• OzzModz is no longer taking registrations. All registrations are being redirected to Snog's Site
    All addons and support is available there now.

Addon [OzzModz] Registration Spaminator

Status
Not open for further replies.
It's downloaded and installed.
Any suggestions for the Xenforo spam settings? Should I disable StopForumSpam and DNSBL?
I'm guessing I should clear the Q and A and disable registration moderating.
 
It's downloaded and installed.
Any suggestions for the Xenforo spam settings? Should I disable StopForumSpam and DNSBL?
I'm guessing I should clear the Q and A and disable registration moderating.
I run "naked" with only the Spaminator on. Kill it all, give it the full test.
 
I'll give you a little bit of the backstory on this.

We had it for vBulletin 3.8 and 4, it stopped well obvr 2 million bot registrations in three years, on the 5 or 6 boards it was on. Without even one single bot registration success. But, vB5 came out, and we saw we didn't want any part of that so we never released this for vB to the public.

Now here we are, about where we were back then, except this is xenForo and we doubt they will screw their product up like vB did. So, here we go.

On two of my sites so far, this has stopped around 4,000 bot registration attempts in just three week, and nothing's gotten past it.

Best part of the Spaminator is, it is impossible to interfere with or even annoy any legitimate human. Because they'll never know it's there. Plus everything is logged, so you can see what it catches.
 
Two more, but they're duplicates. Set the registration timer for 10 seconds..
The captcha field is interesting.
 
Set the registration timer for 10 seconds..
I'd lose it. Run naked. The half-assed way xF has it, it's useless and only annoys legitimate humans. Bots don't press buttons. They simply send the page source code back as a POST action after injecting their responses to the source code they downloaded. This is why nobody uses timers.
The captcha field is interesting.
xrumer sees it as a field to put the spam in, like an "about me" thing. Just more dogshit for it to step in, if the false fields and fake checkboxes aren't enough land mines.

It's programmed to check those boxes and fill all fields.

And, you'll see a lot of duplicates because they don't stop trying, ever.
 
Just to let you know, to stop cold the very rare human spammer this is what Ozzy and I do:

Every 1st post by all new users is moderated. If we approve that post, they graduate into a "trusted" type usergroup which mirrors exactly the "registered" permissions.

The default "registered" usergroup is restricted, can't have signature, can't PM, etc. But if it is a legit user it gets full "registered" perms when you approve its first post.

We also hide the "Your post is moderated and is awaiting approval" notice, with a little extra.less edit. So new legit people aren't annoyed by being moderated - they never know they're moderated, see.

This has the happy side effect of the human spammer seeing his post(s), looking like all the others, thinks he accomplished his task, and leaves.

Can spam 100 or even 1000 posts, nobody but you and him/her will ever see them.

And that's the end of the very rare, human spam.
 
It's not showing the privacy and the terms and rules checkboxes in the register form, had to turn them off to register a new user.

Getting late, got ten so far, so I'm going to let it go tonight and see how it turns out.
 
This looks like it might be a bug, if there's supposed to be two checkboxes showing. Ozzy will look at it and see what's up. Good catch, if so.

By the way and not for nothing, on mobile we have to hunt for your register link, have to find it in the menu off the hamburger. You might consider this, find a way to make it prominent.
 
Status
Not open for further replies.
Back
Top