[OzzModz] Registration Spaminator Stop Spam Bot Registrations [Paid] 2.2.0

[Ozzy47]

ozzy47 submitted a new resource:

[OzzModz] Registration Spaminator - Registration Spam Bot Fighting Tool

This addon is another tool in fighting spam bot registrations at your forum.

How it works

Spoiler: Click Me

The [OzzModz] Registration Spaminator injects false fields and checkboxes into the registration form which browsers don't render so humans never see. But the bots fill out the fields and check the boxes - identifying themselves as bots and falling into the Spaminator trap. The Spaminator then logs all the information and sends the bots to register-complete, but...

Read more about this resource...

 

[Ozzy47]

Reserved

 

[Ozzy47]

Q: Has this been tested at all?

A: Yes, extensively. The [OzzModz] Registration Spaminator has logged over 2 million blocked bot registration attempts in exhaustive testing for five years (on vBulletin and XenForo) on several forums - without allowing ANY successful automated registrations or ever interfering with any legitimate human. It has a perfect 100 percent success service record. It has never failed, never been defeated, never been bypassed and never blocked a legitimate human registrant.

 

[Tealk]

Your log shows plaintext passwords?
That brings us to zero privacy and security.

 

[Ozzy47]

Why would I be concerned about the privacy and security of spam bots?

 

[Max Taxable]

Your log shows plaintext passwords?
That brings us to zero privacy and security.

The data the logs show is entered by automated programs, not humans trying to register. There are no privacy or security concerns since humans cannot enter information in those fields. They can't even see those fields.

 

[Tealk]

Oh ok then I misunderstood the log, sorry.

 

[Ozzy47]

Oh ok then I misunderstood the log, sorry.

It’s cool, there is a lot of info to take in with the addon.

 

[WoodiE]

The data the logs show is entered by automated programs, not humans trying to register. There are no privacy or security concerns since humans cannot enter information in those fields. They can't even see those fields.

Which begs the question - why would this add-on even need to store any password in plain text?

Even if this is was random computer bot, why do we care what password they use?

 

[Max Taxable]

Which begs the question - why would this add-on even need to store any password in plain text?

Even if this is was random computer bot, why do we care what password they use?

It's logged because it is one of the false field traps that if anything is entered, identifies this as a bot transaction. Nobody does care what passwords are used and there's absolutely no point in hashing it. But bots love to fill in the blank when presented with a chance to verify password. So it's a great land mine.

 

[Ozzy47]

It is one of the fields they fill out, it shows exactly what they input into it.

 

[AzzidReign]

I've used automatic form filters via things like Roboform or LastPass, would I be flagged if using one of these then?

 

[Ozzy47]

No you would not. It should not stop those types of programs from registering by filling out the traps.

 

[Max Taxable]

I've used automatic form filters via things like Roboform or LastPass, would I be flagged if using one of these then?

Those do not render any of the hidden fields or checkboxes. Those ARE known to cause problems with timer-based anti-spam measures. This does not use any timers.

 

[Max Taxable]

Visual aid, for reference. This is what human people trying to register see, at one of my sites running this:



This is what automated bot spam programs "see," when this addon is active.

Spoiler: Click Me

 

[Max Taxable]

I've used automatic form filters via things like Roboform or LastPass, would I be flagged if using one of these then?

By the way, for the readers - this addon does not "flag" anything. It issues no "gotchas" or any type of warning on fail. It simply, creates no account. Then it sends the "bot" to the register complete page anyway. All of the native behavior is exactly as it is on legitimate registrations, except there is no account created and the event is logged if it's a fail.

 

[Sysnative]

I'm also a bit concerned that this records passwords - I don't think this needs to record passwords at all, and in the case of false positives this isn't very privacy focused or secure.

FYI - I tried this add-on as the vB4 version, and it was one of our most effective anti-spam measures.

 

[Max Taxable]

I'm also a bit concerned that this records passwords - I don't think this needs to record passwords at all, and in the case of false positives this isn't very privacy focused or secure.

FYI - I tried this add-on as the vB4 version, and it was one of our most effective anti-spam measures.

VB version recorded the false passwords as well. But we never released it as an addon - were you one of our private testers back then?

There can be no false positives. There never have been in the 5 years operational history of this, while logging over 2 million bot registrations stopped.

 

[WoodiE]

Visual aid, for reference. This is what human people trying to register see, at one of my sites running this:

View attachment 211340

This is what automated bot spam programs "see," when this addon is active.

Spoiler: Click Me

View attachment 211341

This makes much more sense and could probably be worded a bit better in the actual description of the add-on @ozzy47

This is NOT the actual password field that the bot and/or user is filling out but is a fake input field simply named "password"

The screen shots help say a lot. Thanks!

 

[Sysnative]

VB version recorded the false passwords as well. But we never released it as an addon - were you one of our private testers back then?

Yup - I used the original for a few years from 2015 onwards.