UBB.Developers Forums UBB.classic V6.4 - 6.7 Modifications V6 Mod Ideas Has anyone figured out how to stop BOTS from spam?

I get about 5 to 10 BOTS registering on my site a day. Has anyone developed a hack to add an image file in the registration process? This is how VB is trying to slow this type of spamming down.

I'm running 6.7.3 with everything checked in the control panel, except the Moderation Queue. I get about 10-30 new registrations per day, so I'm not checking that box just yet.

Some common things these BOTS are using is the same birth date; March 28, 1983. And most are coming from .info domains.

Is there a way to ban all DOT INFO domains?

Any other ideas? The image file would be the best way to slow this down. But if there's no hack, I understand.

Thanks,

- Bill

This has been mentioned several times here over the last 6 months, the general consensus is no, Perl is a smidge harder to develop for; not to mention that UBB7.1 will have this as a stock feature. The easiest route would be to upgrade.

There can be a simple solutions to this problem. For example, a fixed image can be use. This will be very easy to write in any language. The server admin can make a graphic image of the text he wishes to use and it will never change. The registering user has to type in this word to complete his registration. It doesn't take much to confuse bots. You can even hack the code to say on the registration page "enter the word 'monkey' in the box below to finish your registration. This alone will stump most if not all bots.

If it's a fixed image, whats to stop someone from updating their bot to add in the value of your fixed image? it's just a temporary fix, if you could even call it a fix... A true captcha isnt' even fullproof either, but it goes a long way...

Gizmo, people that make and run these bots rarely target one site. They make a universal script/bot that can spam as many websites as possible. If your site has a slight unique registration variation that causes the bot to fail, chances are slim to none the bot programmer will care enough to modify his bot for your unique exception. There is no need for the spammer to include a single website workaround in his bot when there are thousands of other vulnerable boards out there. Hell, make it a static picture of a monkey or apple or something and ask people "What is this a picture of?" before they can register. I'd like to see bots do DSP image recognition of objects You can even be tricky and ask "What color is the text/object above" so regardless of what the captcha text reads or what the object is, it's the color that matters. Beating spammers is not hard, you just need some common sense.

Haveing said that, I wouldn't mind seeing some code of people implimenting some of my ideas.

I understand that, but keep in mind that most of these bots run off of databases as well that keep track of sites, also keep in mind that it'd not be hard at all to add in custom variables for sites (which I'm sure they also have).

If you think of how they work, it's not that difficult in the first place to make a spambot, let alone set it to have customizations to fool weak captcha's.

Additionally, some use captcha identification scripts to beat some weak captcha's as well.

Now asking to identify an animal, that in itself could be fun yes, but the customizations to a bot could thwart it easily.

And yes, i understand that you think they wouldn't, but I have seen them customize their targeting scripts, on plenty of sites that have 0 relation to eachother and aren't linked together; so it can and will happen if they really want to link from your site.

Keep in mind, it's not just spam to get people to look at sites, it can also be spam that increases hitrankings, so the most popular sites are the better to abuse in this way, so if you have a large site they will take more time to target you.

I would love to see someone modify the code to allow an image for registering. I'm getting so many spammers and is driving me nuts.

Thanks.

Bill

I believe Rick did, you might check out threads 7.1

Didn't Charles (Frenchy) write this up a while back?

Allen, they're wanting a CAPTCHA for .C

The easiest way to stop BOTS at the moment in UBB.classic is to have Custom Field 1/2 checked against login/public name, if they match refuse to process the registration. Unfortunately I can't figure out how to add that to the registration page, anyone not on teh UBB.Threads payroll willing to paste that tiny little line or two for us to use