onlyican Posted January 12, 2011 Share Posted January 12, 2011 Hi I got a smallish website, smallish forum using SMF My god am I suffering hard with bot registrations. I got 72 posts and over 1300 users (You do the maths, this is NOT right) I have moded the registration form to use ReCaptcha (Yes I know recent news about ReCaptcha) Other than that, its pretty standard. Any suggestions how to help prevent bot registrations (They are starting to post now so I can't just leave it and say, hey I got loads of members) Quote Link to comment Share on other sites More sharing options...
lastkarrde Posted January 12, 2011 Share Posted January 12, 2011 ReCaptcha will stop most bot registrations. I would be surprised if you receive any more. Quote Link to comment Share on other sites More sharing options...
onlyican Posted January 12, 2011 Author Share Posted January 12, 2011 Recaptcha has been activated since the start but they are coming through thick and fast Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 12, 2011 Share Posted January 12, 2011 Are you sure they're bots? How do you know they aren't actually people spamming? Quote Link to comment Share on other sites More sharing options...
lastkarrde Posted January 13, 2011 Share Posted January 13, 2011 Do you have email validation required? Quote Link to comment Share on other sites More sharing options...
onlyican Posted January 13, 2011 Author Share Posted January 13, 2011 The reason I doubt these are users actually registering is the amount and Spam posts are starting to appear. When I look at the user Data, they registered on X date, last logged in: never. For them to confirm account, they have to log in, which would cause a last log in date. Only email validation is standard SMF, I may change this to check the MX Records. Quote Link to comment Share on other sites More sharing options...
TheEddy Posted January 16, 2011 Share Posted January 16, 2011 Recaptcha has been cracked and bots can now get past it. Quote Link to comment Share on other sites More sharing options...
onlyican Posted January 21, 2011 Author Share Posted January 21, 2011 I have cracked down a lot on spam bots I am securing all GETS / POSTS / REQUESTS as these were NOT always done. I am using a sneaky method (Later found to be a known method called honeypot) Where I have a text field that is in a hidden div. The field has to remain empty, else log in fails. (As most bots complete all fields) Also another field with a value thats hidden, the 2nd page has to match (this is hard coded but helps stop cross scripting) And user approval via email (Should have done this ages ago) I have done a couple of other tricks but not going to tell all my secrets. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.