[Twit]

Well I told my friend (Blitz of Elemental Temple), about the forum bots that spam in this forum. He told me a quick way to fix it with only a few simple steps.

Make a field in registration that asks "Are you human," and only accepts the answer yes.

This way, the bots cannot register and therefore cannot post ^_^~

[The Wind Seer]

Are you sure that would work?

[Twit]

100% positive it would work.

Bots wouldnt know how to get through, because the program would not be programmed to do so.

[Split Infinity]

If they failed the first time, they'd probably just select the other button.

[Caael]

Was this forum one of the ones where you had to click the link in the email to atcivate your account?

[Eugine]

yup... they're getting smarter x.x
I don't know how to fix it, but one thing we all can agree on... bots are getting annoying.

[Wiflewood]

PLS BUY MY VIAGRA


...



But about the bots, I'm pretty sure there is a code for IPB, the one where you see a picture that has a random series of numbers that you have to type into a box when you try to sign up. That'd be one way to stop them.

[Caael]

There isnt any point in bots. Nobody is going to even look at the topics, so why do they even bother?

[Twit]

They just keep coming though ><

The trick is, you must answer with "Yes"

The bots cant just have another answer if they arent programmed to have another one. The people who make these bots are targetting millions of forums with this one program. When one of the forums has a different registration, they wont change the entire program for it.

[Someone Else]

Wiflewood, on Feb 16 2007, 09:21 AM, said:

But about the bots, I'm pretty sure there is a code for IPB, the one where you see a picture that has a random series of numbers that you have to type into a box when you try to sign up. That'd be one way to stop them.

That'll work. Why didn't we think of this before?? :)

[Neon]

That has been part of Invision since like forever. Clearly they have found a way around it though...

[Toasty]

Probably image recognition software. Though I don't see why someone would spend their time makeing something as complex as that just to spam a forum. Unless of course they get it from someone else, or sell their bots for other people to use.

The best way, though, would probably be to have a sound file that says the letters. But it'd have to be a person saying it clearly for it to work. I'm not sure, but I think sound recognition software is a bit more complicated than picture reognition, again, since it wouldn't be programmed for it, it could keep 'em at bay for a while. But then, they could just be able to find out what't in the picture by it's filename. Same goes for the sound.

Above all, we need some kind of firewally add on for the forums. Until that happens (or Max finds one), I'd suggest the sound file since it would take longer to get around if they tried.

[FlamingDuck]

But then people without speakers couldn't register. Yes, there are computers without speakers.

Maybe we could have a rotating question thing from week to week, like "Are most bananas yellow?" one week and "Are dogs bigger than mice?" the next. Though is it even possible to change what's on the registration screen?

[Caael]

Or instead of the secret questions for your password recovery, have what FD said, but you chose 2 to answer

[Toasty]

But we aren't talking about that....And besides, if we used that instead, it'd be too easy for someone who might've hacked your account to recover your password.

And I kinda forgot about the whole speakers thing.......So that leaves a built in firewall for the forums.

[Twit]

Are you forgetting the initial suggestion, "Are you human?"

It worked on my other forum perfectly. We have yet to get another spam bot.

[Eugine]

Max isn't reading this it seems x.x

I've seen this 'Are you human?' question at other forums, so I guess it works.

[Golden Djinn13]

I hope it works. The spam bot posts are starting to get....wierdly explicit. :)

[Toasty]

I just thought of another idea. What if all members had to be approved by the admin? After someone joins, the next screen will show a message that says something like "Your request to join has been sent to the admin. This is all just to help prevent spambots from rampaging here." Usually spam bots will post as soon as they join, and never return. But if they have to wait, they won't bother. That way the bots stay out, and the real people can join. But the whole are you human question will work too I guess.

[Twit]

Mr.T, on Feb 18 2007, 04:52 PM, said:

I just thought of another idea. What if all members had to be approved by the admin? After someone joins, the next screen will show a message that says something like "Your request to join has been sent to the admin. This is all just to help prevent spambots from rampaging here." Usually spam bots will post as soon as they join, and never return. But if they have to wait, they won't bother. That way the bots stay out, and the real people can join. But the whole are you human question will work too I guess.

