[OzzModz] Registration Spaminator

[OzzModz] Registration Spaminator 1.1.1

No permission to buy ($30.00)
Compatible XF Versions
2.1
License
Single Use License (may be used on one website) License Agreement
Updates Duration
Lifetime for Xenforo versions listed above What are lifetime updates?
This addon is another tool in fighting spam bot registrations at your forum.

How it works

The [OzzModz] Registration Spaminator injects false fields and checkboxes into the registration form which browsers don't render so humans never see. But the bots fill out the fields and check the boxes - identifying themselves as bots and falling into the Spaminator trap. The Spaminator then logs all the information and sends the bots to register-complete, but creates NO account, completely stopping automated spam registrations while ensuring no flags are raised in the bot program. The programs "think" registration was successful and quite often immediately try to log in to the nonexistent account!

The [OzzModz] Registration Spaminator works with and regardless of other anti-spam measures but also makes them all obsolete, proving the worthlessness of captchas, puzzles, questions, timers and the like, by STILL catching bots while all of this annoying standard anti-spam miscellany is still active. And it won't interfere with any custom fields you have on your register form.

[OzzModz] Registration Spaminator is completely independent and doesn't rely on any third-party databases, lists, or IP blocking. It presents more opportunities for the bot to slip and prove it is a bot, for better defense from automated spam. So we can combine multiple checks as opposed to only one CAPTCHA/ReCaptcha and/or a question or two per form. This gives huge advantage to [OzzModz] Registration Spaminator.

Since programs like XRumer have defeated CAPTCHA/ReCaptcha, email verification, Q&A, timers and many other spam blocking techniques, [OzzModz] Registration Spaminator brings a whole new set of checks the bots will fail.

Typical log view

AD386290-641A-403A-8B6B-3E48264A632B.jpeg

-----------------------------------------------------------------------------------------------------------------------------

Advantages Of [OzzModz] Registration Spaminator

There are many advantages of [OzzModz] Registration Spaminator over CAPTCHA/ReCaptcha, email verification, Q & A etc:


  • [OzzModz] Registration Spaminator does not in any way interfere with legitimate human users. It requires nothing from the registrant. No puzzles, captchas, questions, timers or the like. Legitimate humans will never see it or even know it is there. We shouldn't have to prove we are human, to register on a forum.
  • There is no limitation on the number or types of checks [OzzModz] Registration Spaminator can implement on forms, so it can get progressively stronger as needed.
  • If the bot programs try to adjust, [OzzModz] Registration Spaminator will be updated with new recipes to defeat them.
  • [OzzModz] Registration Spaminator needs very little configuration.
  • Everything is logged and viewable by permissions, so there is assurance that no legitimate humans are being blocked and you can gather much information about the failed registrations, including IP address, what email addresses were used, and so on.

-----------------------------------------------------------------------------------------------------------------------------

Four Spam Prevention Options I Avoid

Captchas

A captcha is an image that renders text in an not-so-easy-to-read way, also known as challenge text. By requiring users to type the challenge text into a text field, it supposedly verifies some form of human interaction and intelligence. So if what the user enters matches the challenge text, the user is believed to have successfully completed the challenge and their form submission is allowed to proceed.

But this has been defeated by XRumer and other automated spam programs.

Q&A's
Another option is implementing one or more question and answer fields. For example, a registration form may include questions like: What color is an orange? Humans can easily answer the questions, whereas spam bots supposedly won’t be "smart" enough. Once submitted, the answer to the question is checked, if it’s correct the form is assumed to be submitted by a human and can be handled accordingly.

But this has also been defeated by XRumer and other automated spam programs.

Banning IP addresses
Banning IP addresses isn't reliable because those can be spoofed or reassigned and you might actually end up blocking legitimate users; spammers tend to use dynamic IPs anyway - including common mobile provider ones!

Third-party solutions which use ever-growing databases of known spammers to compare against.
I don’t want to rely on some third-party solution because the fewer dependencies I have on my site the better I’m going to feel about it - what happens when the third party is down? Plus this also has the potential of blocking wanted users as well as unwanted ones and often does. Some people will argue that the added complexity is a necessary evil, but I just can’t seem to bring myself to agree.


All Degrade The User Registration Experience
While all four options are common and can help prevent some automated spam, I don’t recommend them because not only do they often fail - they interfere with and degrade the user registration experience. Often times these challenges are frustrating to deal with and prompt users to leave. Why is it on us, to prove we are human? A good example of that is captchas which output text that’s too hard for humans to read, or when the Recaptcha checkbox fails, now we must complete a picture puzzle? No thanks.

For that reason I always recommend implementing the least obtrusive options available.

-----------------------------------------------------------------------------------------------------------------------------

Major Features

  • Stops spambots in their tracks from registering at your site.
  • All attempts are recorded into the database, for easy viewing in the spaminator log for those usergroups with log viewing permissions.

