We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

How to disable sign up | Forum

John
John Feb 24 '13
I mainly use the events part of oxwall for my walking group.

Unfortunately I can't use oxwall how I would like to use it because of all the spammers.

About 40 new spam users try to sign up each day.
I have to sign in to phpmyadmin to get rid of them.
It makes no difference if I require a user image, nor use anti-spammer.

I would like to be able to use my own sign up page where I could ask questions and use other ways of defeating spam bots.
There are actual real users who would like to sign up.

How can I modify the code so that when a user or bot clicks on join it goes to my own sign up url. 

At the moment oxwall has been rendered useless because of spammers.

John





 


Bradford Page
Bradford Page Feb 24 '13
I get spammers the same every hour


Regardless of watchdog or anti-spammer


The emails are the same with many different users names


After recently transferring a custom coded site to Oxwal, had no spammers before and now have them every hour


I have no choice but to leave manually approve profile on which simply upsets many people 


The spam problem is way out of controlled and should have been addressed my now


It is directly related to Oxwal

cit27
cit27 Feb 24 '13
My site is for public (no manual approve)... (just like other social networking method ).... but I got a lot of spammers before, everyday may be more than 10 spammers sign up and post to blogs (they posted drug/sex article/duplicate sexs article with different username) and video (they posted porn video/duplicate video with different username)...After activating the latest updated antispammers.... it seems my site is now free of spammer without having to hide the join page section or use manual approve...
Bradford Page
Bradford Page Feb 24 '13

I have had 4 spammers in the past 5 minutes past watchdog and anti-spammer


cellulitegetrid@impresapuliziesea.com

sunless@impresapuliziesea.com

badigest@impresapuliziesea.com

backpain@impresapuliziesea.com



cit27
cit27 Feb 24 '13
I check all the spammers who have registered before the antispammer installed and marked them as a spammer...Now my site Free of spammer....
cit27
cit27 Feb 24 '13
I got the same email before the antispammer installed...but now they are cannot register using the same IP again...
cit27
cit27 Feb 24 '13
If i deactive wathdog/antispammer after about 2 hours later then the spammer will come again...(their email : listed as not verified yet but they can post/i dont know how this robot can post?). If u send a message to them through their profile page...there is no reply from them...because they are spam robot)
The Forum post is edited by cit27 Feb 24 '13
SL
SL Feb 24 '13
Your site already has spammers
and you install the antispammer->you run the tool: allowing all register users...
What do you think? some registered user are  spammer?
....SPAMMER STILL COME....
Make sureto check all ..berfore allowing all register users
The Forum post is edited by SL Feb 24 '13
Unique
Unique Feb 24 '13
What/Who is the spammer? Read here: http://www.oxwall.org/forum/topic/9010?page=1#post-45267
bobbi
bobbi Feb 24 '13
we have no antispam plug ins installed due to admin (me) mods and members being locked out and no they are not spammers and no i and the mods have not registered on other sites, the lock out is caused by the fact that if you use cell phones to access the site and the ips are dynamic

we only got locked out if we use cell phones, my phone provider is very slow wap wise and i got locked out even though i can only view the site and rarely can log in
i ran the ips through stop fourmspam database some were there some were not, mine was not and i still got spammed out of the site

the anti spam plug ins work for some but not others i don't want to get into a argument just because we dont use it, it is upto to the individual how they protect thier site from spammers

we dont get any more spammers without the plug in than we did when we used it
cit27
cit27 Feb 24 '13

Quote from bobbi the anti spam plug ins work for some but not others

Thats true....

For other users who still want to use this plugin...?
it's just that you may need to learn what the function of which is owned by the antispammer...same condition as when the first time you use the oxwall software (such as the user role function? newsfeed system? email notification system? cronjob system?) ... if you do not know what its function or how to use them then you will say  it is a bug....

You should note which one should you turn on/of or allowed/unallowed if you are wrong then maybe you will be locked
The Forum post is edited by cit27 Feb 24 '13
Alia Team
Alia Feb 25 '13
Couple of ideas.

1.John, try adding a custom required profile question of "text" type.

2. What about removing all "join" realted links/buttons from your site and just having "Facebook Connect" button there? (or google sign in button, or twitter, depending on which plugin you have)?

>>How can I modify the code so that when a user or bot clicks on join it goes to my own sign up url.

