By snackmaster on
How can I setup a registration page that Bots can't get past?
My little site has just over 300 registered users and gets about 5-10 new a month.
I logged in one day about a month ago and in a week I had gained over 100 new registered "users".
These "users" posted about 200 items to our forums over 2 days. No fun.
I've add Captcha with the fixes that make it kinda work but I'm still seeing 4-5 bot type registrants a week and they are still posting to the forums.
Comments
-=-
you can:
employ a moderation module so that new posts go into moderation (investigate modr8.module)
update your captcha module to 2.0 which is the newest release as of a few days ago.
require administrator approval for registration
employ the spam.module
employ the akismet.module
insure the preview button is set to required
This still may not stop ALL bots. registration forms are fairly easy for bots to figure out. all the need is the field names. captcha is the best solution for registration and I'm not keen on the math problem (brute force bots eventually get the problem correct), I prefer the textimage solution which creates a more random captcha.
could also go a route ive been testing which creates a two step process for users. registration and then role sign up (employing the rolesignup.module) to do anything more than read the content. this way bots get trapped at the authenticated role and can't post anything.
Registration
Thanks for the concise collection!
If possible I'd like to only allow humans to register, but that appears to be quite a challenge these days.
- Thanks for the Captcha tip didn't notice it was 2.0 all I saw was a Dev release. I've upgraded and it looks to have fixed several issues. Fingers crossed!
- Installed Askismet. That has worked very well for my WP sites for backtracks, didn't know there was one for Drupal. I was able to use my same API code.
- Preview Required has always been on for comments.
- I also have it set that all accounts require email verification for activation. (I thought this would do it... ha!)
- I've also added the Troll module and blocked some 14,000 IPs
- Admin approval ends up harming real users for a site like mine (delays in activation, accidental blocking of legits etc) and woulda stunk trying to file through 100 registrations!
The site ran itself for over a year, moderation and admin approval modules make it a job :(
Our human users behave very very well, the dang bots....
So a bot somehow gets past Captcha at registration (and at login when they come back, and in many cases I see these bot accounts editing their accounts which requires yet another Captcha), and they are somehow processing the activation email and then they are able to get past the Preview requirement. ... I wish I had a criminal mind, they seem to be so efficient.
---
could also look into the flagcontent.module which would allow users of your community to flag spam and throw it into the moderation que.
although I believe this resembles a feature already in akismet no ?
Spam
Just a follow up that after employing the updated 'akismet.module' and Captcha module using TextImage Spam registrations and posts have stopped cold (for now......)
Only note is that I could not get Captcha image to work as fonts were displaying outside of the image. Found a second location in the TextImage Module to set fonts - Captcha Display tab in addition to the font spec on the main Textimage config page. Fixed things right up.
Reducing Registration Bots
We still get about 20 Registration Bots per day. I've installed UserList which makes it easy to delete them, but I want to eliminate that job too..
Does anyone know how to skip registration if a website URL is entered? It should be a simple php change.
I've added a message that says that you can add a URL once you are registered and Approved.
Since bots don't read, and benefit from having their sites linked, this would be a simple way to reduce the management of these pests...
It should be something like: if URL not blank, skip registration...
thanks
Registration Code
Another option: Registration Code
http://drupal.org/project/regcode
Be sure you check the forums - there's a line or two that need to be fixed on that module for it to work properly in the latest version.