| Author |
 Topic  |
|
gary b
Junior Member
USA
267 Posts |
 Posted - 19 December 2007 : 07:21:42
|
My forum has been getting hammered by 'registration bots' lately. For technical/logistical reasons, I cannot use captcha. I do use email validation, but there are probably a dozen or so "membership applications" (AKA 'registrations') per day. What's a guy to do???
I decided to try a novel (?) approach. I REVERSED the buttons on the policy page... you know, the ones that say 'Accept' and 'Cancel'. The first paragraph states that the Applicant *must* click the 'Cancel' button. Since my assumption is that bots don't read, I figured I would try this approach.
It is too soon to draw any conclusions, but ZERO bot registrations in past 24 hours!  I will keep you posted. Even if it works, it may be only a matter of time until my 'hook' is rendered useless... but I *am* enjoying no bogus 'applicants' for a while.
gary b
< |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 19 December 2007 : 07:46:36
|
Eh...Gary, you do know that most real people also don't actually read buttons?
Perhaps it's better to rename the text on the button from 'Accept' to 'Yup, I agree', and from 'Cancel' to 'Heck no!'.  < |
portfolio - linkshrinker - oxle - twitter |
 |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 19 December 2007 : 07:48:58
|
Has the added bonus of ensuring peoples actually read the terms 
< |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 19 December 2007 : 11:48:59
|
Another 18 hours and all is well!! No bot registrations as of yet! Whoopie!
And no... I did not try the birth date thingy.
< |
Edited by - gary b on 19 December 2007 11:50:52 |
|
|
|
JJenson
Advanced Member
USA
2121 Posts |
Posted - 19 December 2007 : 11:50:39
|
| We should start a pool on how long it takes for the bots to figure it out. < |
|
|
|
Podge
Support Moderator
Ireland
3776 Posts |
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 19 December 2007 : 11:56:57
|
That is an interesting point that I too wondered about. *IF* the activity (success/failure rate) of the bots is monitored, then it becomes more likely that bots will be modified to sidestep the change. But based on the 'automated' nature of the bots and the sheer volume of their actions, I'm betting my little piece of cyberspace will get lost in the numbers.
My goal was to concoct something that bypasses email validation if the test fails. So far, so good!!
And Podge... it took me less code (AKA 'pain') to change the button function than anything requiring User input. I'm still betting that this is not likely to be found... unless the bot writers read this topic!  < |
Edited by - gary b on 19 December 2007 11:59:54 |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 19 December 2007 : 13:50:53
|
It must be monitored... three months after I added Shaggy's birthday code (and a few other things) to the church website I'm back to getting bogus registrations like before (and like you mentioned). While they're not getting through due to the e-mail validation, I'd still like to not have to worry about it any more.
I think the next step is going to be a random, hidden, mandatory field....< |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 19 December 2007 : 20:01:08
|
Let's see if I can beat Shaggy's 90 day record...
48 hours -- no bots!
 < |
|
|
|
Panhandler
Average Member
USA
783 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 19 December 2007 : 20:57:18
|
| So you know the last time I posted a suggested fix I never got a bot since then that the fix would have blocked. The bot makers lurk on here finding our solutions and then find a way to circumvent them.< |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 19 December 2007 : 21:49:36
|
| Of course they do. How else do you think they are going to "reach" the thousands of Snitz users? < |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 20 December 2007 : 05:20:30
|
If everyone makes the same field required (in this case, birthdate) on their forums then the bots are eventually going to get rewritten to provide a birthdate at registration as it benefits them to do so. However, if every forum requires one additional field at registration (even better if it's a custom field) then the benefits of rewriting the bots are reduced as each rewrite will only give them access to a small handful of forums again. Pick a field that your members won't mind filling out and that may actually be useful to interaction on your forums (for example, on a weddings site, make marital status required; on a music forum, create a favourite song field and make it required; and son on). Of course, the best way to avoid the bots is to simply create your own, customised registration form - Woo.ie uses this solution and we've had absolutely no automated registrations in over 3 years. Of course, no one solution is going to prevent the manual spammers from registering, but they're usually pretty easy to spot.
< |
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 20 December 2007 : 07:16:53
|
quote:
Of course, no one solution is going to prevent the manual spammers from registering...
Agreed, Shaggy.
Perhaps we should keep less-technical Snitz users in mind. Given a couple years, I could probably come up with the 'custom registration page' you speak of. There may be some (many?) that would not even attempt such a task. This sounds like a MOD is needed. Any 'Snitz coders' up to the task -- a 'custom registration' MOD?? On the larger scale, should this feature be built into the Snitz 'package'?
I am willing to help, but I am better modifying code than writing original code.
< |
|
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 20 December 2007 : 07:34:17
|
| pardon my ignorance, but how can you build a 'custom reg screen' into the Snitz package, surely it would no longer be custom any more.< |
|
|
|
Topic |
|
Jury is still out...
