hi guys,

well im totally pissed and anxious about those fing bots that keep registering at my website. manual activation is not an option cos i get over 50 activation emails a day and i get my mailbox spammed instead. as i used to use recaptcha and it didn't work against those dang spammers, i think they are using a kind of an allsubmitter software to type the captcha in and let the rest to the bots. this software retrieves the captcha pic on the screen and all you have to do to give the bot a way is to type what you see in the form.

since my website is trasnlation related and i expect my users to be prominent in translation matters, i want to replace the original captcha with a set of pics with spanish/german/french words on them and make users to type the english translation of the words instead of the words themselves. i really hope it's gonna work out but now i need a hand to help me figure out how to do it. as i understand everything is done in class/captcha so all i need is to replace the original word mess on the pic sith several words defined by me and make the comparation according to their translation defined.


any help?

Against bots, why don't you try this simple hack?

This is for XOOPS 2.4. Read my earlier post in the thread if you are using XOOPS 2.3 or earlier.

oh crap how did i miss such a huge discussion on the same thread. thanks Peekay I'll take a very close look now.

--edit--

ok i've put the code in both register.php files. hope together with recaptcha they will keep me from bots. i'll report later

Quote:

i have tried it now. the hack itsef works alright, but it doesn't stop spammers. it hasn't even reduce the number of fake registrations. maybe any other ideas?

OK I have tracked the ip of one of the spammers and here is the logs I have found:



maybe it can help.

i also wonder if this issue caused a 7 pages long discussion and there were notes that even reCaptcha can't stop them (my case as well) and it's the ussue of the register.php itself why don't we have a security patch yet?!

Hmmm... sorry to hear it didn't work. I confess I don't use XOOPS with profile module and that seems to be the target.

In the log from barryc (who was using XOOPS 2.3) the bot was using activation keys that were constant and bogus, e.g.

Quote:

I must admit I can't see how that would work as I assume XOOPS has some protection against duplicate activation values?

If you can post the log of two successful bot registrations at different times from different referers it would be helpful. I will need to see the full GET and POST strings (some of the above are truncated)

I wll enable the registration and check with the logs later today, Peekay. Just a quick suggestion: can we use so called honeypots to prevent our registration from spamming? I'd want to try it, though im not sure how to make a XOOPS profile field invisible via css.

Honey-pots will often trap the bot... but if you block the IP address it will simply return with a different IP next week. Any IP bans are a bit of a waste of time really.

You can PM me the log if you think it's a bit large to post in the forum. If I can spot a solution I'll obviously post back here.