• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 1.1.4: Anti-Spam Improvements for Registration

Alfa1

Well-known member
#42
Please ad Bad Behavior as well, so that bots are blocked based upon user agent, IP and combinations. I'm pretty sure that Michael would be open to the idea of expanding to XF: http://bad-behavior.ioerror.us/
Contact him.

Will XenForo sites report spammers back to the blacklists? It's very beneficial if there is spammer information feedback, so XenForo spammers are quickly blocked accross the board.
 

Despair

Active member
#43
A registration timer system is now built-in to the registration form. For a valid user, they simply cannot submit the form until the time is up. If a person submits the form without waiting long enough, they will need to wait again until to submit the registration.
Do you think the reg timer text needs the JsOnly class? Users who try to register with JS disabled will see "Please wait 10 seconds" forever. The average person would just submit the form anyways, but yeah... Although with the JsOnly class you'd just to check that registering to quickly also generates an error message for the user? If by the chance you have JS disabled and use some sort of browser auto fill, the user might not have any idea why they couldn't register.
 

Carlos

Well-known member
#46
Built-in Registration Timer
A registration timer system is now built-in to the registration form. For a valid user, they simply cannot submit the form until the time is up. If a person submits the form without waiting long enough, they will need to wait again until to submit the registration.

View attachment 41583
This may stop spammers from trying to register frequently! :) AWESOME!

And I'm lovin' the other features, too!
 

craigiri

Well-known member
#48
So... how long before all the bots just request the registration page, then wait 90 seconds before submitting the response?
This depends on whether all the other forum software has the same features. If there is some easy picking elsewhere, the writers of the sw are likely to stay lazy for awhile. Plus, the folks that buy that sw may not want to update, etc.

My sense is that most don't care when reg. fails - as long as they harvest some others! So maybe the final solution would be a bunch of easily crackable "chaff" boards out on the new which they can think they have broken into!

Until then, there are probably tens of thousands installing free forums every month...that they can target!
;)

And, when they do step through one hoop, the good guys will come up with something else.

Craig
(winning the war on spam since 1995)
 

Carlos

Well-known member
#49
My sense is that most don't care when reg. fails - as long as they harvest some others! So maybe the final solution would be a bunch of easily crackable "chaff" boards out on the new which they can think they have broken into!
That's why I'm happy about the timer. I get many registration requests on CODForums on a daily basis, sometimes in a large chunk of quantity.
 

James

Well-known member
#50
Excellent anti-spam methods, proven to work with existing add-ons here.

Nice to see any update from XF - thanks Mike!
 

Carlos

Well-known member
#53
No, you misunderstand. He didn't mean that this functionality of xf 1.1.4 works among other spam addons, but simply states that addons already can do what 1.1.4 can do and that well.
Oh. :notworthy:

I was not aware that there are add-ons that have some of these features, so my bad. :oops:
 

SeaDog

Active member
#59
@Mike (or someone in the 'know'): Is there a timeout setting for checking the blacklists? You don't want the registration to hang if they're having server issues.

Also wouldn't a neater solution to the timer simply be to reject the registration if completed with X seconds? This way the average use won't notice a timer even exists
 

Brogan

XenForo moderator
Staff member
#60
Also wouldn't a neater solution to the timer simply be to reject the registration if completed with X seconds? This way the average use won't notice a timer even exists
That would potentially confuse people signing up as they wouldn't understand why the Sign Up button was greyed out.