[newsome]

Quote:

Originally Posted by cybertooth

even though with recaptcha i've notice bots still can register ... how's that?
as if they have other method of accessing the database .. ..

is there a way to get an email confirmation?

I hope someone can help us here ... pligg is a very good piece of software ..

Hello.

The possible solutions I proposed above

Quote:

Originally Posted by newsome

Hello.

Has anyone tried either of the following methods:

~~~~~~~~~~~~~~~~~~~~~~~
1) keep the filename 'register.php' as is but rename the e.g. do_register2() function in that file and correspondingly in 'register_center.tpl'. I'm thinkin' that bots need to know the name of the function in order to call them.

2) use the 'Sessions' feature to do the checks from behind the scenes. I'm not real experienced with sessions nor done much with 'Smarty' code, but I hope bots can't access values they either don't see nor know about.

If this is doable, maybe do the checks starting with either 'do_register0()' or 'do_register1()' or 'register_step_1.tpl' and/or 'register_step_2.tpl' by creating some arbitrary variable(s) that no one knows the name of but you.

Then, set its value as some random or automatically-assigned value or by variable calculation; then confirming its value or boolean in say, at the beginning of 'do_register2()' before sending the data to the database so if the check doesn't work, the data isn't sent by virtue of a 'return' statement within the 'if' conditional statements.

This routine is not meant to be seen by users like Captcha -- it's mainly to be sure that only your files and routines on your server are actually used, therefore not providing others with data names and using them in alternate methods. Note: If done in the '.tpl' files, I'm guessing sessions would be done between {php}...{/php} tags.
~~~~~~~~~~~~~~~~~~~~~~~

Just a couple of new approaches to give some thought to.

If anyone tries either of these methods and gets them to work, please share your results with us in this thread.


Thanks.

were to prevent registration or pre-registration activity that affects the database and even bandwidth.

Using E-mail confirmation to try to prevent registration of bots would not resolve the labor to remove those values from the database (e.g. as showing up as waiting to be confirmed) and it also provides no way to control the rate at which the bots fill up your data storage and it also adds an unnecessary load on your mail server and again, your storage space especially if you simultaneously receive an E-mail notification of a potential user signup and/or bounced (undelivered) E-mail notifications because the E-mail addresses are fake.

IMHO, the most efficient way is to block them before writing to the database in any manner and/or having bots trigger the sending of E-mails.

Just a thought...

btw - Captcha is a 'front door' entrance control for human users and some bots. Other more sophisticated bots like to use a 'back door' entrance, hence still being able to register and either bypassing Captcha and going directly to calling selected functions or knowing how to 'crack' the effectiveness of that Captcha. The back door may be where the bot you're describing is entering making captcha not strong enough of a solution if the virtual users are still being registered I would think. If it's just that the bot is cracking Recaptcha, possibly change the font type or some other characteristic (I haven't tried Recaptcha) in its setup file and maybe that will provide you with a solution that is sufficient.

[chuckroast]

Quote:

Originally Posted by cybertooth

even though with recaptcha i've notice bots still can register ... how's that?
as if they have other method of accessing the database .. ..

is there a way to get an email confirmation?

I hope someone can help us here ... pligg is a very good piece of software ..

Um... False.. Bots can not register using recaptcha. It's more likely that actual human spammers are entering the recaptcha code and creating accounts. This is the risk you run having an open submission CMS. Email confirmation is already in the SVN version and will be available to everyone in the next version.

[cybertooth]

I believe bots can't bypass recaptcha .. until i've notice that there is a pattern with these bots ..they have patterns in usernames and email address .. ... if this is a human registering he will not be using any patterns ..


.. they use different IP's ...

most of them will only submit 1 link and will register another account and submit new link again ... and so on .. that's why email confirmation is needed to lessen this kind of spam ..

i dont know how do they surpass the recaptcha ... i think the problem is on how the recaptcha code is place inside the script/code.

[chuckroast]

Quote:

Originally Posted by cybertooth

i dont know how do they surpass the recaptcha ... i think the problem is on how the recaptcha code is place inside the script/code.

Umm.. No.. Again, there is currently no known way to bypass recaptcha

[cybertooth]

hi

when will the SVN version becomes beta ?
because i really need the email confirmation .. too many fake email addresses registering in my pligg site they have pattern in their usernames and email addresses ..
I suspect they are using the AutoPligg Syndk8 tool ..

recaptcha is enabled but still they can register and submit .. sometimes no interval at all in their submission of link..

[magpie2419]

Quote:

Originally Posted by cybertooth

hi

when will the SVN version becomes beta ?
because i really need the email confirmation .. too many fake email addresses registering in my pligg site they have pattern in their usernames and email addresses ..
I suspect they are using the AutoPligg Syndk8 tool ..

recaptcha is enabled but still they can register and submit .. sometimes no interval at all in their submission of link..

This auto pligg is a problem I have disabled all new sign ups for my site, I was getting so many spam users it was impossible to keep up with deleting them, So the easy way to kill it disable new user accounts, until it gets fixed.

[newsome]

Hello again.

I see you folks are still having problems...hmmm...

[cybertooth]

hello newsome ..
my pligg version is 9.9.5
im confuse how you apply your own method ...
i want to try it .

hope you give us sample codes

thanks

[newsome]

Quote:

Originally Posted by cybertooth

hello newsome ..
my pligg version is 9.9.5
im confuse how you apply your own method ...
i want to try it .

hope you give us sample codes

thanks

Hi cybertooth.

The suggestions I previously provided were for v.9.8.2, thinking that the next 1 or 2 versions would have similar structure of the files I cited. I see that is not the case. I just downloaded v.9.9.5 and there are major differences with respect to registration. So, possibly try this knowing I'm not an expert on sessions nor Smarty (feedback for experts welcomed):

Step 1:
======
At the top of 'templates/yget/register_center.tpl', add the following:

PHP Code:

{php}
session_start();
    $stop_spam_now = time() + 445544;  // suggestion: change this variable name and its value
    $stop_spam = $stop_spam_now;  // suggestion: change this variable name, too
    session_register("stop_spam_now");
    session_register("stop_spam");
{/php} 


Note: Thought process - adding this variable behind the scenes to the registration form template makes using this form a requirement for writing to the database versus a bot circumventing this form and calling the registration functions e.g. using their own form from a different server.


Step 2:
======
In 'register.php' at the top inside of either 'function register_check_errors()' or 'function register_add_user()', check for the presence of that variable's value, else stop processing. For example, add before the global statement:

PHP Code:

    if (!isset($stop_spam) || ($stop_spam != $stop_spam_now)) {
        return;
    } 


Note: Actually, you can do this without using sessions, just using normal php variables

HTH.

P.S. I may not be able to respond right away past tonight as I'll be very busy this entire weekend and possibly Monday --


EDIT:
~~~~~~~ ANOTHER IDEA ~~~~~~~~
This may be a bit more secure for Step 2 (for register.php), again using your own variable names:

PHP Code:

    if (!session_is_registered("stop_spam") || !session_is_registered("stop_spam_now")) {
        return;
    } 


Again, it doesn't matter what value you assign to $stop_spam_now nor $stop_spam. Also, you can just use one of the two variables instead of both. No one should know what variable name(s) you are using -- hopefully, they can't use a program to figure it out either(?).

[cybertooth]

thanks for the sample code newsome.
I'm now implementing it on my site ...
I'll update here if it helps lessen the spam ...

BTW: how do i test this if it's working?