bring that up sooner or later.
A heads up:
I needed to edit if(trim(strtolower($_POST['bonusq']!='darth vader'))) to if(trim(strtolower($_POST['bonusq'])!='darth vader')) otherwise Darth Vader would register as a wrong answer. Thanks for a simple and hopefully effective mod
Thanks for catching that bug. Actually my intention was for it to read:
if(trim(strtolower($_POST['bonusq']))!='darth vader') { I have corrected the entry.
A brilliant mod and many thanks Mike. We implemented it a couple of months ago and no spam since. Fantastic.
Mod worked great for me, however, once I made the changes my users can no longer edit their profiles?
Hmmm...make sure you have the code blocks in the correct places, otherwise you could interfere with profile updates. Use the suggested line numbers as a guide.
Thanks! I just implemented it on my forums, so hoping it will go okay!
Note: I discovered the answer must be in all lower case, just FYI.
The answer in the code should be lowercase, but the answer supplied by the user shouldn't have to be, as that's what the strtolower function does...it takes the user input and makes it lowercase before comparing it with the answer in the code.
I have something like this on my vb site, but you know what really kills the spammers dead in their tracks? Have the mod randomly display a question from a list of questions & answers determined by the admin.
That way if they figure out one of the questions, they have a whole slew more to figure out. Should keep the dumber spammers out. Works like a champ on my vb board, haven't had a spammer in months. (My phpBB board, that's another issue...)
Using the code you have here my forum members had trouble editing their profiles (it checked to see if 'darth vader' had been entered in a field they couldnt see while editing their profiles).
So, the fix: Change if(trim(strtolower($_POST['bonusq']))!='darth vader') TO if(trim(strtolower($_POST['bonusq']))!='darth vader' && $mode != 'editprofile') Hope this helps
Thanks for posting this. When I get a chance I will update all the code as well as publish copies of the files from PHPBB + the modification.
wow!
Thank you sooooooo much. It really works. In fact I made it very simple. I added a 8-digit at the bottom of my bulletin board and the question is the type the number. Bingo! It works and there are no more spam since that day nad if it is too complicate for a person to find the number at the bottom, I will probably be happy to not have this person to join my bulletin board :o) Thanks a lot for this script. Normand
I have implemented the mod. Thanks see it at http://www.jobscat.com
My forum users were having trouble editing their profiles. They managed to update them if they input their passwords (all 3 fields) each time, but otherwise it told them they were missing info.
To fix it, I moved the first segment of code on usercp_register down beyond all of the password information. I had to put it in brackets (as it wasn't if you just copied it from the page above) and I made sure to add the other suggestions on this page, but regardless everything started working fine. I made sure it stayed on the same level as it would if you pasted the code directly after the mode == 'register' line, though by taking it out of the password area entirely it stopped giving me trouble. All of that side, I've had great success keeping spam out of my forum with this. I couldn't easily edit profiles for a while, but even then it was well worth it. Now that everything is functioning properly, life is good.
When I uploaded the files you linked for download the mod worked fine but when I tried to simply add the snippets of code to my already existing files nothing changed.
In my current files there is a birthday Mod included which requires the user enter their birthdate upon registration and it then adds the birthday to the forums calendar. I really don't want to lose this feature and thought I could simply add the code where you instructed and that it should work but the qurestion no longer showed up. it was as if i hadn't added the code at all. Is there a way I can keep the birthday mod in tact and still use this anti-spam mod? Or am I just doing something wrong? Any help would be appreciated as I would love to use this mod. Thanks in advance.
When you have multiple modifications you have to be careful when editing the files. I would suggest you download a program like WinMerge (http://winmerge.org/). It will let you compare my modified files to your files that have the other mods. Then you can decide where the code should go.
Thank you so much for the information. I downloaded the Winmerge program and was able to incorporate the codes you listed above into the existing altered codes in my files. it was very easy to do and I had the new altered files uploaded in a matter of minutes.
I'm hoping the question will work to eliminate the spambot problem as well as it has for others. Thanks again for your help. kelly
For some reason, I can't get the actual question to show up on the registration page. Can anyone think of anything I"m doing wrong? I modified the profile_add_body.tpl file exactly.
Thanks. -Wil
A couple things:
First, make sure you made those changes to the profile_add_body.tpl file inside the template subfolder that you're using. If you're using SubSilver only, then you should be OK on that. Next, the question will appear only when switch_add_profile, so make sure you made the changes that are shown in the "Update" sections as well. Or just download the files from the link at the end of the post and use them, or compare them with yours using a tool like WinMerge.
Thank you so MUCH. We have a terrible spam bot problem and there hasnt been a single bot registration since I put the mod in.
I usually get between 10-20 a day!
Yes, the idea is very simple but surprisingly effective for more than year now. And I expect that such protection will be effective for a lot of time. Sometimes I write about it in my blog about spam bots and captchas: http://bbspam.com/
I was using this MOD when a user told me he could's change his password in his profile. I downloaded the MOD posted on 2007-09-29 and after uploading it, and trying to change a password in the profile I get this response:
Fatal error: Call to undefined function: session_reset_keys() in /var/www/vhosts/reelanimalsfishingshow.com/httpdocs/phpBB/includes/usercp_register.php on line 545 The password DOES get changed, but am getting the fatal error.
Sorry, this got buried in my inbox. Anyway, I'm not sure about the error, but make sure you are using PHPBB 2.0.22, as the session code changed somewhere around 2.0.20.
I installed this script and get the same error.
I added the following line at the top of the script error_reporting(0); This basically stops the user from seeing the error and they get a blank page. (This is a quick and dirty hack I did to keep the error message from revealing some virtual directory info I'd rather not have out there) I don't recommend this as it will confuse your users but it works in a pinch.
> Are you running PHPBB 2.0.22 or 2.0.23?
It's on an older board running PHPBB 2.0.22 We're in the process of updating to phpbb3 but until that finishes we're still running 2.0.22 Sorry I forgot to mention this, I saw what you said earlier about the change in the session handling from .22 to .23
The fix should work with 2.0.22. You should download the files from the link above and compare them to yours with WinMerge or something similar. Perhaps there's some discrepancy between your files and mine.
I had been looking everywhere for something to get rid of all the spam accounts on my role playing forums. I installed this two nights ago... and haven't seen a single inappropriate sign-up yet! Changing the question to fit my sites was easy, as I just picked a question about the game's information (makes it easy for me to also see if people signing up are actually reading the rules and stuff! *Bonus!*). Thank you SO much for this!
|
CategoriesQuicksearch |