1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Registration Email Allowed In Our Database :  Yahoo * Gmail * Hotmail * Outlook * yandex * live * are allowed to register in our database. [ We Will Approve Manually After Review It ]

Add-on TPU: Detect and Block Spam Registrations 1.6.4

Score based tests to detect and block spammers upon registering

  1. SM€GGLE
    Compatible XF Versions:
    • 1.3
    • 1.4
    Visible Branding:
    No
    This addon uses custom detection methods to identify automated and manual registrations that are trying to spam your forum.

    Project on GitHub:https://github.com/W1zzardTPU/XenForo_TPUDetectSpamReg

    You may score based on:
    • Visitor's country
    • E-Mail address
    • E-Mail length
    • Username
    • IP hostname
    • Internet Provider name
    • Open TCP port (requires PHP-sockets extension)
    • StopForum Spam API
    • Project Honeyport API
    • TOR client detection

    All rules are score based and cumulative. So, each rule may increase or lower the total score, which at the end, is evaluated to decide whether to accept, moderate or reject a sign up attempt.

    Detection results are stored in the spam trigger log of XF 1.3.

    We've been running this addon in production for a few weeks now and it has rejected over 10k registrations, with only 1 or 2 each day ending up in the moderation queue.

    After installing this addon we even turned off the captcha, because it just makes it difficult for humans to register, and really doesn't stop the bots. This addon does.

    The included default rules are a good starting point, but do not include everything we found, to avoid bots adapting. Also you might want toadjust the scores to optimally suit your forum, the defaults are quite relaxed to avoid false positives.

    Additional detection methods can be used via addons, which I can code and release if you have ideas for more tests.

    This plugin shares some registration data with me, so I can check if there is some additional spam-fighting potential in a cloud based solution. Submitted: Username, IP, E-Mail host (@gmail.com), anonymized E-Mail username. None of this information will be shared or displayed publicly. You may disable this option by unchecking "Submit registration data to developer".

    Feel free to contact me via PM to share your experiences/ideas in a non-public environment.

    Also see "related resources" below, for an example of a plugin that adds client-side JS checks.

    Images

    1. 1.png
    2. 2.png
    3. 3.png
    4. 4.png