Spam Control

Discussion in 'News and Announcments' started by Mycal, May 1, 2009.

  1. Mycal

    Mycal Staff Member

    Effective immediately, all users with a post count under 10 are now subject to a VERY limited account. This goes for all users, new and old.

    • You must have your post approved by any developer or higher level user on this board. Your message will not appear until it has been approved, do NOT make a new similar reply because you cannot see your post.
    • You cannot create new topics on any subforum besides, General and Offtopic, all other boards restrict you to replies only.
    • You signature will not be seen anywhere.
    • Your website link will be hidden from all users.
    • Even though you are on a moderation queue, you are still subject to ALL rules and will be banned if any are broken.

    Once your post count passes the 10 marker, you will automatically be upgraded and have access to all features on this board.

    In addition, an anti-spam mod has also been added to the forums.
     
  2. Mycal

    Mycal Staff Member

    As part of our spam clean-up, ALL users who have yet to activate their account have been deleted, I apologize for this inconvenience to legitimate users, but it was a necessary measure with 2000+ un-activated accounts. As for users that have activated accounts, if you do not have 1 post by May 05, 2009, 11:59 PM, your account will be deleted.
     
  3. DJPieSlice

    DJPieSlice New Member

    I don't think this forum is that popular. I was assuming it was just us O_O

    Maybe when we have a basic alpha version down, I can start advertising (if you want)
     
  4. steven

    steven Administrator

    Who moved that post here....I demand to know?
     
  5. steven

    steven Administrator

    Hey Bigred, do this for no more spam bots.

    Code:
    #-----[ OPEN ]------------------------------------------
    #
    includes/ucp/ucp_register.php
    
    #
    #-----[ FIND ]------------------------------------------
    #
    
    $data = array(
             'username'         => utf8_normalize_nfc(request_var('username', '', true)),
             'new_password'      => request_var('new_password', '', true),
             'password_confirm'   => request_var('password_confirm', '', true),
             'email'            => strtolower(request_var('email', '')),
             'email_confirm'      => strtolower(request_var('email_confirm', '')),
             'confirm_code'      => request_var('confirm_code', ''),
             'lang'            => basename(request_var('lang', $user->lang_name)),
             'tz'            => request_var('tz', (float) $timezone),
          );
    
    #
    #----[ AFTER, ADD ]------------------------------------------
    #
    
             if ($data['tz'] == -12.00)
             {
                die('Die, bot! Die.');
             }
    
    #
    #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
    Basically doesnt allow Bakers Isle time zone which no humans live at anyways, and all bots choose the first option in drop downs. Which makes for an easy fix since it conveniently is the first option.
     
  6. Mycal

    Mycal Staff Member

    Has there even been any spam posts since the above changes were made? I believe this board defaults to central time (UTC -6) and not GMT +12, so would that fix really work?

    Spam registrations, I wonder how they work. Obviously it's something that can break through the CAPTCHA. So does that mean an external program? And if it does mean that, do they simply already have all the defaults chosen and simply randomize the username/e-mail? That would mean, it probably doesn't even render the site, it just POSTs to the files. Which would mean, that little fix, might work. However, if it loads the page then starts to enter the fields, that leaves only 4 fields that need to be filled in for them, username, e-mail, website, password. The rest they can leave at default. Me thinks, I'm analyzing this way too hard.

    I'll add the mod above, just for fun. I'm also going to turn off moderation queue for awhile since we have effectively stopped all of the spam registrations so far. If it becomes a problem again, I'll just re-enable moderation queue for new members.
     
  7. Mycal

    Mycal Staff Member

    To keep things more in-line with phpbb3, I've corrected the above code to use the error array, rather than just killing the page:

    Code:
    #-----[ OPEN ]------------------------------------------
    #
    includes/ucp/ucp_register.php
    
    #
    #-----[ FIND ]------------------------------------------
    #
    		if ($submit)
    		{
    			$error = validate_data($data, array(
    				'username'			=> array(
    					array('string', false, $config['min_name_chars'], $config['max_name_chars']),
    					array('username', '')),
    				'new_password'		=> array(
    					array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
    					array('password')),
    				'password_confirm'	=> array('string', false, $config['min_pass_chars'], $config['max_pass_chars']),
    				'email'				=> array(
    					array('string', false, 6, 60),
    					array('email')),
    				'email_confirm'		=> array('string', false, 6, 60),
    				'confirm_code'		=> array('string', !$config['enable_confirm'], 5, 8),
    				'tz'				=> array('num', false, -14, 14),
    				'lang'				=> array('match', false, '#^[a-z_\-]{2,}$#i'),
    			));
    			if (!check_form_key('ucp_register'))
    			{
    				$error[] = $user->lang['FORM_INVALID'];
    			}
    
    #
    #----[ AFTER, ADD ]------------------------------------------
    #
    
             if ($data['tz'] == -12.00)
             {
                error[] .= 'Bad Time Zone.';
             }
    
    #
    #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
    
    I couldn't figure out how to use the validate_data. I didn't try changing the min/max values using an array, but I figured it probably wouldn't work if even one of them errored (which it always would). And I couldn't figure out how to !match instead of just match. They didn't seem to write a function to test whether it doesn't equal a value. So just so I didn't have to write additional code, I just did the above. Though, I didn't try regular expression, guess I could try it...Meh, I'll do it later (which probably means never).
     

Share This Page