How to prevent spam auto-registering account for XenForo 2. [Deleted]

mjda · Jun 17, 2024

This looks like a form where each member who wanted to register would enter their own password. That's not the case, though. Everyone has to enter the password that's listed in that PHP file, here: $real_password = 'XenForo';. My question is, how would random visitors to the site know what password they needed to enter there in order to register?

Thangvip9x · Jun 17, 2024

mjda said:
This looks like a form where each member who wanted to register would enter their own password. That's not the case, though. Everyone has to enter the password that's listed in that PHP file, here: $real_password = 'XenForo';. My question is, how would random visitors to the site know what password they needed to enter there in order to register?

It will display XenForo when guests click on "Register."

mjda · Jun 17, 2024

Thangvip9x said:
It will display XenForo when guests click on "Register."

Sorry, I don't see that in the code. The line says "Please enter XenForo below". That's hard-coded in. Makes me think this is how I enter XenForo, or how I enter the forum. I don't automatically think that's what I need to enter into the box.

Also, if someone changes the $real_password, entering XenForo there won't work.

Shouldn't that line say Please enter <?=$real_password ?> below?

Additionally, are bots not smart enough to read that line and know they need to enter that word to get by?

Thangvip9x · Jun 17, 2024

mjda said:
Sorry, I don't see that in the code. The line says "Please enter XenForo below". That's hard-coded in. Makes me think this is how I enter XenForo, or how I enter the forum. I don't automatically think that's what I need to enter into the box.

Also, if someone changes the $real_password, entering XenForo there won't work.

Shouldn't that line say Please enter <?=$real_password ?> below?

Additionally, are bots not smart enough to read that line and know they need to enter that word to get by?

Bots mostly use available tools to automatically register usernames. Adding code will prevent bots from registering successfully.

mjda · Jun 17, 2024

Thangvip9x said:
Bots mostly use available tools to automatically register usernames. Adding code will prevent bots from registering successfully.

That was a bit of a rhetorical question. I'm not sure how smart bots are/aren't. This could very well work great.

I believe there's still an issue with the code listed here, though. If I change the password to $real_password = 'SomePassword';, the registration page will still say "Please enter XenForo below" but entering "XenForo" will trigger the invalid password. So, unless that's changed, how would a random visitor know what password to enter, assuming it's changed?

Thangvip9x · Jun 17, 2024

mjda said:
That was a bit of a rhetorical question. I'm not sure how smart bots are/aren't. This could very well work great.

I believe there's still an issue with the code listed here, though. If I change the password to $real_password = 'SomePassword';, the registration page will still say "Please enter XenForo below" but entering "XenForo" will trigger the invalid password. So, unless that's changed, how would a random visitor know what password to enter, assuming it's changed?

You can place it in the title, please see my screenshot

mjda · Jun 17, 2024

Thangvip9x said:
You can place it in the title, please see my screenshot

What I'm saying is it'd make more sense, and be easier for folks to use, if you changed this:

Code:

<p>Please enter XenForo below:</p>

to something like this:

Code:

<p>Please enter "<?php echo $real_password; ?>" into the box below:</p>

This way there is nothing else that needs to be done, following your guide, other than changing the password. It also makes it a little more clear what needs to happen on that page. If someone simply follows your guide, and only changes the password, this will not work for them.

I'd also recommend adding some kind of notice letting folks know that following this guide will cause XF to generate a notice about having files with unexpected contents.

Of course, this is all just my opinion.

Thangvip9x · Jun 17, 2024

mjda said:
What I'm saying is it'd make more sense, and be easier for folks to use, if you changed this:

Code:

<p>Please enter XenForo below:</p>

to something like this:

Code:

<p>Please enter "<?php echo $real_password; ?>" into the box below:</p>

This way there is nothing else that needs to be done, following your guide, other than changing the password. It also makes it a little more clear what needs to happen on that page. If someone simply follows your guide, and only changes the password, this will not work for them.

I'd also recommend adding some kind of notice letting folks know that following this guide will cause XF to generate a notice about having files with unexpected contents.

Of course, this is all just my opinion.

I understand, thank you

Thangvip9x · Feb 24, 2025

This resource has been removed and is no longer available. The following reason was provided:

Author banned for piracy

How to prevent spam auto-registering account for XenForo 2. [Deleted]

mjda

Well-known member

Thangvip9x

Active member

mjda

Well-known member

Thangvip9x

Active member

mjda

Well-known member

Thangvip9x

Active member

mjda

Well-known member

Thangvip9x

Active member

Thangvip9x

Active member

Similar threads

We value your privacy