Saturday, April 21. 2007
PHPBB Anti-spam Registration Question
Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I've written a script that provides a randomly selected arithmetic problem involving one of four possible common operators. It creates a select list from which the user can select an answer, one of which is the correct answer. This list always varies and the answer is never the one visible. This is applied to registrations and to anonymous posts. A decoy equation is planted in the source code.
Another gadget for registrations varies the name attribute of the username input field. The string starts from a random selection of letters from the alphabet and winds up transformed and converted three different ways before it's finally added to the attribute.
For anonymous posts there is also a widget that replaces the normal message textarea with one that prevent user from pasting content either with the keyboard or with gui menus. This is meant for the human spammers who have no patience for typing when it comes to adding numerous links. Of course, it applies to bulletin boards with policies that allow anonymous posters to post links.
Another gadget for registrations varies the name attribute of the username input field. The string starts from a random selection of letters from the alphabet and winds up transformed and converted three different ways before it's finally added to the attribute.
For anonymous posts there is also a widget that replaces the normal message textarea with one that prevent user from pasting content either with the keyboard or with gui menus. This is meant for the human spammers who have no patience for typing when it comes to adding numerous links. Of course, it applies to bulletin boards with policies that allow anonymous posters to post links.
awesome! thanks for this. i've been looking around for an easy-to-follow and concise set of instructions... simple and efffective 
I want to thank you for a great simple fix. I was getting over 100 spam registrations a week before I implemented this on our forum. So far so good - not a single one!
Nice, simple and elegant. Thanks for the mod, I've installed it and tested it. Say bye bye spambots
I thought the correct answer was Anakin... Or was it Anakin Skywalker? 
I figured someone would bring that up sooner or later. I was hoping users would replace that with a better question of their own, but I've seen a couple boards with the question as-is. You could always modify the answer-checking block to allow them all.
I was hoping users would replace that with a better question of their own, but I've seen a couple boards with the question as-is. You could always modify the answer-checking block to allow them all.
A heads up:
I needed to edit if(trim(strtolower($_POST['bonusq']!='darth vader'))) to if(trim(strtolower($_POST['bonusq'])!='darth vader')) otherwise Darth Vader would register as a wrong answer.
Thanks for a simple and hopefully effective mod
I needed to edit if(trim(strtolower($_POST['bonusq']!='darth vader'))) to if(trim(strtolower($_POST['bonusq'])!='darth vader')) otherwise Darth Vader would register as a wrong answer.
Thanks for a simple and hopefully effective mod
Thanks for catching that bug. Actually my intention was for it to read:
if(trim(strtolower($_POST['bonusq']))!='darth vader') {
I have corrected the entry.
if(trim(strtolower($_POST['bonusq']))!='darth vader') {
I have corrected the entry.
A brilliant mod and many thanks Mike. We implemented it a couple of months ago and no spam since. Fantastic.
Mod worked great for me, however, once I made the changes my users can no longer edit their profiles?
Hmmm...make sure you have the code blocks in the correct places, otherwise you could interfere with profile updates. Use the suggested line numbers as a guide.
Thanks! I just implemented it on my forums, so hoping it will go okay!
Note: I discovered the answer must be in all lower case, just FYI.
Note: I discovered the answer must be in all lower case, just FYI.
The answer in the code should be lowercase, but the answer supplied by the user shouldn't have to be, as that's what the strtolower function does...it takes the user input and makes it lowercase before comparing it with the answer in the code.
I have something like this on my vb site, but you know what really kills the spammers dead in their tracks? Have the mod randomly display a question from a list of questions & answers determined by the admin.
That way if they figure out one of the questions, they have a whole slew more to figure out. Should keep the dumber spammers out. Works like a champ on my vb board, haven't had a spammer in months. (My phpBB board, that's another issue...)
That way if they figure out one of the questions, they have a whole slew more to figure out. Should keep the dumber spammers out. Works like a champ on my vb board, haven't had a spammer in months. (My phpBB board, that's another issue...)
Using the code you have here my forum members had trouble editing their profiles (it checked to see if 'darth vader' had been entered in a field they couldnt see while editing their profiles).
So, the fix:
Change
if(trim(strtolower($_POST['bonusq']))!='darth vader')
TO
if(trim(strtolower($_POST['bonusq']))!='darth vader' && $mode != 'editprofile')
Hope this helps
So, the fix:
Change
if(trim(strtolower($_POST['bonusq']))!='darth vader')
TO
if(trim(strtolower($_POST['bonusq']))!='darth vader' && $mode != 'editprofile')
Hope this helps
Thanks for posting this. When I get a chance I will update all the code as well as publish copies of the files from PHPBB + the modification.
wow!
Thank you sooooooo much. It really works. In fact I made it very simple. I added a 8-digit at the bottom of my bulletin board and the question is the type the number. Bingo!
It works and there are no more spam since that day nad if it is too complicate for a person to find the number at the bottom, I will probably be happy to not have this person to join my bulletin board :o)
Thanks a lot for this script.
