| Author |
 Topic  |
|
muzishun
Senior Member
United States
1079 Posts |
 Posted - 20 December 2007 : 09:07:53
|
I think the suggestion is to build an admin interface for the registration whereby the admin can specify with each field whether it's required or not.
At least that is the way I am interpreting it. Correct me if I am wrong, gary.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
 |
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 20 December 2007 : 10:13:31
|
| I am pretty sure that there is already a MOD which does that, it was written by JJenson I think< |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 20 December 2007 : 10:24:50
|
quote:
Originally posted by HuwR
pardon my ignorance, but how can you build a 'custom reg screen' into the Snitz package, surely it would no longer be custom any more.
Obviously, my wording (or my thinking!) was not clear.
Assume that Snitz setup allowed (requires?) the Admin to specify a field name... any name! This field would then be part of the Registration page/process. User must enter a value (Ex: seven characters starting with current year -- 2007xxx) or a value specified in the Registration instructions. The value entered (upon 'Submit') is tested for acceptance. If the value passes the test, the Registration process is continued.
All of the bogus bot registrations I have seen use the same first and last names (RealName MOD installed). 'Applicant' enters last name in field, clicks Submit, and the value is compared to value entered for first name. If they match, speakers issue a loud flatulence sound!
Use of an arbitrary field name 'randomizes' each forum. If we consider requiring one of the 'standard' User profile fields (such as birth date), the randomness is lost. Bots could be programmed to try each standard field until the correct 'required' element is found.
Again, I would not limit the process to the standard, well-known fields.
I hope this is a better explanation...
[Edit] My apologies... by the time I responded, Huwr had already made his post. If this has already been done, sorry to take up the bandwidth. I (and perhaps others) was not aware of this MOD.< |
Edited by - gary b on 20 December 2007 10:27:55 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 20 December 2007 : 10:49:52
|
Sounds like you're after the Podge's Gatekeeper mod.
< |
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
Podge
Support Moderator
Ireland
3776 Posts |
|
|
HuwR
Forum Admin
United Kingdom
20595 Posts |
Posted - 20 December 2007 : 11:49:52
|
gary_b,
we use some of the methods you suggest here, firstname is compared to lastname and rejected if the same, also in our register.asp there is a randomly created hidden form field which prevents bots using offsite forms from being able to post registrations. If you do a view source on the registration page and search for hidden, you will find something like this <input name="1KZQK2" type="hidden" value="1MDRM"> (obviously for security reasons I can't divulge exactly how this works  )< |
|
|
|
muzishun
Senior Member
United States
1079 Posts |
Posted - 20 December 2007 : 12:29:04
|
quote:
Originally posted by HuwR
gary_b,
we use some of the methods you suggest here, firstname is compared to lastname and rejected if the same, also in our register.asp there is a randomly created hidden form field which prevents bots using offsite forms from being able to post registrations. If you do a view source on the registration page and search for hidden, you will find something like this <input name="1KZQK2" type="hidden" value="1MDRM"> (obviously for security reasons I can't divulge exactly how this works )
Why doesn't this get added to the base code? If it is something that is randomly generated, I don't see why putting it in the base code would help the spammers.< |
Bill Parrott
Senior Web Programmer, University of Kansas
Co-Owner and Code Monkey, Eternal Second Designs (www.eternalsecond.com)
Personal Website (www.chimericdream.com) |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 21 December 2007 : 17:38:11
|
| I'm slightly puzzled - bots don't press a button on a screen normally, but just play out a rehearsed script, so if the submit and reset buttons just changed position, how would this stop the registration? The form submission is still a submission?!< |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 23 December 2007 : 12:40:16
|
quote:
- bots don't press a button on a screen normally, but just play out a rehearsed script, so if the submit and reset buttons just changed position, how would this stop the registration? The form submission is still a submission?!
Well... I don't want to give the appearance of knowing what I am doing! But this is my thinking... and it has worked so far! NO bot registrations for days!
The bots work off a script. That script 'looks for' a submit button on the page. (By looking at 'page source'??) Upon finding a button labeled 'Submit' or "Accept", it 'calls' that button's link or action. *My* "Accept" button is tied to redirect back to main forum page. [Insert giant raspberry sound for bots!] In order to defeat button reversal, the bot script would have to 'analyze' the link/actions tied to the buttons.
Sound like a bunch of arm-waving and mumble-jumble?? Well, it is. But that's the best explanation I can give for my logic.
Refer to first paragraph -- last sentence.  < |
Edited by - gary b on 23 December 2007 12:44:22 |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 24 December 2007 : 10:05:21
|
Received today from forum owner...
quote:
Got first app since you killed the bots...
Steve
sherm@xxxx.com wrote:
This technique is working. Which leads me to imagine a variation that would be unique to each forum:
What If... the policy page was changed to use one specific word in the text (selected by each Admin for their forum) as the "Accept button". Displayed button would be a dummy -- AKA 'honey pot'. This sure would 'randomize' the population of Snitz forums.< |
Edited by - gary b on 24 December 2007 16:25:08 |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 26 December 2007 : 14:11:31
|
quote:
Originally posted by gary b
Sound like a bunch of arm-waving and mumble-jumble?? Well, it is. But that's the best explanation I can give for my logic.
Result! I have to be honest, I'm not sure why that would work, as the form submission is unlikely to involve the bot 'looking at' anything, just calling the URL's with paramaterised querystrings. If the only thing to have changed is the button position, that ought not affect it (although if the button has changed name, it might, and will depend page by page)
I'm not saying your solution can't work (I'm very happy that it does), just puzzled why it works!< |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 26 December 2007 : 16:05:26
|
FWIW... the button positions and names have not changed. But the code that drives the functionality of each button has been swapped with the 'other' button. Can't get much simpler than that.
Four or five days now and no bots -- nada! zilch! squat!!
< |
|
|
|
JJenson
Advanced Member
USA
2121 Posts |
Posted - 28 December 2007 : 10:06:34
|
| Will you post the chunk of code so we can all see this and apply this to our forums? I think I understand what you are saying but would love to see it to make sure.< |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 28 December 2007 : 11:51:44
|
No problem, JJ...
RIGHT-click link below
'Save Target/Link As' to your desktop
Open in NOTEPAD with word wrap turned OFF
Actual code changes involve only about 4 or 5 lines. I did change narrative (my lines 57-63) to provide instructions about how to Register. Note spaces I used in my instructions to spell word:
c a n c e l
[Link not available]
Make backup copy of policy.asp BEFORE trying this change!
Questions?? Let me know...
gary b
[Edit: right-click instructions]< |
Edited by - gary b on 10 January 2008 06:23:54 |
|
|
|
Topic |
|
Jury is still out...
