How to stop spam bots from posting or registering

hello everyone,

I have had many people ask me how I keep spam bots from posting or even registering on my websites. This can be done fairly simple by using the Alternate Authentication plugin and a dummy site just for signups.

First, you need to create a website with e107 that has nothing on it, no forums, no plugins, nothing, just a plain empty website. This site is what your users will signup thru to become a member of your main site.

Second, install and setup the Alternate Authentication plugin on your main site, it's a core plugin that comes with e107. In the admin panel of this plugin under Preferences you will see the following options, set them as you see below.

Current authorization type: otherdb
Failed connection action:
If connection to the alternate method fails, how should that be handled? use e107 user table
User not found action:
If username is not found using alternate method, how should that be handled? use e107 user table

then on the menu you will see configure [otherdb] option, click that and you will see these options:

Database Type: mysql - e107 database mysql - generic database
Server: localhost
Username: db username
Password: db password
Database: database of dummy signup site
Table: e107_user
** The following fields are not required if using an e107 database
Username Field:
Password Field:
Password Method:

make sure these settings are set properly to connect to your dummy signup site.


After you have it setup to were users can signup on your dummy site and use that info to login to your main site you need to disable the registeration for your main site, this is done in preferences in your main admin area under User registration/posting. Then you need to setup a redirect so when your signup page is accessed it automatically sends them to your dummy site to register.


Now, how this works and why it stops bots, first bots do not handle redirects well so when they go to your signup page and are redirected to your dummy signup page they stop right there, they do not register because they think they just left the site. But if for some chance they do register with your dummy site the bots do not use that info to login to your main site cause it cannot determain that they are connected so instead next time it comes to your main site it trys to repeat the registration and can't because it gets redirected to your dummy site.

This stops any bot from accessing your site and at the same still allows members to signup and use the login info on your main site.

So spam is stopped

NOTE: you can add redirects from your dummy site main page to point to your main site so after a member registers it should then send them to your main site, if done properly most would not even know they registered on a different site.

Interesting idea, although in my opinion very unnecessary and long winded.

There are much easier ways to prevent spam bots from registering without the need for using Alt Auth.

A simple search on e107.org will return several topics and methods on how to prevent bots, users reading this thread should be aware of this before jumping in and trying the above there are alternative solutions.

Regards
Andy

Andy

yes i know of several ways listed here to stop spam however, most still seem to get spam after trying many steps here and have come to me asking why i never get spammed. I have 3 main e107 sites and not one ever gets spammed, this is because I have my sites setup like this above and noone has yet to notice they register with a seperate site. This can be done in a matter of mins as far as setup goes depending on how much you know about e107 and setting it up, unlike many steps listed here to stop spam many of wich take more time and effort to accomplish yet still isn't as effective.

I just offered my way of handling spam and so far in 4 years it has worked perfect for me and without any issues of blocking or stopping normal people from signing up with my sites.

M@CH!N3

Its worth a shot if you suffer from spambots...

thank Moc.

Also, few other details i left out, for those who wish to clean the dummy site and make it use as less space as possible.

Delete all unused plugins (its a dummy site so no plugin should be needed/used at all)
Delete all themes except the current admin and site theme used (saves more space since they will not be needed)
Turn off all comments (makes sure nothing can be posted on dummy site)
Restrict to members only (makes it were no other section of the site can be seen except the signup page)

There are many other files, images, etc.. that can be deleted off the dummy site as well to save room and make the dummy site use as least amount of space as possible.


The main reason I use this is because I don't have to worry about using any other 3rd party program or plugin to try to stop spam. I use to use zblock and it was very effective however after recieving over 100 emails from members not being able to acces my site i got rid of zblock. Zblock is very effective in stopping people not just bots. I also used ban helper once as well but again you have to constantly maintain it and block spam if it accurs. By using these steps and the Alt. Auth. plugin you no longer have to worry about spam at all period, I don't have to constantly block IPs or delete posts or ban bots, they can't get to my site to start with and I never have to configure or mess with the setup once its done. So i can sit back and not worry about spam or bots getting on my site, makes website maintainance much easier when you don't have to worry about it.

M@CH!N3

M@CH!N3,
How does this effect plug-ins such as Auto Promote (I promote users after 2 days to keep spam out of my Chat Box), e107_Newsletter (I auto sub all new users), and the Auto Welcome plug in which automatically sends a new PM to all users with the site details?

Will these still function on the main site since the new user really only registers on the "decoy" site?

Also, how does this migrate with the current existing users on the main site?

Thanks

ok, I don't use these plugins so can't say for sure but as for the auto-promote plugin - should still function properly, when they login to your main site it tranfers the date they registered to your main site so after 2 days they should still get promoted. The newsletter plugin and welcome plugin may not work due to the registration being done on the decoy site, would really have to test it to see.

As for the migration it will not effect any current user already on the site, it will only effect new registrations done on the decoy, it will transfer the data for the new users to the main site once the login for the first time.

M@CH!N3

ok, one thing also that I left out that is good to know, sorry been a long time since i set all this up on my sites.

when a user goes to login for the first time on the main site after registering with the decoy site it will only transfer the basic information, not any extended information. This means you have to keep the basic signup page and not have any extended user fields added on the decoy site. If you use extended user fields then you can use the "force user to update information" setting on your main site to get users to fill out any extra information on their profiles when they login for the first time on the main site.

I use this a little differently, on my sites, e107 arcade and aacgc, both sites have registration disabled and the signup file points to a hidden e107 install(decoy) site within aacgc. Once they register with the decoy site they can then login to both e107 arcade and aacgc with the same login. So I have the alt. Auth. plugin on both aacgc and e107 arcade that use the same decoy signup site. After I set all this up I slowly went thru the decoy site and deleted every file that wasn't used, all thats left of the decoy site is a handful of files that allow the user to register and thats it, it was stripped down to nothing so it wouldn't use up space and had no accessibility what so ever cause theres no files there to access lol, except the signup.

I can't imagine this method will affect plugins such as Auto Promote since the information is still in the main sites database, which is what the plugin uses.

The method describe here basically sends you to another site to sign up and then has the information exported to your main site. Think of it like a proxy.

It actually looks like a plausible method for stopping spam bots, and in the unlikely event that a bot actually does get though (think: dormant manual signups) it's going to not happen often enough for there to be much fuss.

Bravo, M@CH!N3.

thanks septor

I created a 5 step instruction post in my forums for those who wish to try this, not all that great at creating instructionsbut I think it might be helpful.

Post:Click Here

Interesting use of alt_auth indeed.

I have suggested it also could be used to set up a multilingual website, since it's such a hassle to have multiple MySQL tables for different languages. Not that I have tried it, but it should work. The extended user fields are for one not possible to make truly multilingual, so having multiple separate installations using the same user table gives you less problems when it comes to that, as well as language dependent images, etc.

When I think of it, having alt_auth installed on your website normally disables change of password. How did you handle that?

that is one drawback i have come across myself is not being able to change passwords, I am sure it can be changed to allow this with some editing thou but haven't tried it.

That would probably require hacking into the core files but as its a core plugin it would be great suggestion for 2.x. Now I think of it, it might even already be in 2.0, might be worth checking

v2.0 will have a 'single entry point' system so a lot of issues may already be ironed out

Hello, i am a newbie on e107 but i never seen something like this, after a few days, i had to close my forums, full with spam, and registered users was all spammers.

So please tell me what to do..
I believe if it's possible it will be easier for me , login and signup with image verification code or any advice will be welcomed

steps on using this method listed above can be found here - [-link-]

5 steps on creating a decoy site and linking it to your main site. hope it helps.