renaming register.php no longer works
First, thank you for posting this and trying to help. I have everything suggested installed with all the hostnames/agents set up correctly. It is working (mostly), but we need to be aware of something important. Several of the suggestions are good, but they are not foolproof and some are not helping anymore.
"Rename register.php by BOP5" is now completely useless and a waste of time to implement. Perhaps once it worked, but spam software (xrumer, etc) must now just be looking at the register link to figure out the URL, so the filename really doesn't matter anymore. I renamed register to completely random numbers/letters, two separate times, and all settings are correct. I did not use the word "register" or any words in the name. Within 30 minutes, the spambots are filling out forms on the new register filename. I know they are getting past the rename plugin trick because I'm getting PMs with them being blocked by the hostname plugin (which does work quite nicely). How long before the spammers get past that one, or just use different hostnames and we have to start updating that regularly? This is definitely not foolproof because the main block (renaming register.php) is no longer useful. The timer is also not stopping most of them, and I don't want to increase it much beyond 26 seconds or so.
Obviously spam software will continue to get smarter, so we need to have some humility instead of proclaiming, with hubris, that the era of big spam is over and posting that on all the other vbulletin.org anti-spam mods.
I have stopforumspam (through the glowhost plugin) running as an additional layer of protection. I wish there was an updated stopforumspam plugin that used their new "confidence" data and worked a little better, but no one seems to want to take that on. For now, it is still a very useful tool to add to what you have listed.
First, thank you for posting this and trying to help. I have everything suggested installed with all the hostnames/agents set up correctly. It is working (mostly), but we need to be aware of something important. Several of the suggestions are good, but they are not foolproof and some are not helping anymore.
"Rename register.php by BOP5" is now completely useless and a waste of time to implement. Perhaps once it worked, but spam software (xrumer, etc) must now just be looking at the register link to figure out the URL, so the filename really doesn't matter anymore. I renamed register to completely random numbers/letters, two separate times, and all settings are correct. I did not use the word "register" or any words in the name. Within 30 minutes, the spambots are filling out forms on the new register filename. I know they are getting past the rename plugin trick because I'm getting PMs with them being blocked by the hostname plugin (which does work quite nicely). How long before the spammers get past that one, or just use different hostnames and we have to start updating that regularly? This is definitely not foolproof because the main block (renaming register.php) is no longer useful. The timer is also not stopping most of them, and I don't want to increase it much beyond 26 seconds or so.
Obviously spam software will continue to get smarter, so we need to have some humility instead of proclaiming, with hubris, that the era of big spam is over and posting that on all the other vbulletin.org anti-spam mods.
I have stopforumspam (through the glowhost plugin) running as an additional layer of protection. I wish there was an updated stopforumspam plugin that used their new "confidence" data and worked a little better, but no one seems to want to take that on. For now, it is still a very useful tool to add to what you have listed.