The idea is to ask the spam bot a question which it does not expect, but it will be no problem for the users to answer. I’ve added to the registration form the question “How much is 5+2 ?”. Most of the new forum members were able to answer it on the first attempt. But spam bots had no clue.
So until someone bothers to write a spam bot specifically for my forums – I am okay. When it happens, I’ll just change the question. It can be many things: “What was the color of the white horse of Hammurabi?” or “How long did the six-day war lasted?” and so on. You got the point.
Here is how to do it.
In the template directory, edit profile_add_body.tpl, and add a new row the the form:
<td class="row1"><span class="gen">How much is 5+2 *</span></td>
<td class="row2">
<input type="text" class="post" style="width: 200px" name="math_question" size="6" maxlength="6" value="" />
</td>
</tr>
Browse to the registration page on your forum to see that it looks right.
In includes/usercp_register.php, look around line 260, and add the condition that checks if the question was answered properly:
{
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ‘<br />’ : ” ) . $lang[‘Fields_empty’];
};
if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ’7′) {
$error = TRUE;
$error_msg .= (isset($error_msg) ? ‘<br/>’ : ”) . "Incorrect answer to the mathematical question…";
}
}
Thanks for this. I am beyond appreciative for this effort and am so lucky to have found this today.
I had a hard time figuring out how to modify the includes/… file but once I figured that out, it seems to be working perfectly. I deleted over 250 fake registrants in the past several days – over the past year and a half I can’t even imagine the hours I’ve spent deleting them all.
Death to spammers.
D
Thanks so much!! This is just fantastic and saves me a lot of crap!! Again thanks.
WxWitch
Thanks alot, I really appreciate it.
Excellent script thank you! Included it and tested it without any problems. Have been hit by spam users ever since I set the forum up and was getting in excess of 20 ‘new’ members a day! So far I haven’t had any spammers since I integrated your script!
Hi,
I can’t edit the profile section either. It reports that the maths question aint answered but I don’t see it anywhere on the profile page.
The rest of the soloution is working superbly
Anyone have any ideas about the profile section?
I’m in the same boat with the profile issue – if you submit changes to your profile an error comes up saying you haven’t answered the question, even though the question isn’t displayed anywhere!
Anyone know how to either disable the spam filter on the profile page or make the question appear on the profile page?
Thank you very much. my forums are @ http://www.secfootballblogger.com/forums/ . Now I do not have to worry about spam and porn on my forums. this idea was simply genius. Thank again.
This approach saved my Forum. I was getting so many spambot members that I spend most of my time deleting them. Since I added this question, no spambot members. Thanks!!!!!
hi, i have php nuke in my site and , i was looking for an antispam , i and i came here, when i read , the aritmetic question , y said “is a good idea” but , what if we insert a picture or any letter with a diferent color , o think the spam have no eyes to see the color o the picture, example ¨WHAT COLOR IS THIS(color text)? or WHAT DO YOU SEE IN THE PICTURE(PICTURE)?
do you think is a good idea?
sorry about my english
Well, this is great stopper for email registrations, but I am still getting about 5 postings/day from the spammers.
How do I stop them from making comments if they are not registrered? They have a name, but are listed as a guest.
I seem to missing a (“radio”) button somewhere that allows comments with or without registration. Or else they are bypassing a checkpoint somehow.
Thanks for your help!
Pacific
I am trying this out on my Safety Forum, (BrassardSecurity.com)
Thank you for the post!
I’ll let you know how it works out for me.
Ken
Twenty-four hours now and not one spam post or account.
Seems to work GREAT !!!
Thanks !!!!!!!!!!!
Ken
I have been reading up on several ways to prevent spambots from spamming web forms. I came up with a simple technique that doesn’t use image validation but simple number validation. Each time a user enters my form, I generate a unique ID and a 5-7 digit number code. I save this unique ID to a database and its associated number code. When the form is submitted, if hidden field unique ID is the same and number code that you typed is correct then it submits the info and deletes the record, otherwise it will assume spam and not submit info. Again, it can be broken but that come into how complex I display the 5-7 digit code.
ATK Contact Form is an example. So far it has worked!
ATK Solutions
Samet, you totally rock. Bless your heart. We’ve held up launching our smoking cessation support website because of the spambot issue.
Tried changing the folder from “forum” to something else. That failed, of course. Found a photo verification MOD on both phpBB and phpBBhacks web sites. Tried to implement it, but could not find where to place some of the code and questions on both forums went unanswered (’cause nobody knew the answer?). Neither my wife or I know php and were feeling quite frustrated and generally PO’d at the so-called experts.