Normand
Thank you sooooooo much. It really works. In fact I made it very simple. I added a 8-digit at the bottom of my bulletin board and the question is the type the number. Bingo!
It works and there are no more spam since that day nad if it is too complicate for a person to find the number at the bottom, I will probably be happy to not have this person to join my bulletin board :o)
Thanks a lot for this script.
Normand
I have implemented the mod. Thanks see it at http://www.jobscat.com
My forum users were having trouble editing their profiles. They managed to update them if they input their passwords (all 3 fields) each time, but otherwise it told them they were missing info.
To fix it, I moved the first segment of code on usercp_register down beyond all of the password information. I had to put it in brackets (as it wasn't if you just copied it from the page above) and I made sure to add the other suggestions on this page, but regardless everything started working fine. I made sure it stayed on the same level as it would if you pasted the code directly after the mode == 'register' line, though by taking it out of the password area entirely it stopped giving me trouble.
All of that side, I've had great success keeping spam out of my forum with this. I couldn't easily edit profiles for a while, but even then it was well worth it. Now that everything is functioning properly, life is good.
To fix it, I moved the first segment of code on usercp_register down beyond all of the password information. I had to put it in brackets (as it wasn't if you just copied it from the page above) and I made sure to add the other suggestions on this page, but regardless everything started working fine. I made sure it stayed on the same level as it would if you pasted the code directly after the mode == 'register' line, though by taking it out of the password area entirely it stopped giving me trouble.
All of that side, I've had great success keeping spam out of my forum with this. I couldn't easily edit profiles for a while, but even then it was well worth it. Now that everything is functioning properly, life is good.
When I uploaded the files you linked for download the mod worked fine but when I tried to simply add the snippets of code to my already existing files nothing changed.
In my current files there is a birthday Mod included which requires the user enter their birthdate upon registration and it then adds the birthday to the forums calendar. I really don't want to lose this feature and thought I could simply add the code where you instructed and that it should work but the qurestion no longer showed up. it was as if i hadn't added the code at all.
Is there a way I can keep the birthday mod in tact and still use this anti-spam mod?
Or am I just doing something wrong? Any help would be appreciated as I would love to use this mod.
Thanks in advance.
In my current files there is a birthday Mod included which requires the user enter their birthdate upon registration and it then adds the birthday to the forums calendar. I really don't want to lose this feature and thought I could simply add the code where you instructed and that it should work but the qurestion no longer showed up. it was as if i hadn't added the code at all.
Is there a way I can keep the birthday mod in tact and still use this anti-spam mod?
Or am I just doing something wrong? Any help would be appreciated as I would love to use this mod.
Thanks in advance.
When you have multiple modifications you have to be careful when editing the files. I would suggest you download a program like WinMerge (http://winmerge.org/). It will let you compare my modified files to your files that have the other mods. Then you can decide where the code should go.
Thank you so much for the information. I downloaded the Winmerge program and was able to incorporate the codes you listed above into the existing altered codes in my files. it was very easy to do and I had the new altered files uploaded in a matter of minutes.
I'm hoping the question will work to eliminate the spambot problem as well as it has for others.
Thanks again for your help.
kelly
I'm hoping the question will work to eliminate the spambot problem as well as it has for others.
Thanks again for your help.
kelly
For some reason, I can't get the actual question to show up on the registration page. Can anyone think of anything I"m doing wrong? I modified the profile_add_body.tpl file exactly.
Thanks.
-Wil
Thanks.
-Wil
A couple things:
First, make sure you made those changes to the profile_add_body.tpl file inside the template subfolder that you're using. If you're using SubSilver only, then you should be OK on that.
Next, the question will appear only when switch_add_profile, so make sure you made the changes that are shown in the "Update" sections as well. Or just download the files from the link at the end of the post and use them, or compare them with yours using a tool like WinMerge.
First, make sure you made those changes to the profile_add_body.tpl file inside the template subfolder that you're using. If you're using SubSilver only, then you should be OK on that.
Next, the question will appear only when switch_add_profile, so make sure you made the changes that are shown in the "Update" sections as well. Or just download the files from the link at the end of the post and use them, or compare them with yours using a tool like WinMerge.
Thank you so MUCH. We have a terrible spam bot problem and there hasnt been a single bot registration since I put the mod in.
I usually get between 10-20 a day!
I usually get between 10-20 a day!
Yes, the idea is very simple but surprisingly effective for more than year now. And I expect that such protection will be effective for a lot of time. Sometimes I write about it in my blog about spam bots and captchas: http://bbspam.com/
I was using this MOD when a user told me he could's change his password in his profile. I downloaded the MOD posted on 2007-09-29 and after uploading it, and trying to change a password in the profile I get this response:
Fatal error: Call to undefined function: session_reset_keys() in /var/www/vhosts/reelanimalsfishingshow.com/httpdocs/phpBB/includes/usercp_register.php on line 545
The password DOES get changed, but am getting the fatal error.
Fatal error: Call to undefined function: session_reset_keys() in /var/www/vhosts/reelanimalsfishingshow.com/httpdocs/phpBB/includes/usercp_register.php on line 545
The password DOES get changed, but am getting the fatal error.
