Please add bad behavior:
http://bad-behavior.ioerror.us/
Bad Behavior blocks fake user agents, bad bots, and users blacklisted by project honeypot.
Unfortunately, just about every bot that spams forums (usually XRumer) fake their user Agent to look like a browser.
I do detect user agent, and log them. If you have this installed, just look through your logs of all the user agents
... Detecting bots with user agent hasn't been a good method for blocking bots in years (it's very old school, even the most basic bot now fake this)
Here are my last 10 detected bots:
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20100101 Firefox/17.0 AlexaToolbar/alxf-2.17
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.46 Safari/536.5
User Agent: Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.7.62 Version/11.00
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
User Agent: Opera/9.80 (Windows NT 6.1; WOW64; U; Edition Ukraine Local; ru) Presto/2.10.229 Version/11.64
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/19.0.1084.52 Safari/535.12
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; WebMoney Advisor; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.30618; .NET CLR 3.5.30729)
User Agent: Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20100101 Firefox/12.0
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.1634 Safari/535.19 YI
Using user agent to block bots is now very ineffective
The honey pots aren't always relevant to forums... but they do pick up a few, usually because the bot user uses XRumer or other applications with the same pool of proxies against various CMS's
Using multiple API to block bots in my opinion does not gain very much for anti-spam, but does slow things down
An API that detects known bots / know behaviours can block a high percent (say 95-99%), but it will never block 100%
If you have multiple APIs, you don't increase this very much (you still do not block 100%), but you might increase the percentage by a decimal point or two
But each API you add, requires an additional request, you then make the user wait seconds longer than they should, and gain no real benefit in the number of bots you block
If you use a list of APIs, it can take a long time to check each request, making the registration feel laggy, and the phrase "
elegant methods that do not bother humans" becomes less appropriate
No more APIs need to be used, no more APIs will be used with this plugin
This plugin already blocks 100% of bots, No APIs are needed. The one API that is present is there for a time when this mechanism is eventually targeted (if it is ever targeted), and the API will carry on blocking bots while I release an update
If you do want to use a list of APIs, then
Stop Spam Here or
XenUtiles might be what you are looking for
I don't want to mislead you, no more APIs need to be added to this (they will only have negative impact on the users and gain no significant benefit, particularly since it already blocks all bots)