Tonight she found this blog and our site is ready to launch. Took about 10 minutes to make the changes and test them out. You know, the simplest solutions are the most elusive.
I really like Varmint’s idea of using an all word question and answer, too.
Bless your heart, Samet. Thank you very much.
Shevlin Ryan
Co-Owner/Co-Adminstrator
Wholistiquit.com
How do I access the templates you mentioned? I use phpbb1
Hi, Dee. I just dropped by to add more praises and saw your post. I hope you haven’t given up and are still checking for answers.
Download the 2 files and use Notepad or any other TEXT editor to make the edits. I use Notepad++, a freeware program.
It’s now 11 days and not one spambot registration. A friend registered and it went smooth & easy.
I’m totally sold on this.
Shevie
Hi,
I run an automobile forum using phpBB. Spamming was off the hook. Around 20 registration per day and nasty posts. Looked for solution for ever on google. with no luck i tried this myself and reduced spamming 99 % for phpBB. Adding to what Mike at the top does this solution has few more steps. Check it out at http://appleicase.com/board.htm
Cheers
You are the man!
I just started my forum a week ago and got hit right away.
Your fix works like a charm and very easy to do!
I’m definately going to give you some link love.
How did you get it to work for your blog comments?
I run my own wordpress blog. Check it out!
Thanks
Where in the profile_add_body.tpl file do I insert the paragraph:
”
How much is 5+2 *
”
And WHY hasn’t any of the other hundred people here asked this question already? It should be the most obvious and fundamental question that should have been asked first. Shouldn’t you tell someone WHERE they should insert something in a file?
Thanks,
W
http://www.happierabroad.com
Where in the profile_add_body.tpl file do I insert the paragraph:
How much is 5+2 *
And WHY hasn’t any of the other hundred people here asked this question already? It should be the most obvious and fundamental question that should have been asked first. Shouldn’t you tell someone WHERE they should insert something in a file?
Thanks,
W
http://www.happierabroad.com
You put it where you desire the question to show up. In my case, I wanted it to be just before code for the CAPTCHA visual confirmation box.
It is inserted directly above:
which about line 58, or so.
You can see what it looks like at http://wholistiquit.com/forum/
Shevie
Put it around line 60.
Here is the code around that area from MY site, to help you locate where to put it in YOUR site.
Hope this helps.
Ken
{L_NEW_PASSWORD}: *
{L_PASSWORD_IF_CHANGED}
{L_CONFIRM_PASSWORD}: *
{L_PASSWORD_CONFIRM_IF_CHANGED}
How much is 5+2 *
{L_CONFIRM_CODE_IMPAIRED}{CONFIRM_IMG}
{L_CONFIRM_CODE}: * {L_CONFIRM_CODE_EXPLAIN}
Sorry, but the code got taken out in my earlier post.
Again, around Line 60 you should see where it goes then test the page to see ifm it’s where you want it.
Apparently I can’t just copy code to these comments.
It goes in directly above two comment lines that mark the beginning of the CAPTCHA code. One says “Visual Confirmation”, the next one says “BEGIN switch_confirm”. That will place the question on top of the CAPTCHA box.
I also changed the numbers just in case some smart-a$$ed spammer reads this thread and thinks to get around it. You can make the question anything you want, you just have to make the accommodation for the right response in the includes/usercp_register.php file.
Shevie
Ok I finally got it to work. I think it’s better to put the “how much is 5+2″ question at the top of the registration page though, right above the “Username” field, rather than the bottom, so that human users will be likely to see it and not skip it.
One more question. If I wanted to let the system accept both “7″ and “seven” as the correct answer, how would I do that? In the second code, would I put — = ’7′ or ‘seven’ — ?
And if I wanted to change the question to something else, how would I do that exactly?
Thanks,
WuMaster
http://www.happierabroad.com
You should be able to OR in another response for ‘seven’.
OK, one more try at posting code here.
if (!isset($_POST['math_question']) || $_POST['math_question'] != '7' || $_POST['math_question'] != 'seven')Ah, so that’s how it’s done
Actually, you probably meant:
if (!isset($_POST['math_question']) || ($_POST['math_question'] != '7' && $_POST['math_question'] != 'seven'))(as the condition you suggested will always evaluate to True)
Oops. Yep. Boolean bites me from time to time.
Thanks.
I can’t seem to make mine to work. Even when I typed in the wrong answer I managed to register. The second part of the code I inserted in line 260 exactly of usercrp register php. Am I doing the right thing? I swear a few days ago I tested it and it worked. It refused to register and said I had given the wrong code. But I was still getting the usual spambots so I decided to test again and found out it is not working anymore.