Sorry, this got buried in my inbox. Anyway, I'm not sure about the error, but make sure you are using PHPBB 2.0.22, as the session code changed somewhere around 2.0.20.
I installed this script and get the same error.
I added the following line at the top of the script
error_reporting(0);
This basically stops the user from seeing the error and they get a blank page.
(This is a quick and dirty hack I did to keep the error message from revealing some virtual directory info I'd rather not have out there)
I don't recommend this as it will confuse your users but it works in a pinch.
I added the following line at the top of the script
error_reporting(0);
This basically stops the user from seeing the error and they get a blank page.
(This is a quick and dirty hack I did to keep the error message from revealing some virtual directory info I'd rather not have out there)
I don't recommend this as it will confuse your users but it works in a pinch.
> Are you running PHPBB 2.0.22 or 2.0.23?
It's on an older board running PHPBB 2.0.22
We're in the process of updating to phpbb3 but until that finishes we're still running 2.0.22
Sorry I forgot to mention this, I saw what you said earlier about the change in the session handling from .22 to .23
It's on an older board running PHPBB 2.0.22
We're in the process of updating to phpbb3 but until that finishes we're still running 2.0.22
Sorry I forgot to mention this, I saw what you said earlier about the change in the session handling from .22 to .23
The fix should work with 2.0.22. You should download the files from the link above and compare them to yours with WinMerge or something similar. Perhaps there's some discrepancy between your files and mine.
I had been looking everywhere for something to get rid of all the spam accounts on my role playing forums. I installed this two nights ago... and haven't seen a single inappropriate sign-up yet! Changing the question to fit my sites was easy, as I just picked a question about the game's information (makes it easy for me to also see if people signing up are actually reading the rules and stuff! *Bonus!*). Thank you SO much for this!
Simple and sweet, no dealing with "mods"...I've read text confirm is the only way to prevent autobots.
Thanks a lot for posting this!!
Thanks a lot for posting this!!
This was the best anti-spam mod I ever did. Anyone done this with phpBB3?
Thanks!! great!!!
Works like a charm!! changed the question and answer, but had to find out that it does not accept capitals...
But still, GREAT!
Works like a charm!! changed the question and answer, but had to find out that it does not accept capitals...
But still, GREAT!
The answer in the code must be lowercase, but due to the strtolower() function, the user can enter the answer with capitals or not.
Thanks for the help. Just the thing I was looking for - would work great for asking users the designator of an Arleigh Burke
Thx, my forum has been spam free for years, but lately I get more and more spammers. Up to 50 per day.
Your little mod worked perfect. I hope this is the last spammer I've had!
Your little mod worked perfect. I hope this is the last spammer I've had!
Sadly I cannot seem to find the files specified above to fix this on my PHPBB 3.0.9 board. Possibly changed.
Correct. The file layout has changed, but it is still quite simple to get the similar effect.
The line numbers refered below is for current version today which is 3.0.9.
Since I cannot write the less than and greater than brackets in this reply becaus of board limitations you will have to do a search and replace below on the < and >.
First you need to find the file ucp_register.html. It is located in your style catalog. If you use subsilver2 the file is located in /styles/subsilver2/template/.
Depending on where you want your bonus question located you need to put in this piece of code. If you want the question as last box after timezone it should start at line 64.
<tr>
<td class="row1"><b class="genmed">Anti-Spam Question: </b><br /><span class="gensmall">Enter the name Luke Skywalker's father. Check your spelling!</span> </td>
<td class="row2"><input class="post" type="text" name="bonusq" size="25" maxlength="100" value="" /></td>
</tr>
Then to add the validation you need to find the ucp_register.php. It is located in /includes/ucp/.
Just after the email and password check add the following code. It should start at line 261:
if(trim(strtolower($_POST['bonusq']))!='darth vader') {
$error[] = "You did not answer the Anti-Spam question correctly...";
}
Happy spam avoiding!
The line numbers refered below is for current version today which is 3.0.9.
Since I cannot write the less than and greater than brackets in this reply becaus of board limitations you will have to do a search and replace below on the < and >.
First you need to find the file ucp_register.html. It is located in your style catalog. If you use subsilver2 the file is located in /styles/subsilver2/template/.
Depending on where you want your bonus question located you need to put in this piece of code. If you want the question as last box after timezone it should start at line 64.
<tr>
<td class="row1"><b class="genmed">Anti-Spam Question: </b><br /><span class="gensmall">Enter the name Luke Skywalker's father. Check your spelling!</span> </td>
<td class="row2"><input class="post" type="text" name="bonusq" size="25" maxlength="100" value="" /></td>
</tr>
Then to add the validation you need to find the ucp_register.php. It is located in /includes/ucp/.
Just after the email and password check add the following code. It should start at line 261:
if(trim(strtolower($_POST['bonusq']))!='darth vader') {
$error[] = "You did not answer the Anti-Spam question correctly...";
}
Happy spam avoiding!
