Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Another Anti-Spam Robot Mod?

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Check here to subscribe to this topic.
   

T O P I C    R E V I E W
janaf Posted - 09 December 2006 : 17:16:32

I would guess the spam robots use the form field names when they post/register on forums and send mail spam, so why not change form field names to something unknown?

Here is my approach with an example of replacing the form field name for email.

1) In the config file:
Dim strEmailField
'## Assign some whatever value / field name
strEmailField = "xxsxy2hsw35"

2) In register.asp replace all
Request.Form("email")
with
Request.Form(strEmailField)

3) In inc_profile.asp replace
name=""email""
with
name=""" & strEmailField & """

Finished!

Now the spanning software needs to know it should post the email address as a form field value named xxsxy2hsw35.......

The above could of course be done with any/all form field name.

A more advanced version could be to randomly generate the form field names and store them as session variables. Then the form field names would be different each session.

'## if the random generated field names don't excist then create them

if len(session(strCookieURL & "EmailField")) > 0 then
' do nothing
else
randomize()
	strEmailField = ""
	for i = 1 to 8
	      strEmailField = strEmailField & chr(Int(25 * Rnd)+97)
	next
	session(strCookieURL & "Emailfield") = strEmailField
end if

and then substitute in register.asp and inc_profile.asp for
session(strCookieURL & "Emailfield")


The same method could be used to prevent automated posting and mailing.

What do you think?<
15   L A T E S T    R E P L I E S    (Newest First)
garyrobar Posted - 18 December 2006 : 22:19:35
HuWR,

With all due respect, I think manually looking at every registrant before allowing them to use the forum is fairly backward.

Shouldn't we be taking advantage of the many CAPTCHA options that are available these days so that we can reduce the monotony and time spent of manual reviews of potential members?

Manually reviewing members seems a bit harsh once a forum grows, and I am not too sure that it is a positive way to go about administration.

The more we can automate the better right?

Also, waiting for a signup to be reviewed by a moderator can have a negative effect on new signups. Your forum is an exception, since it is THE forum for the topic it covers, but most other users of snitz forums are probably covering a topic for which competitiion for users is greater, perhaps a topic that already has several forums on the net. If this is the case, and I try and sign up for one, and its not instant, I move on to the next, so I can quickly get, or give, the help that I intended.

<
janaf Posted - 11 December 2006 : 06:41:31
Back to topic; I just realised there is at least one more file you need to modify if you use the code, and that is the pop_profile.asp. Otherwise, you can not change profile settings properly. You should do a search for
Request.Form("email")
and
name=""email""

or other filed name that you want to substitute.

If you substitute another form field variable, of course other files may need changes as well.<
MarkJH Posted - 10 December 2006 : 19:32:57
Okay. Like I said. It's just for your information.<
HuwR Posted - 10 December 2006 : 19:29:35
It is even more pointless trying to register without filling in any of the fields


being able to register when logged in is quite useful for testing it is a pain in the ass if you have to logout first.<
MarkJH Posted - 10 December 2006 : 19:21:54
quote:
Why are you trying to register without entering any information anyway ?

Does it really matter?

Anyway, if it's only for test code, it's just a FYI. Otherwise, if I remember correctly, it tells you to enter username/password etc.

Actually, I've always wondered why the 'register' link is even available for anybody logged in. I changed it on mine so it's only displayed to guests. Seems fairly pointless otherwise.<
HuwR Posted - 10 December 2006 : 19:18:58
not sure why, since if you don't fill anything in you shouldn't even get to line 271. Why are you trying to register without entering any information anyway ?<
MarkJH Posted - 10 December 2006 : 19:05:10
You spoke to soon, Huw. Getting this error, now:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 271<
MarkJH Posted - 10 December 2006 : 18:45:49
Cool. Glad it wasn't an error with the base code. <
HuwR Posted - 10 December 2006 : 18:34:49
quote:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 270


Have fixed that error now, it was in another piece of test code we have here which checks the attempted registration email against a list of known spammers/bogus registration attempts we have in our database<
HuwR Posted - 10 December 2006 : 18:11:04
yes restrict registrations is enabled here, all attempts to register must be verified by one of the admins.

The error may be related to the test code rather than the forum code so possibly is not a bug in the forum code, I will check<
MarkJH Posted - 10 December 2006 : 17:59:26
So 'Restrict Registration' is switched ON on this site?

Actually, I may have inadvertently found a bug with the software here. I just tried to register (already logged in) and without filling any fields in, clicked submit to get this:

Microsoft VBScript runtime error '800a0009'

Subscript out of range: '[number: 1]'

/forum/register.asp, line 270

Off topic, I know. I should probably post this as a bug.<
HuwR Posted - 10 December 2006 : 17:33:23
allowing disallowing email validation is a manual not an automatic process, so our vigilance has everything to do with it.<
MarkJH Posted - 10 December 2006 : 17:27:03
It's got nothing to do with that, Huw. All of the Forum Poster crap that has got through on my site has been email validated by the posting software. Personally, I don't validate anybody unless they specifically contact me to do so. Even then, I usually just delete their membership so that they can try again. A rare case in any point.

I downloaded the software a couple of months back to see how it worked. I noticed that there aren't a lot of Snitz forums in the demo version, in fact only 9. Mine was in there, not sure if Snitz Support was, though.<
HuwR Posted - 10 December 2006 : 13:49:19
the lack of Forum Poster crap here may not actually be a result of the code, the Admins here are very vigilant and pretty ruthless at allowing/disallowing registrations here, if anything looks remotely suspect they are simply not validated to register. There is no substitute for human intervention in my opinion<
janaf Posted - 10 December 2006 : 13:43:55
Yes, lets hope a mod or coming version will incorporate whatever is possible to stop automated spamming.<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000 Version 3.4.07