This will still require some kind of anti-spam plugin which could identify whether the site visitor is real user or bot/spammer. And just like with current Anti-spammer or WatchDog, you will have to rely on a "third party" database of IPs, which will never give you 100% security.

We are already developing a new solution to protect powered by Oxwall sites from spammers and bots.
John
John Feb 25 '13
I have found the answer:

In the .htaccess file add this line

RewriteCond %{REQUEST_URI} !/join/

Then actually create the directory /join

Then write any content you like into index.php

This could be you own anti-spammer system.

A good system would be to have some questions which only people interested in your topic would know and if the questions are answered correctly the can go ahead and register in a custom url.

However I don't know how to make the join system appear on a custom url eg
join65765765/

This bit of obfustication would deter all spam bots.










Alia Team
Alia Feb 25 '13
>>However I don't know how to make the join system appear on a custom url eg
join65765765/

ow_system_plugins/base/init.php  - for system pages URLs are set here ( including "Join" page).

          $router->addRoute(new OW_Route('base_join', 'join', 'BASE_CTRL_Join', 'index'));

You will need to google how router works first.
I am not a developer myself and can not give exact instructions on what exactly needs to be changed to what.
John
John Feb 27 '13
Thank you Aliia.

It works very well:

This works perfectly
$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));

This could be futher obfusticated using ideas like
if (the day is Monday) {
$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));}
if (the day is Tuesday) {
$router->addRoute(new OW_Route('base_join', 'join346645645', 'BASE_CTRL_Join', 'index'));}

All I have to do know is design a question and answer system.
The user will only be sent through to join42342432 if the questions are answered correctly.

There are lots of really simple systems to use.

Look at this one
http://identipic.com/

Here are a lot of free capture scripts
http://www.hotscripts.com/...ems/captcha-scripts/

Just by using my own page for /join I have now cut spam users to zero.
There were about 40 before.

In the next few days I will implement a system to let real users sign up using a method similar to the above.

If lots of people design custom antispam systems then it will be impossible for people to design spam bots which sign up users.

Here is another idea. It is probably too simple but would work for a while.

<p>What is 2+2?</p><inputtype="text"name="answer"id="answer"/>
<?php
if(isset($_POST['submit'])){
if(isset($_POST['answer'])&&$_POST['answer']==4){
#Right answer was given continue with submitting form
}else{
#The wrong answer was given give an error message.
}
}
?>










Alia Team
Alia Feb 28 '13
Thanks for sharing John.

Alia Team
Alia Feb 28 '13
Topic was moved from General Questions.
Colin MacKinnon
Colin MacKinnon Mar 7 '13
Thanks for the great ideas.  One question - as we're new to Oxwall - into which index.php file do you put your comments?  Assume these would be information to deter  inappropriate "joins".  Right now our Join system isn't working at all.  This happened after we set-up the facebook module.  Any ideas.  The site is mycolemaneducation.com

Colin
John
John Mar 7 '13
I have simply disabled automatic sign up and replaced it with my own page here.

http://www.granadawiki.com/join/
There is nothing special the content can be just html.

I would like to be able to use an obfusticaed sign up url for sign-up but I can't work out how to actually do it.

It is possible to use an obfusticated url for the join page but the problem is that this url also appears on the join link. Someone needs to work out how to have a secret join link.

This is how to change the default join url.

$router->addRoute(new OW_Route('base_join', 'join42342432', 'BASE_CTRL_Join', 'index'));

It is kept in
ow_system_plugins/base/init.php

For the moment I don't have to worry about robot sign ups because sign up is deactivated  they can phone me but for most people this would not work. 

Until oxwall solve the complete vunerability of the system to spam sign ups the product is almost unusable. Who wants to deal with 60 sign ups per day from people who want to put ads for viagra on the site?  It took me 5 minutes per day just to delete them. I probably deleted a lot of real sign ups. If I left it for a few days I could have over 300 users to delete. Many of them were email verified. How did they do that?

If someone could work out how to have a  secret join link based on a user invented spam filter then the problem can be solved.

If oxwall invent a solution based on ip addresses or spammer databases the spammers  will work a away around this. (the oxwall captcha does not stop bots) The best way is to let users invent their own bespoke filter so that spammers will have to crack a new security system for all instalations of oxwall. One way of doing this is to have a secret sign up url.








cit27
cit27 Mar 7 '13
You can disable sign up by using this oxwall feature: admin/permissions
Pages: 1 2 »