Oleg-Sentia
Member
This plugin working with errors:
In this way real human was stopped.
This parameter has a value 15 seconds.
In this way real human was stopped.
Resource icon
Registration Form Timer 2.0
- Thread starter Chris D
- Start date
That probably wasn't a real human 
The StopBotters API can stop spammers based on a number of criteria. This is what has happened. The StopBotters API has found this user in its database and blocked it. It can do this regardless of how long it took to fill in the registration form.
If you still believe this to be a genuine user, please send me a PM without the details being censored and I will get it checked out.
Thank you.
The StopBotters API can stop spammers based on a number of criteria. This is what has happened. The StopBotters API has found this user in its database and blocked it. It can do this regardless of how long it took to fill in the registration form.
If you still believe this to be a genuine user, please send me a PM without the details being censored and I will get it checked out.
Thank you.
Oleg-Sentia
Member
In this case addon have to have another message.That probably wasn't a real human
The StopBotters API can stop spammers based on a number of criteria. This is what has happened. The StopBotters API has found this user in its database and blocked it. It can do this regardless of how long it took to fill in the registration form.
done
Thank U. It really helps.
Kevin
Well-known member
Should this then in theory block users who make it past the timer test but whose email has been submitted to StopForumSpam? Trying to test out a blocked user occurrence.
Yes. But nothing at all to do with StopForumSpam.
StopBotters is a completely new service. One that aims to be much better. I think you're aware of it because you posted here: http://xenforo.com/community/threads/new-anti-spam-service-available-soon.42473/
I think maybe mentioning StopForumSpam was a typo.
But yeah, that's the idea. And of course any caught by the registration form timer that aren't caught by StopBotters are reported as you would expect to make the database even better.
This seems to be an occurrence of where the user was in the StopBotters database, but actually was not caught by the registration form timer:
This plugin working with errors:
This parameter has a value 15 seconds.
In this way real human was stopped.
Kevin
Well-known member
Not a typo, for some reason I thought I read StopBotters was using StopForumSpam as well.
With StopBotters being a bit of a blackhole, if we got a spammer making its way through how do we check if they were on file with StopBotters or not?
So it is checking against the StopBotters API before the timer check? If no, then how/where is it being reported if they make it through?
trichome
Member
Just read through that thread. Very interesting! FWIW, I disabled all other anti-spam protection (except a captcha) and no bots have made it through in the last 48 hours.
Would this mean that if someone clicked the register button in under 15 seconds they'd be automatically listed as a spammer by stopbotters?
If they got through registration then they took longer than X seconds and were not listed with StopBotters. The check is automatic and cannot be queried directly.
Both are checked before registration is confirmed. A registering user can fail on one or both. If a user fails registration then you will find out why registration failed in the logs.
Kevin
Well-known member
Thoughts on adding an option to make it a warning instead of a denied registration if the user passes the timer check but fails the StopBotters check? I'm not sure I'm entirely comfortable with having users blindly denied access as the result of a blackbox.
In an ideal scenario an admin could choose which system to check, StopBotters or somebody else like StopForumSpam.
Yeah but I think StopBotters will be much better than SFS eventually. If it isn't already.
You'll also find a hell of a lot of false positives with SFS. None have so far been reported. They're not impossible with StopBotters, just highly improbable.
Believe me. If they are stopped by the StopBotters database they are stopped for good reason. I've seen some of the underlying statistics. Not sure how much I can say about them. But it's highly accurate.
There's only very extreme cases where a genuine person would be blocked by this method.
I feel the next best solution is tenants Fool Bot Honey Pot. It's a paid solution but my my my is it worth it.
It includes an implementation of Reg Form Timer too. But along with it a massive list of other detection methods. If you're nervous about false positives. This could be the solution.
You'll also find a hell of a lot of false positives with SFS. None have so far been reported. They're not impossible with StopBotters, just highly improbable.
Believe me. If they are stopped by the StopBotters database they are stopped for good reason. I've seen some of the underlying statistics. Not sure how much I can say about them. But it's highly accurate.
There's only very extreme cases where a genuine person would be blocked by this method.
I feel the next best solution is tenants Fool Bot Honey Pot. It's a paid solution but my my my is it worth it.
It includes an implementation of Reg Form Timer too. But along with it a massive list of other detection methods. If you're nervous about false positives. This could be the solution.
Kevin
Well-known member
Looking through the logs, nice results so far. XF Arcade has blocked 454 blocked items while CinVin is showing 3,846 blocks! 
A question about the timing of checks during registration.... I noticed I'm seeing blocked attempts via StopBotters for domains that I also have explicitly blocked. To cut down on the amount traffic is the call StopBotters able to be done after the stock XF check for denied email address?
A question about the timing of checks during registration.... I noticed I'm seeing blocked attempts via StopBotters for domains that I also have explicitly blocked. To cut down on the amount traffic is the call StopBotters able to be done after the stock XF check for denied email address?
Unfortunately if the StopBotters stuff happened after the stock XF checks/process you would get the situation where a user account is created before the StopBotters API has a chance to block it.
The amount of traffic is minimal. On the server side it can handle thousands of forums. On the client side, the amount of data exchanged is pretty small.
The amount of traffic is minimal. On the server side it can handle thousands of forums. On the client side, the amount of data exchanged is pretty small.
Deebs
Well-known member
It will only stop those that can complete it within the timescale you specify. It will NOT stop human spammers (or bot spammers that can be configured to take a specific amount of time to complete the registration) completely and you do need another anti-spam tool for those.Just an update....
Installed this addon for the first time, last Friday and it has so far blocked 1000+ failed registrations !
There is no need to install any other anti spam add-on if your using this, well for me at least it works perfectly!
ineedhelp
Well-known member
So far so good. In the one week of using this, only 2 or 3 have actually managed to bypass this add-on, Those probably being human spammers.
Deebs
Well-known member
I use this mod also, but it will not stop every spammer and therefore you need another addon targeted at those it cannot stop. I get around 500-750 spammers a day trying to sign up. Hate them!
Deebs are you using the latest version with StopBotters?
Just making sure. You're right it will not stop all automated bots, such as if they wait long enough or if they are indeed human, but there's every chance they might appear in the StopBotters database so it's not just about the timer anymore.
Also do not underestimate. I still have some tricks up my sleeve.
I highly recommend CustomImgCaptcha as a captcha solution. Again this won't stop human spammers - but actually what can? The only ways to do that are restrictions that get in the way of genuine members too and I don't like that.
If I joined a forum and had to jump through a load of hoops to get there then I wouldn't stay there long.
Just making sure. You're right it will not stop all automated bots, such as if they wait long enough or if they are indeed human, but there's every chance they might appear in the StopBotters database so it's not just about the timer anymore.
Also do not underestimate. I still have some tricks up my sleeve.
I highly recommend CustomImgCaptcha as a captcha solution. Again this won't stop human spammers - but actually what can? The only ways to do that are restrictions that get in the way of genuine members too and I don't like that.
If I joined a forum and had to jump through a load of hoops to get there then I wouldn't stay there long.
Deebs
Well-known member
Yes I am, but StopBotters at this point in time will not stop all forms of spam be it automated or some scrote in a backroom somewhere. Are you saying that this addon will check StopBotters regardless of the time taken to complete the registration?
Kevin
Well-known member
Yes. On my installs spammers are getting caught after several minutes of sitting at the registration page.
Similar threads
- Question
- Question
- Solved
