Help with SMF and Bot Users

[onlyican]

Hi

 

I got a smallish website, smallish forum using SMF

 

My god am I suffering hard with bot registrations.

I got 72 posts and over 1300 users (You do the maths, this is NOT right)

 

I have moded the registration form to use ReCaptcha (Yes I know recent news about ReCaptcha)

 

Other than that, its pretty standard.

 

Any suggestions how to help prevent bot registrations (They are starting to post now so I can't just leave it and say, hey I got loads of members)

[lastkarrde]

ReCaptcha will stop most bot registrations. I would be surprised if you receive any more.

[onlyican]

Recaptcha has been activated since the start but they are coming through thick and fast

[Pikachu2000]

Are you sure they're bots? How do you know they aren't actually people spamming?

[lastkarrde]

Do you have email validation required?

[onlyican]

The reason I doubt these are users actually registering is the amount and Spam posts are starting to appear. When I look at the user Data, they registered on X date, last logged in: never.

 

For them to confirm account, they have to log in, which would cause a last log in date.

 

Only email validation is standard SMF, I may change this to check the MX Records.

 

 

[TheEddy]

Recaptcha has been cracked and bots can now get past it.

[onlyican]

I have cracked down a lot on spam bots

I am securing all GETS / POSTS / REQUESTS as these were NOT always done.

 

I am using a sneaky method (Later found to be a known method called honeypot) Where I have a text field that is in a hidden div. The field has to remain empty, else log in fails. (As most bots complete all fields)

Also another field with a value thats hidden, the 2nd page has to match (this is hard coded but helps stop cross scripting)

And user approval via email (Should have done this ages ago)

I have done a couple of other tricks but not going to tell all my secrets.