81
chefry
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/8/10 16:09

  • chefry

  • Home away from home

  • Posts: 1005

  • Since: 2006/10/14


doesn't work

82
barryc
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/8/10 16:40

  • barryc

  • Just can't stay away

  • Posts: 480

  • Since: 2004/3/20


As I've explained in a different thread, using a two step registration, with some required fields in the second, and saving only after the second step is completed, has essentially blocked these spam registrations on my site.

See https://xoops.org/modules/newbb/viewto ... id=338628#forumpost338628
Barry Cooper
Sweet Home, Oregon

83
hipoonios
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/22 4:09

  • hipoonios

  • Friend of XOOPS

  • Posts: 298

  • Since: 2005/9/24


I've made all suggestions in this thread, like change captcha, save after second step etc. Sure, it have helped a bit. But.....

Yesterday did I a test. I changed to a 100 characters long captcha. This should make it really hard for bots to sign up (hehe). BUT GUESS WHAT! Today there where 8 new user registrations. All bots! So I'm pretty sure that the Captcha in Xoops core is broken or hacked

I also running latest Xoops with latest Protector btw.
I love Xoops!

84
Peekay
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/22 9:10

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Did you try adding the code to register.php shown in this post? You need to read the whole thread to see the context. Don't forget to make a back up of the file first and I recommend you run a test to ensure email activation works.

I should point out that the code in the post was intended for Xoops 2.4. I don't know if anything in the registration process has changed in 2.5.
A thread is for life. Not just for Christmas.

85
hipoonios
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/22 11:06

  • hipoonios

  • Friend of XOOPS

  • Posts: 298

  • Since: 2005/9/24


No, I must have missed that. I'm testing this right now and it seems to work.

I have live statistics on my site and I see that they do not always access register.php first.

Other common files they accessing first is:

/modules/profile/index.php
/modules/profile/register.php
/modules/profile/edituser.php
/modules/profile/user.php
/modules/profile/userinfo.php

/user.php
/edituser.php
/userinfo.php

Can I put the code in these files as well?

Thanks,
I love Xoops!

86
Peekay
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/22 17:31

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


There are (at least were) two 'register.php' files, one is used by the 'profile' module. As barryC points out in this post it's a good idea to add the code to both files.

All the code does is insist the request for that file comes from another page on the website, or a valid activation code is provided, which are the things that happen when a human registers.

I don't run any public sites myself, so it would be good to know if it makes the slightest bit of difference.
A thread is for life. Not just for Christmas.

87
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/22 23:47

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


XoopsCaptcha in image mode is not effective :(

I have been receiving around 30/40 registrations a day on xuups.com.

I'm using profile module with 2 registration steps.
2 step has a required field and user is only saved after 2 step.
I've tried image captcha(tried different config options) and sexy captcha (from frankblack)
Notiice that this version of profile(the one that will come in 2.5.2) enforces required fields, even if javascript is disabled. Does not matter, they are still able to register.

I'm now testing repcatcha (recaptcha will be supported by 2.5.2). Tomorrow I'll be able to tell if it is effective. If not, I will consider looking for the HTTP_REFERRER.

88
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/23 13:03

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Recaptcha does not prevent spam registrations, it is worse than XoopsCaptchaImage.

I'll test Asirra latter tonight:
http://www.asirra.com/examples/ExampleService-PHP.html
Meanwhile, I'll be testing XoopsCaptchaText

We should also consider the possibility of using hidden fields to detect spammers. If spammer fills an hidden field that is not supposed to be filled, then we block them.

89
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/24 0:13

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Text mode is doing very well, only had 2 registrations and about 40 that failed.

I have finished asirra support and will be testing it tomorrow.

I've added a log module in xuups.com and I'm hooking it in register.php and activate.php. It is saving $_SERVER and $_POST arrays in database so I can follow the spammers. They seem to have HTTP_REFERRER set so it will not be useful to block requests with empty ones.

90
hipoonios
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/24 9:27

  • hipoonios

  • Friend of XOOPS

  • Posts: 298

  • Since: 2005/9/24


Quote:
I don't run any public sites myself, so it would be good to know if it makes the slightest bit of difference.7


It has really helped. Now I get only 10 spam registrations instead of the 100/day. Thanks!

Trabis: Thanks for taking a look at this. Changed to text mode on my site as well.

Looking forward to hear about the results from asirra.
I love Xoops!

Login

Username:
Password:

Lost Password? Register now!

Who's Online

30 user(s) are online (7 user(s) are browsing Support Forums)


Members: 0


Guests: 30


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits