- Compatible XF Versions 1.x
- 1.3, 1.4, 1.5
Project on GitHub: https://github.com/W1zzardTPU/XenForo_TPUDetectSpamReg
You may score based on:
- Visitor's country
- E-Mail address
- E-Mail length
- IP hostname
- Internet Provider name
- Open TCP port (requires PHP-sockets extension)
- StopForum Spam API
- Project Honeyport API
- TOR client detection
All rules are score based and cumulative. So, each rule may increase or lower the total score, which at the end, is evaluated to decide whether to accept, moderate or reject a sign up attempt.
Detection results are stored in the spam trigger log of XF 1.3.
We've been running this addon in production for a few weeks now and it has rejected over 10k registrations, with only 1 or 2 each day ending up in the moderation queue.
After installing this addon we even turned off the captcha, because it just makes it difficult for humans to register, and really doesn't stop the bots. This addon does.
The included default rules are a good starting point, but do not include everything we found, to avoid bots adapting. Also you might want to adjust the scores to optimally suit your forum, the defaults are quite relaxed to avoid false positives.
Additional detection methods can be used via addons, which I can code and release if you have ideas for more tests.
This plugin shares some registration data with me, so I can check if there is some additional spam-fighting potential in a cloud based solution. Submitted: Username, IP, E-Mail host (@gmail.com), anonymized E-Mail username. None of this information will be shared or displayed publicly. You may disable this option by unchecking "Submit registration data to developer".
Feel free to contact me via PM to share your experiences/ideas in a non-public environment.
Also see "related resources" below, for an example of a plugin that adds client-side JS checks.