A XOOPS site I set up a year or two ago for a client is suddenly being flooded with spambot registrations.

There's not much the spammers can do, because the site isn't actually particularly interactive at all - commenting is turned off, there are no forums, and the registration form isn't even visible since there's no point in allowing users to register - but it's still annoying.

I'm wondering if there would be any harm in simply removing register.php entirely, or at least renaming it so that it could be put back if they ever do decide to allow user registrations. New users could still be added via the admin, if they wanted to add accounts for contributors, but it would stop automated registrations, I would imagine.

Would that be OK? Or is there some other reasonably straightforward way to solve this?

Go to Admin:

Admin ---> system Admin ---> Site Preferences ---> User Info Settings

You will then see an option to turn off user registrations, or make admin approval first.

On the same note but slightly different, I'd like to see something done about this spam, it seems they can only target comments of the news module

They seem to sign up from domains like mail.ru in fact most of the spammers have been .RU domains with the exception of the one signing up with #OOPS# in their user info.

If you look at WordPress, they have tons of spam type tools that can assist in preventing this rubbish.

Aha! I thought there should be some way of turning off user registration, but I'd looked in the Preferences (in the wrong part of them, apparently) and not seen it, so I was trying to find alternatives. Thanks!

Quote:

Yep - good place to do this. I have the following entries on my system:

xoops.org$|.info$|privatepop3.com$|.ru$

I took the decision to ban registrations with .info email addresses a few months ago and this more or less cut out spambot registrations completely, including that G-W-B w*nker.

I then had a few of the privatepop3.com ones; a quick check showed this to be a well-known spamming domain.

I banned that .ru email addresses earlier today following a few reports in these forums - no actual attempts to register before I did so.

There is a post by McDonald earlier today which says that the Protector 3.1x modules (still in beta but working okay according to McD) have a plug-in that stops some spambots. This is good news, and another reason for us to be grateful to GIJoe.

You could try captcha in form register (hack by Dugris)

spidersilk,

No probs, I'm glad I could be of some use.

JAVesey,

Yeah I started using the Regex too after last week James explained how to use it a little better than it's detailed in the admin.

This way is cool for those spambots, but I also have some using yahoo and hotmail (there not on our X sites though, these are targeting WP sites).

I've not looked into the latest protector yet, not had a chance recently, but I'll certainly pop over there soon, anything to help fight spammers is cool.

debianus

Captcha is cool, but still problems arrive with some smart bots with ocr's (optical character readers), according to various websites, if the text is distorted with lines through, then it become harder for the bots to overcome.

Are there any examples of Dugris hack around (I think David shown me once, but can't remember)

But there is no cure for the sad spammers than manually do everything.

Most of these spammers are hitting news comments, but just wondering, they don't seem to have hit X.Org yet, yet this site is surely more popular.