Terrible Lizards™ » Dinosaur Forum
Terrible Lizards™
Terrible Lizards™  »  Website Developments
Simple phpBB Registration Spam Controls
Author Message
Dinosaurs
Posted: Wed Sep 17, 2008 6:24 pm Reply with quote
 Admin  Admin
Joined: 10 Nov 2006 Posts: 28
RegBots are always trying to frustrate phpBB admins. There are many MODs available that are designed to minimize this nuisance, but many are very complex and daunting for the novice;... below are a couple of simple modifications that we successfully implemented here for TerribleLizards.com.

1. Install "Better Captcha" MOD
http://www.phpbb.com/community/viewtopic.php?t=382890
http://www.phpbb.com/community/viewtopic.php?t=473222

This is a VERY simple MOD. Literally, one word is changed. A few more additional uploads and you're done.

= = =


2. Find and replace "agreed"
RegBots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". Fortunately, web form variables are CasE-sEnsiTivE, so simply changing the all-lower-case name "agreed" to mixed-case will still allow manual registrations to work, but will simply present a bot's request.

The files that need editing are:
admin/admin_users.php (2 occurrences)
includes/usercp_avatar.php (1 occurrence)
includes/usercp_register.php (5 occurrences)

Simply open in a text editor and perform a find and replace with AnyThingYouWish.

Actually, one or the other of these two modifications should do the trick, but they are so simple, even for a novice, that they should really be combined. Bear in mind that these are only effective for automated spambot registrations and will not prevent manual registrations. To prevent manual registration spam, go to your administration panel and within the "General Admin" > "Configuration" section, select the "Admin" option of the "Enable account activation" setting. In this instance the admin will receive an email for each new registration and be required to manually approve.


Last edited by Dinosaurs on Thu Sep 18, 2008 5:47 pm; edited 1 time in total


# # #


TerribleLizards.com | Dinosaur community discussion forums.
http://terriblelizards.com | http://dinosaurs.tk

Spinosaurus.com | The largest predatory dinosaur.
http://spinosaurus.com | http://spinosaur.com | http://spinosaur.us

Caresheet.com | Caresheets for pet reptiles, amphibians and small animals.
http://caresheet.com | http://animals.tk | http://reptiles.tk

View user's profile Send private message
Dinosaurs
Posted: Thu Sep 18, 2008 11:51 am Reply with quote
 Admin  Admin
Joined: 10 Nov 2006 Posts: 28
The following is another very simple deterrent to automated registrations. Spammers like the fact that phpBB makes a memberlist (e.g. http://yourwebsite.com/memberlist.php) available for view by anyone, including Googlebot which might spider their spam links.

With this simple modification, anyone manually typing in a memberlist.php url will be redirected to a login page.


Open memberlist.php

- [FIND ] - Code:

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_VIEWMEMBERS);
init_userprefs($userdata);
//
// End session management
//


- [ Add After] -
Code:

if ( !$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=memberlist.$phpEx", true));
}


# # #


TerribleLizards.com | Dinosaur community discussion forums.
http://terriblelizards.com | http://dinosaurs.tk

Spinosaurus.com | The largest predatory dinosaur.
http://spinosaurus.com | http://spinosaur.com | http://spinosaur.us

Caresheet.com | Caresheets for pet reptiles, amphibians and small animals.
http://caresheet.com | http://animals.tk | http://reptiles.tk

View user's profile Send private message
 
Post new topic   Reply to topic
Page 1 of 1    
All times are GMT - 5 Hours
The time now is Sun Apr 30, 2017 5:48 am
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum