phpbb's captcha algorithm already has a counter OCR algorithm with 99% accuracy.

Hmm. How about a simple math based input?

To Register a new account, please type the answer to the equation "2 + 2 =" in this blank. Anyone who gets it wrong is either stupid or a bot.

Simple word recognition, that any person paying attention should be able to get, might do it.

i.e. What color is Jenny's white horse?

or just install my thing which would be a lot harder for a bot to read and calculate.....although as long as you are the only one doing it, it is probably safe.....Kerm said about a month ago that he would install it though, and seems to have forgotten since then...

I wish phpBB would implement a custom image recognition thing. That way the admins could specify their own images and set their own words for it (that way "What is this a picture of?" with options may be able to work) so that the standard security isn't the only thing to rely upon. A simple SQL table could hold all of the information and it would not be hard at all to implement.

@elfprince: My bad if this is what your mod does, I can't remember exactly how yours works.

thats exactly what it does.....every board has its own image set...seriously, its a 5 minute install, and it would end the bot menace, I dont really feel like doing a big bot sweep until there is some way to prevent more of them registering, because its fairly time consuming, and its starting to get on my nerves to have 15-20 new bots a week.

Urp. phpBB needs a username ban thing with wildcards...

*viagra*
*pharm*

It does, actually. The censor filter allows wildcards, and the censor filter is also applied to username registration.

any progress on this front? I could do it for you Kerm, but I dont think I have filesystem access.

Yeah, looks like I've been sucessful. No new bots for about 5 days now.

what changes did you make?

I enabled email verification for registration, and it seems to have done the trick for now.

can we prevent registration at all? here's what to do if you dont want to install a mod: change the POST variable names used for all required items in both the template and the script.

Yeah, I tried that already, but some of them are intelligent enough to parse the registration page for the proper variable names. No dice.

How about changing the post variables names for all the pages, then encrypting part of the source with some javascript?(for the html that contains those variables). That way, you won't have to install anything.

I had this problem with bots posting spam message on my guestbook every single day, but once I changed the variables and encrypted the source, they never posted again. I used http://www.dynamicdrive.com/dynamicindex9/encrypter.htm, but there are better ones out there.

So for example, this part

Code:


would be turned into


Code:

(without the returns of course. If you just encrypt that input box, it would even be shorter)

I doubt the bots would be smart enough to get the proper variable names.

Or since e-mail verification has worked like a charm, Kerm just leaves it alone until problems arise. Don't "fix" what ain't broke

read above ^^

actually though here is my proposal which I couldn't post earlier:

have the userlist skip any unactivated users.
Have the profile page refuse to display any unactivated users.
Add a notice that accounts must be activated within 48 hours or they will be deleted.
Have the following code executed when a registration is sent:

[edit]

wtf, I get a 403 when I posted the code.... ...IMed it to Kerm though and he likes the idea

I get wierd access denied errors occasionally too, although I haven't had one for awile now....

it seems to show up when I post PHP code

<?php
echo 'hello';
?>

I dont see a problem. Meh. Hope the bots are gone for good, but I doubt it.