Admins have to decide whos a bot then, and then Admins might not ave time.

[Eugine]

Well Toasty, we were actually dicussing this in the mod forum a few weeks back, and like Twit said, Max said he neither Nick has the time to validate every single account.

He did say, if we found a mod, which allows us moderators to validate accounts he'd install it. So can yall find a mod? I can't :'(

[Toasty]

I could take a look around.

[EDIT] I found a few mods that might be useful for other things as well:

Taken from http://invisionize.com/index.php:

This will prevent Admin Ivan from beign deleted in the prune: http://mods.invision...index.php/f/196

This might allow for validation via Mod, but at the very least, allows for custom mod abilities (perfect for an RP forum, should there be seperate mods): http://mods.invision...index.php/f/178

Something to do with resynching forums: http://mods.invision.../index.php/f/86

Here's a mod that adds a reputation system: http://mods.invision...ndex.php/f/7190

As for the clan idea, these would probably be perfect for it: http://mods.invision...ndex.php/f/7318 or http://mods.invision...ndex.php/f/7235

A very fast search engine for IPB with no limit! (exact quote): http://mods.invision...ndex.php/f/7203

I'm guessing Max downloaded something like this for the member pruning: http://mods.invision...ndex.php/f/7390

Looks like I couldn't find an exact mod, but the second one I posted might allow that. I'm not sure if it would though. I found quite a few other interesting mods, but I figured they were too insignificant.

I hope at least one of these helps with something.

[Split Infinity]

DO NOT ACTIVATE ADMIN VALIDATION. It's one of the most disrespectful actions that you can take against a new member. It also shows that the Administrator is a control freak. What if he/she isn't here for a few weeks? At least half a dozen members, gone. They're not going to wait for you to approve them.

[Eugine]

If we ever do it, we will only do it until we can control the SPAM bots problem Split.

[Nyktos]

He has a point. Admin validation only really works if you have a lot of admins.

[Toasty]

Split Infinity, on Feb 18 2007, 10:31 PM, said:

DO NOT ACTIVATE ADMIN VALIDATION. It's one of the most disrespectful actions that you can take against a new member. It also shows that the Administrator is a control freak. What if he/she isn't here for a few weeks? At least half a dozen members, gone. They're not going to wait for you to approve them.

That's why were looking for a mod that allows the moderators to do that. There's at least one mod on here every day (and that's at the very least), so validation via mod is a better way to go. And like Eugine said, it'll just be until we can control the spam bot rampaging.

[Hinoa]

Going back to Twit's idea:

Twit, on Feb 15 2007, 10:04 PM, said:

Make a field in registration that asks "Are you human," and only accepts the answer yes.

This way, the bots cannot register and therefore cannot post :P~

The catch is that it has to be set to "no" by default. I've actually seen this done on another forum, but that one was phpBB. I dunno if you can do that with Invision.

In the meantime, at least, you (and by "you", I mean everyone here who has ban abilities) can always just IP ban the spambots.

[[Addendum:]] I'm also surprised that the validation code doesn't work well. I've looked at the URL for the image of the code, and it's long. Really long. I suppose the problem may be that Invision only uses numbers for the validation code, and that leaves... a million choices. That sounds like a lot, but it's not.

[Twit]

Well, the million choices are constantly changed everytime a bot gets something wrong...

It is possible to add registration feilds in IPB by the way.

[Hinoa]

Even so, it's possible just to brute-force any password. It'll take forever, but it's entirely possible.

It may also be that the bot's reading the code for the numbers and using that. Like I said, the code is extremely complex and long and I have no clue how it works, but it's possible.

And I found this while looking into the Invisionfree support board. They had a similar problem a while back, and since these Invision boards are pretty much just an update of the boards they use at Invisionfree, it might be able to help. Of course, Max or some other admin would have to implement part of it...