The Biggest Boards displays the most active Forums and Message Boards on the web with stats that update daily. Welcome to The Biggest Boards Webmaster Forums AND Directory! This forum focuses on resources for message board and website owners. Join us today (always free!) by clicking on the Register link below. Registration takes only a few minutes (or less) and you will be instantly part of The Biggest Boards community!
This mod has been tested and works for WowBB 1.7. It is free, do not redistribute, have people come download here.
Zip file contains a login.php with the modifications already done. You will see a note in the spam_prevention.txt that will tell you if you should use this pre modded login.php.
Basically, if you have never modified any of the code in the login.php, you can simply upload the login.php to your forum directory and just add the error message and the code for the registration_form... Saves users around 3 to 5 minutes.
What does it do?
It puts a simple math questions preventing bots from signing up. It has been tested and proven to be 100% effective.
Additional Edit: It was found that the login.php version for 1.7 has changed a couple times. There is now an additional folder with an alternate login.php version that can be uploaded if you have trouble with one. New zip added.
____________________ On and off your site, recognize your most valuable asset: quality contributors.
A little award can go a long way. Posts Of The Day.
____________________ On and off your site, recognize your most valuable asset: quality contributors.
A little award can go a long way. Posts Of The Day.
Hmmm...doesn't seem to be working for me. (While I've done mods before it has been a while.) At first I couldn't change my login.php file w/o getting an error -- so I then used the alternate file. I did the change in code to /languages/english/lg_main.php but after that is where I get stuck.
In the main_templates.txt file I cannot find the code that spam_prevention.txt says I am supposed to find. Anybody have any thoughts?
Is it possible someone could tell me the line number it is found in, when reading the php in code view of Dreamweaver? (It appears the third example I posted is the closest, but not exact, and I know how exact you sometimes have to be in code.)
Thanks, but tried that (pasted it & uploaded it to the server) and it is still not working. I'm not a complete knucklehead, really. Here's what I have, with some extra code before it, to show if this was the right place to paste or not:
Mat wrote: I can give you the form by itself now but integrated with WowBB is going to take a while.
My current form isn't integrated with the database or anything.. it is just for people to email the site.
____________________ On and off your site, recognize your most valuable asset: quality contributors.
A little award can go a long way. Posts Of The Day.
Yes, I put it into the theme that my guests use...the problem (or one of them), however, is that I use the Shades theme and the code that I need to look for is not in there. It is in the Default code. FWIW: Just over this past weekend we had 31 junk users.
EDIT:
I am also going to try something different: I found the my_account_profile_tab in the templates and removed the Homepage, ICG, AIM, YM and other fields where you are able to put whatever you want. The spammers never leave/post messages just clog up the system w/useless junk (referring to other sites) that goes in those fields. Taking out those fields will hopefully deter them. It is obvious that there are some who are real people, bec. those fields are filled in (and you have to confirm your account/e-mail address before you post, or can even add to your profile). I wouldn't necessarily suggest that for everyone, but our board has a very specific, often one-time use (rather than dialog or building relationships).
BTW: what really is the difference between the math problem & Captcha? We've got Captcha in place and isn't that supposed to (essentially) do the same thing?
Ok, so I removed the possibility of entering something into those fields that I mentioned earlier (by removing them) and there is still info. showing up in user profiles. Therefore, I'm going to guess that there must be some kind of "security hole" in WowBB that allows users/bots to sign up w/o really even signing up. In other words, there should be no possible way to enter information into those fields if those fields don't even exist.
CONFIRMED W/WOWBB SOFTWARE - SECURITY HOLE IN CODE
I have removed the optional fields both in the registration page (so you can't enter anything besides the user name, e-mail & password -- therefore, no AIM, ICQ, interests, occupation, etc.) and in the user profile (so you can't view or change anything) yet I have users with information in those fields. That could not be possible if there was not something wrong in the WowBB code. (If those fields don't exist, how could you enter anything?) Could someone w/a code background please take a look at this. Thanks in advance.
Removing the fields isn't working because they are not really using that form.
All you need is /login.php?register=1 after the url you are attacking and to copy the HTML from the form you are posting to (easy, go to any registration form on any software and view source).
The only way to stop them is with a tricky changing question or a captcha with an unusual font. Even a field that has to be blank (the do not fill this box trick) will eventually be guessed by modern automated registration bots.
No security hole, just normal hacking 101.
The custom captcha in the Ultra version of wow is stopping all automated registrations. Only real human spammers can register.
I bet the Classic version has a similar routine also.
The new WowBB 3.0 has been released... has anyone tried to register as a regular user and seen the new routine?
ool:
