XF 1.1 1.1.4: Anti-Spam Improvements for Registration

1.1.4 includes some additional anti-spam options for the registration form. These are small enough improvements that they can be done for a 1.1.x release. You will see some deeper integration of additional tools (such as the previously-shown StopForumSpam) in 1.2. As always, targeted attacks may potentially be able to mitigate some anti-spam techniques.

Built-in Registration Timer
A registration timer system is now built-in to the registration form. For a valid user, they simply cannot submit the form until the time is up. If a person submits the form without waiting long enough, they will need to wait again until to submit the registration.

This can be configured in the admin control panel:

Unique Registration Key
This ensures that the registration form must be displayed before any registration can take place, making more work for bots. Each key can only be used once. (This is not a particularly strong protection on its own, but every little bit helps.)

Integration with DNSBLs
There are several DNS Blackhole Lists (DNSBLs) that track spam or malicious IPs (Spamhaus and Tornevall, in particular). These can be queried on registration and if the requesting IP address is found on them, an action can be taken.

In case you're wondering, we've made it much easier to see if there are users pending admin approval as well:

Expect more in the future...

 

[Sylar]

Awesome
edit: (first! )

 

[Slavik]

No video!?

 

[TheBigK]

Looks awesome!

 

[Mike]

No video!?

"Hi, this is not Kier from XenForo..."

 

[FredC]

man this is going to be sweet on one of my forums that gets hit hard each and every day.

 

[Shelley]

Excellent work Mike.

 

[Chris D]

That's it ... you've cracked it.

The Registration Form Timer is one of the most effective solutions to the problem as demonstrated by the implementation of it in my add-on and XenUtiles and FoolBotHoneyPot.

Bye bye spammers

 

[Gene Steinberg]

When? I still see 1.1.3 in the download area.

 

[Chris D]

When? I still see 1.1.3 in the download area.

I would guess tomorrow.

 

[Luxus]

When? I still see 1.1.3 in the download area.

This is a forum that showcases future features

 

[Biker]

Niiiiiiiiiiiiiiiiiiiiice!

 

[Lucas]

Great to see this in the core! Awesome job.

 

[rellek]

*Renewing my licence...*

 

[euantor]

Any type of anti-spam measure is always welcome. The registration timer especially so.

 

[LPH]

Very exciting.

 

[CTXMedia]

Can this be turned off Mike (set it to 0 or leave it empty)?

I have a timer in FoolBotHoneyPot that works okay for my needs at the moment (not that this isn't a great addition to XF, just that I've already got it via the add-on).

Cheers,
Shaun

 

[Mike]

Yeah, set it to 0 to turn it off.

 

[Adam Howard]

Will need to re-new my license soon.

Will wait for May so that I know all the little bugs are out (maybe 1.2)

 

[Pereira]

Love the "Users awaiting approval" in the admin bar. It was a pain having to go into the admin panel to check, especially with all the bots.