- about 1 out of every 100 IP addresses were not getting logged, this should now be fixed
- core hp_user name was not getting logged correctly, this is now fixed
- Nothing major, it works, these are just logging related fixes
I've added some extra alternative honey pot mechanisms in
I've added honey pots that specifically detect browser based bots
I've added honey pots that specifically detect non browser based bots (so these two alone should catch 100%)
I've also updated it so it works with xf 1.4.x -> xf 1.5.x
This will prevent the new wave of Xrumer and GSA that detect classical core honeypots, that bypass the registration timer, that have clean IP's thus bypass APIs
- This type of honeypot simply distinguishes between browsers and non browsers
- couple of minor bug fixes (stopobotters api - issue when no email/username sent, fixed)
Added 4 more types of hidden fields (none can be tabbed into)
Opacity Hidden
Z Index Hidden
Left Off Page Hidden
Right Off Page Hidden
For these new types, I also use uuids for class selectors (so a bot can't just read the class names to identify if something is hidden, it will need to use a JavaScript engine and work it out)
Added options to turn off the CAPTCHA for registration (but keep it for all other areas)
Added options to hide the timezone option (reducing the number of fields on the registration page)
Added RecentActivity and Members to the areas protected by the cache (since these seem to be significant areas also hit and spam bots)
Also now update the cache time on bot re-attempts (so the ip doesn't suddenly become un-cached even though the bot is continuously hitting the forum)
Added dynamic spacers for rare bots that attempt to auto-fill based on know form positions (I believe it's unlikely most forums will experience these)
Added stats, this also works with AnyApi (this option is more for myself to show the strengths of various APIs)
Added a dynamic url, so forms get submitted to register/register&xxxxx=yyyyy instead of just register/register (both the param and values are uuids). When bots target xenforo, they often post directly to the core location: register/register, this would now throw an error (the param and values acts like an extra hidden field).
Added option to make the registration process 2 step (This stops some bots, but primarily allows more customisation for admins)