miniBB ® 

miniBB

®
Support Forums
  
 | Start | Register | Search | Statistics | File Bank | Manual |
Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications /  
 

Completely disable 'website' field on registrations

 
 
Page  Page 3 of 4:  « Previous  1  2  3  4  Next »

Author Paul
Lead Developer 
#31 | Posted: 20 May 2013 18:45 
tom322
Sorry, I didn't get your idea...

Author tom322
Active Member
#32 | Posted: 20 May 2013 18:51 
I mean, that if robot fills out the 'website' field then its input should be checked against a random string. For example, when robot enters:

Biospam .net

in the 'website' field then it is obviously different than the random string generated by: md5(uniqid()) function and then script also should die. I guess robot can 'learn' not to fill out the 'website' field at all and it could be an extra protection.

Author Paul
Lead Developer 
#33 | Posted: 20 May 2013 19:05 
I think it's similar to the empty string. I.e. it doesn't matter, if we check for an empty string, or some random value. In any way the script should compare something to something. Also, with the random string it's more difficult implementation, because then this string should be generated upon the registration form is loaded, and kept in a session for possibility to compare it with the value provided on the form. If we go into the sessions question, then Captcha exactly works that way, and that would mean re-inventing the wheel...

In general, I don't see much sense to compare with the value embedded into the form. It could be easily read/submitted by a robot with no way to recognize it.

Author tom322
Active Member
#34 | Posted: 20 May 2013 19:08 
Paul:
this string should be generated upon the registration form is loaded, and kept in a session for possibility to compare it with the value provided on the form
Yes, that's why I couldn't get it because I didn't get the string upon form loading.. :} Well, there are different methods too but it would require a new approach to captcha.

Author Steve Shaw
Partaker
#35 | Posted: 21 May 2013 22:10 
First feedback - three days and no spam registrations at all, but a number of valid ones...

All seems to working as hoped so far!

;-)

Author Paul
Lead Developer 
#36 | Posted: 22 May 2013 10:34 
It's good to know it. But I must say, you have a very unusual implementation of anti-spam behavior :) it wouldn't work for those wanting to keep Website field alive. BTW, in often cases, this helps forum to collect more members wanting to provide useful replies instead of promoting of their website.

Anyway, if that worked for you, that's excellent :)

Author Steve Shaw
Partaker
#37 | Posted: 22 May 2013 10:45 
As is done with the 'Tectite' implementation, dummy fields can be used, leaving all the necessary fields there for 'real human' use.

Tectite have two hidden fields - one blank field that auto spammers will fill-in, and another that is pre-filled with data that must not be changed - obviously auto spam programs change that too...

If either of the above happens the registration is spam...

If I could code better I would do this with the Minibb forum, as I would like to have 'website' valid for real users, but stopping the spam is better :-)

Author Paul
Lead Developer 
#38 | Posted: 22 May 2013 10:53 
Steve Shaw:
Tectite have two hidden fields - one blank field that auto spammers will fill-in, and another that is pre-filled with data that must not be changed - obviously auto spam programs change that too...
IMHO this is very weird approach. May be it's only for "dummy" programs (which ones?..) working that way.
Actually, knowing how these field work, any script could be adjusted to provide the proper information there is required.
I.e. it's possible to adjust the script to not fill the field A and leave the field B as it is.

I think there is nothing difficult to provide the similar approach in miniBB. To the registration form, and to the message form it has, you may also add two random hidden fields (modifying templates). They could be even completely random, f.e. each day they would have different names (this could be a bit of tricky code, but still possible). Then in bb_plugins.php, there could be a very easy code, similar to what I provided above, which verifies these fields and stops the script, if something is wrong with them.

If it's difficult for you to code this out, I could put this task under my tasks lists and get back to it as soon as I have time. I could provide such kind of solution, but with no including it to the default core. That would be ideal, because being a coder with some annual experience, I honestly doubt on this method... but if it would work for somebody incl. you, why not.

Keep on :)

Author Steve Shaw
Partaker
#39 | Posted: 22 May 2013 10:59 
All I can say is, it is working so far, and we have never had any Spam at all with the Tectite forms... not one in 5 years!

I'll keep you informed of what happens with the Minibb forum registrations.

;-)

Author Paul
Lead Developer 
#40 | Posted: 22 May 2013 11:12 
I may be wrong in over-thinking the simple, this is also true :)

Author tom322
Active Member
#41 | Posted: 22 May 2013 18:29 
Steve Shaw:
Tectite have two hidden fields - one blank field that auto spammers will fill-in, and another that is pre-filled with data that must not be changed - obviously auto spam programs change that too...
I understand the blank field is not visible to humans, ie it's like:

<input type="text" style="display:none" id="some" placeholder="Leave it blank if you are a human!" />

correct?

What about the second field, what condition do you use to check if it was not changed? Is it like:

<input type="text" style="display:none" id="some2" placeholder="Do not change that" value="ValueDoNotChange" />

?

Author Steve Shaw
Partaker
#42 | Posted: 24 May 2013 16:27 
A week now, and no spam registration at all, but a number of 'real' ones!
All working perfectly.
I've even turned off the new user first post pre-moderation as it is working so well.

@tom322 - best to look at the Tectite Form information on their website info pages.

Author Steve Shaw
Partaker
#43 | Posted: 2 Jun 2013 00:54 
2 weeks and zero spam - looking good!!!

;o)

Author tom322
Active Member
#44 | Posted: 2 Jun 2013 21:56 
Do you use the same value in the 'some2' field or randomize it somehow?

Author Steve Shaw
Partaker
#45 | Posted: 2 Jun 2013 22:15 
I am just using the 'website' field - my coding skills are crap!!!

Page  Page 3 of 4:  « Previous  1  2  3  4  Next » 
Custom Tutorials and Modifications miniBB Support Forums / Custom Tutorials and Modifications /
 Completely disable 'website' field on registrations
 Share Topic's Link

Your Reply Click this icon to move up to the quoted message


  ?
Post as a Guest, leaving the Password field blank. You could also enter a Guest name, if it's not taken by a member yet. Sign-in and post at once, or just sign-in, bypassing the message's text.


Before posting, make sure your message is compliant with forum rules; otherwise it could be locked or removed with no explanation.

 

 
 
miniBB Support Forums Powered by Forum Software miniBB ® Home  Features  Requirements  Demo  Download  Showcase  Gallery of Arts
Compiler  Premium Extensions  Premium Support  License  Contact Us
Proceed with the Captcha add-on: protect your miniBB-forums from the automated spam and flood.


  ⇑