1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

BotScout to prevent SPAMBot registrations

Discussion in 'Add-on Releases [Archive]' started by Fred Sherman, Jan 9, 2011.

  1. Fred Sherman

    Fred Sherman Well-Known Member

    I'll leave it to AnthonyCrea to give you all the reasons to use BotScout. I think its enough that reCAPTCHA may be compromised and stopforumspam was unavailable for a period of time.
    1. Get API key: http://www.botscout.com/getkey.htm
    2. Download xFBotScout.php
    3. Edit appropriate values:
    $APIKEY = '';​
    $ALERT_EMAIL = 'your@email.com';
    $ALERT_FROM = 'BotScout@your-domain.com';​
    4. Upload to INSTALL_DIR/library/XenForo
    5. From your ACP, create a new phrase called BotScout_Alert with whatever biatch slappin' text you want. No human being will ever see it. Mine is:
    ALERT: SPAMbot Detection has been activated. User will not be registered.
    6. Edit INSTALL_DIR/library/XenForo/ControllerPublic/Register.php:
    Add After:
    // BotScout.com "BotBuster" check
    By FULL_PATH_INSTALL_DIR, I mean the full directory path, like /home/username/public_html/community, not the URL.
    I know you guys still like screenshots, so here is the screen no human being should ever see.

    Attached Files:

  2. Fred Sherman

    Fred Sherman Well-Known Member

    My code is based almost entirely on the code at BotScout for other forums, modified to use xenForo error messages. In no way am I presenting this as an original work. I am simply standing on the shoulders of others to see a little further.
  3. steven s

    steven s Well-Known Member

    What is it checking?

    What if it is a false positive? I've had my vB3 mod stop registrations based on an ip address which was a legit registration. I no longer check against the username list.
    Then they would contact me so I could manually add them.
  4. Fred Sherman

    Fred Sherman Well-Known Member

    IP address, username and email address. You can check the database on their site: http://www.botscout.com/search.htm
    They can change username and email, but as long as they come from a known IP adress (not range of IPs), they're trapped in an endless loop of being unable to register.
    I get where you're coming from. Its the trade-off between trusting an outside source that may have an IP address in the database that shouldn't be there vs. you not having the time to be constantly vigilant. Everyone has to decide for themselves which is the bigger risk and do the other.
  5. DSF

    DSF Well-Known Member

    The variable $RETURNED_DATA from file_get_contents has no pausibilitycheck for security.
  6. steven s

    steven s Well-Known Member

    The majority of my spammers have been stopped based on ip address. Then comes email address.
    What might be nice is to have something say, based on your ip address, email address or username your registration has been rejected. If you feel this is in error, contact . . .
    Think it's possible not to check against username? That is where I get the most false positives.

    Thanks for your efforts.
  7. Digital Doctor

    Digital Doctor Well-Known Member

    +1 liked, great idea.
    Added Botscout Addon to my informal list. Spam Bot Addons / Plugins.

  8. Fred Sherman

    Fred Sherman Well-Known Member

    It wasn't in the original code, so its not in this one either. Because, this is just a hack until something better comes along, which appears to be soon.
  9. Fred Sherman

    Fred Sherman Well-Known Member

  10. lms

    lms Well-Known Member


  11. Floren

    Floren Well-Known Member

    This will get you protected for up to 300 API calls. You might think is a lot but is not. The bots will hammer your forum several times a day, thinking there was a connection error.
    I think you should create a table where you store the previously called API data, preventing you to repeat several times the same API call to botscout.com database.
  12. RickM

    RickM Well-Known Member

    Only 300 calls (is that per 24 hours?) :/ Seems stupendously low!
  13. Vettexl

    Vettexl Member

    I completed the steps you outlined, but how do I know if it's working? Thanks!
  14. lms

    lms Well-Known Member

    Wait for a spammer to register


Share This Page