It’s me again. I just tried to register without answering the maths question and managed to register even though there is an asterisk to say the field must be filled. Obviously I am not doing something right here. When I checked into Admin index I could see about 50 guests online all of the same IP address!!! Guests are not allowed to read or post but I can stil see them in my admin index as being online browsing my forum. Can someone please enlighten me on this?
Hi, Dee. I just checked mine and I must put the right answer in or I get an error. A wrong answer or no answer will fault the registration process. Something must have changed. Did you add any mods or upgrades or restore from a backup?
Yes I recently updated from 2.0.21 to 2.0.23
Since the question is apparently showing as it should, then I’d look at the includes/usercp_register.php file to see if that file’s part in this was mod’d correctly. That’s where the user input is taken and processed.
I’m sorry to tell you but this doesn’t really work anymore
The spam seem to be too advanced or something. On my forum i added the above script (tested n working) while i already had visual & email verification enabled for the registration process.
Those god damned spambots kept registering and posting in the usual rates! :/
Btw those rates have been very highly increased since a month or something ago. I have an average of around 50 new registrations per day!!!!!!!!!! Fortunately not all of the spambots post, cause in that case i would be f**k*d!
So… any more help?;P
I have had one bogus registration since I installed this the end of January this year. Before that I was getting an average of about 5 per day.
You can change the formula and answer, which is what I did, or you can require a text answer to the formula, or you can really mix it up as Varmint suggested (If red riding hood wore a blue hood, what color hood would red riding hood be wearing?).
What I’d really like to see is a box where the applicant must fill out why they desire to join my site and that information sent in the registration request e-mail I receive. Unfortunately, I haven’t seen a mod that will do that.
so what u suggest is that i change the question? ok, i’ll try that and may god help me ;P
I had suggested something like “If you are in Denver, what state are you in?”, but then it occurred to me that there are many who may not know the answer, even people here in the US (maybe even in Colorado). And, of course, there is the spelling issue.
That’s what’s nice about Varmint’s suggestion, the correct answer is in the question. However, a slick programmer could code an intelligent enough program to extract it.
There is a suggestion on another board to reject any registrations that are submitted if the selected time zone is GMT – 12 because that is the middle of an ocean where nobody lives. The explanation says that bots tend to take the first selection in a drop-down and that is the first time zone selection. Easy enough for another slick programmer to get around, though.
Maybe something like “What is this rock we are on? Has h in it.” Answer, of course, is earth. I do believe that would be hard to anticipate and code for.
This is awesome, dOOd THANKX a Zillion! installed
like butta….now we shall see the final test, NO FLIPPIN BOTS signing up….
Much <3
This worked beautifully (ran for a month) until yesterday and today. Looks like I need to rotate the math question or change it to text form like this blog (t w o + f o u r) and make the answer in text form (six). That should stop them for a while!
Thanks!! I have a friend who runs a forum for a band and she was overcome by spammers. As the forum is run off of my website, I used the code and it works great
I did the math in text form, as suggested by the later posts. Thanks again!!
Sweet This worked ALMOST perfect… Had to rearrange where you put it and remove some things, but it works perfect.
This would be great for my website, as our members are becoming very offended. Is there anyway you could give me instructions on how to implement this into a phpNuke site?
Rab
PS I am willing to beg if needed
I have been using this fix on my forum for quite a while now, and it’s worked great, thanks! Recently I had some bots starting to come back, I just changed the question and answer, works wonderful, thanks so much again!
This is a great idea for the Registration, but I have bots that post on my forum that bypass the registration process.
I have the setting “do not allow postings without registration” checked, (no anonymous postings)
Did you double check all of your categories to make sure they all were set to “do not allow postings without registration” ? I know I had missed a few, and that is how some bots on my forum were posting without registering.
Help!!!! I updated the profile_ad… file no problem, i figured out where i wanted the question to go and bang it was great.
Now onto the second part of this mod.the usercp_… part
as soon as i added the script into like 260 and uploaded back to my server it went coocoo.
Now when i open my regi-page its all the code, and i dunno what to do now,
i have undo done the changes and reuploaded the file, but still it has the same damn issuse.
HEEEEEEEEEEEEEEELLLP
thanks.
okay so i found out i needed a php editor.
so now here is the next issue
Parse error: syntax error, unexpected T_ELSE in /mnt/w0301/d12/s14/b02d048b/www/twistedmuscle/twistedmuscle/forum/includes/usercp_register.php on line 260
now can someone help me