-----------------------------------------------------------------------------------------------------------------------------

Complete Feature List

  • Option to temporarily set the addon to testing mode, so you can see what the bots "see." This automatically reverts after a set time.
  • Option to select how many results to show on the log page.
  • Ability to set usergroup permissions for which groups can view the log.

-----------------------------------------------------------------------------------------------------------------------------

Frequently Asked Questions.

Q:
Why do I need such a thing?

A: To screw spambots.

Q: Does this do anything about human spammers?

A: No, this works only on automated registration attempts - but the actual human spammer has become more and more rare and is easily dealt with in other ways - most of them which do exist, still use automated programs to register anyway.

Q: Has this been tested at all?

A: Yes, extensively. The [OzzModz] Registration Spaminator has logged over 2 million blocked bot registration attempts in exhaustive testing for five years (on vBulletin and XenForo) on several forums - without allowing ANY successful automated registrations or ever interfering with any legitimate human. It has a perfect 100 percent success service record. It has never failed, never been defeated, never been bypassed and never blocked a legitimate human registrant.

Q: Does this alert any possible real people that their registration has been rejected?

A: No, there are no "gotchas" in the Spaminator, because no legitimate humans will ever see it or even know it is there. Xrumer and other automated spam systems are programmed to flag sites that present warnings, "gotchas" or alerts, even unusual behavior like loading an unexpected page - allowing the human system operator to investigate why registrations are being rejected. This information is passed on to the program developers and improvements are added to defeat the blocks. It's why most every anti-spam measure eventually gets defeated. They rat themselves out! Spaminator does not. Additionally, the rare human spammer mostly still uses automation to get registered. Why tell them what they're up against?

Q: Bots still get through the native honeypots in XenForo's registration form, how is this any different?

A: Unfortunately XenForo TELLS the bot program operators about the honeypots! Both with a "gotcha" on fail AND in the phrases and in the code itself! Small wonder those "honeypots" are bypassed! See above, Spaminator does none of that. We reject the silly term "honeypots" anyway, and prefer to call the Spaminator checks, land mines - they aren't told about them, don't see them, and are going to step on them!

Q: What about if this becomes widely used, won't the spam system programmers easily defeat it like everything else?

A: We shall see, they'll definitely try. But we've not only thought of that, we've planned for it in advance. Many other features for this are being developed and tested, and some are ready for deployment as the need arises. We don't go into battle with just one or two weapons or ideas.

Q: What about all the xenforo anti-spam stuff? Does this replace it? Can I turn some of the stuff off?

A: We encourage you to experiment. By all means try turning all the xF native and 3rd party stuff like SFS, off. Turn off the intrusive irritating captchas and the timer. Turn off the silly questions stuff. Run naked! The Spaminator will stop each and every bot that tries to register. Without fail. It's like a gill net in a lake - catches the fish who swim under, while your legit humans glide over, right on in without any hitches or silly "prove you're human" stuff. We let the bots do all the proving, let them jump through all the hoops. Make your registration process as human-friendly as possible. And please, report back to us, telling us your spaminator story. We'd love to read it!

-----------------------------------------------------------------------------------------------------------------------------

* History (Changelog) *
-------------------------
v1.0.0 (May 1, 2019)
- Initial private beta release.

v1.0.1 (May 21, 2019)
- Fixed version string and missing phrases.

v1.0.2 (May 22, 2019)
- Fixed a bug where the tos/rules checkboxes would not show up with the addon active.

v1.0.3 (May 25, 2019)
- Cleaned up the code in the PHP files.
- Removed the phrases from the global cache.

v1.0.4 (May 27, 2019)
- Added the TOS row in again, as it was lost in 1.0.3 regression.

v1.0.5 (Aug 6, 2019)
- Added a missing phrase.
- Changed addon icon displayed in the ACP from a png icon to a font awesome icon.
- Changed addon name to [OzzModz] Registration Spaminator.
- Changed the template modifications from replacing the entire register_form and register_macros templates to changing only the required sections to make the addon XF compliant.

v1.0.6 (Sep 29, 2019)
- Initial public release. :D
- Changed some of the bot traps since programs like xRummer were bypassing them in some situations.
- Deleted some now unused phrases.
- Changed code in some of the templates.
Author
ozzy47
Views
215
First release
Last update
Rating
5.00 star(s) 1 ratings

More add-ons from ozzy47

Latest updates

  1. Registration Spaminator for XenForo 2.1+ Update 1.1.1

    An update to the Registration Spaminator system for XenForo 2.1+ has been released. Those that...
  2. Registration Spaminator for XenForo 2.1+ Update 1.1.0

    This is a semi major update. I suggest taking a backup before upgrading just to be safe. I am...
  3. Registration Spaminator for XenForo 2.1+ Update 1.0.7

    Removed the password input field and the logging of password field. This was done to ensure user...

Latest reviews

I've been running Registration Spaminator since May 2019 as a beta tester.
I couldn't be happier with it's performance.
Top Bottom