Topic: Simple way to stop spam signups
I noticed on my site that about 90% of spam signups are from users that select -12 as the timezone for their new account, and have found a simple way to block these users. The reason that these signups are all from -12 timezone is because the spammers are just using automated scripts that simply select the first choice in any drop-down that they do not recognize on a signup form. Obviously, there are smarter spammers out there and this method wont last forever but it works for now.
The simple solution is to add a new timezone called 'none' that is the first choice in the drop-down when signing up. Most users will never see this, as PunBB pre-selects the server timezone and uses that as the default; plus, who would select 'none' as a timezone? Then, in the registration code, simply add a catch for this bad timezone and force an error.
The code below is an example and is obviously very poor; I have tried to make it as simple as possible, but someone is welcome to make a better modification out of this. Indents have been removed for clarity.
In register.php, find the line (is line 185 for me):
$timezone = intval($_POST['timezone']);
Above this line, add:
if ($_POST['timezone'] == "none") message('Please select a valid timezone.');
Then, in the same file, find the line (is line 311 for me):
<br /><select id="time_zone" name="timezone">
below this, add:
<option value="none">Select one</option>
Make sure that the line you add is the first in the list of option tags. You can customize the text between the tags to change what is shown in the drop down as the top choice, just be sure that the value is set to 'none'. You may actually want to change the text in the option tags to say something other than 'Select one', as spam bots might know to skip this (but I have not seen it). For example, you could change to <option value="none">None</option> or <option value="none">I am a spammer</option> since most people wont even see it.
I actually used message($lang_prof_reg['Invalid timezone']); and added 'Invalid timezone' to the lang/English/prof_reg.php file but the above code is easier since 90% of people will never see it; if you expect multiple language signups you might want to modify your code accordingly.
Now when spam bots attempt to submit the form and pick the top choice in the drop-down, they will be blocked. This is not perfect, but again it should help cut back on many of the dumb spam bots that are out there.
Let me know if you have any comments or questions!
Over 2300 users and 265,000 posts, running PunBB for 3 years