[OzzModz] Registration Spaminator Stop Spam Bot Registrations

[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid] 1.1.1

No permission to buy ($30.00)

ozzy47

Well-known member
ozzy47 submitted a new resource:

[OzzModz] Registration Spaminator - Registration Spam Bot Fighting Tool

This addon is another tool in fighting spam bot registrations at your forum.

How it works

The [OzzModz] Registration Spaminator injects false fields and checkboxes into the registration form which browsers don't render so humans never see. But the bots fill out the fields and check the boxes - identifying themselves as bots and falling into the Spaminator trap. The Spaminator then logs all the information and sends the bots to register-complete, but...
Read more about this resource...
 

ozzy47

Well-known member
Q: Has this been tested at all?

A: Yes, extensively. The [OzzModz] Registration Spaminator has logged over 2 million blocked bot registration attempts in exhaustive testing for five years (on vBulletin and XenForo) on several forums - without allowing ANY successful automated registrations or ever interfering with any legitimate human. It has a perfect 100 percent success service record. It has never failed, never been defeated, never been bypassed and never blocked a legitimate human registrant.
 

Manster54

Well-known member
Your log shows plaintext passwords?
That brings us to zero privacy and security.
The data the logs show is entered by automated programs, not humans trying to register. There are no privacy or security concerns since humans cannot enter information in those fields. They can't even see those fields.
 

WoodiE

Well-known member
The data the logs show is entered by automated programs, not humans trying to register. There are no privacy or security concerns since humans cannot enter information in those fields. They can't even see those fields.
Which begs the question - why would this add-on even need to store any password in plain text?

Even if this is was random computer bot, why do we care what password they use?
 

Manster54

Well-known member
Which begs the question - why would this add-on even need to store any password in plain text?

Even if this is was random computer bot, why do we care what password they use?
It's logged because it is one of the false field traps that if anything is entered, identifies this as a bot transaction. Nobody does care what passwords are used and there's absolutely no point in hashing it. But bots love to fill in the blank when presented with a chance to verify password. So it's a great land mine.
 

ozzy47

Well-known member
No you would not. It should not stop those types of programs from registering by filling out the traps.
 

Manster54

Well-known member
Visual aid, for reference. This is what human people trying to register see, at one of my sites running this:

registerform.jpg

This is what automated bot spam programs "see," when this addon is active.

registerform2.jpg
 
Last edited:

Manster54

Well-known member
I've used automatic form filters via things like Roboform or LastPass, would I be flagged if using one of these then?
By the way, for the readers - this addon does not "flag" anything. It issues no "gotchas" or any type of warning on fail. It simply, creates no account. Then it sends the "bot" to the register complete page anyway. All of the native behavior is exactly as it is on legitimate registrations, except there is no account created and the event is logged if it's a fail.
 

Will Watts

Active member
I'm also a bit concerned that this records passwords - I don't think this needs to record passwords at all, and in the case of false positives this isn't very privacy focused or secure.

FYI - I tried this add-on as the vB4 version, and it was one of our most effective anti-spam measures.
 

Manster54

Well-known member
I'm also a bit concerned that this records passwords - I don't think this needs to record passwords at all, and in the case of false positives this isn't very privacy focused or secure.

FYI - I tried this add-on as the vB4 version, and it was one of our most effective anti-spam measures.
VB version recorded the false passwords as well. But we never released it as an addon - were you one of our private testers back then?

There can be no false positives. There never have been in the 5 years operational history of this, while logging over 2 million bot registrations stopped.
 

WoodiE

Well-known member
Visual aid, for reference. This is what human people trying to register see, at one of my sites running this:

View attachment 211340

This is what automated bot spam programs "see," when this addon is active.

This makes much more sense and could probably be worded a bit better in the actual description of the add-on @ozzy47

This is NOT the actual password field that the bot and/or user is filling out but is a fake input field simply named "password"

The screen shots help say a lot. Thanks!
 
Top