You can ban as many email addresses as you like, but bots will find a way through, this is the only way to stop them short of admin validation, and I personally think this is better than that.

To clear up any false advertising, as it is, this method stops most bots, not 100% because a few reply, rather than start a new topic.

---

1. Create a New Permission Mask, inherit it on your current members one.

ACP > Forum Control > Permission Masks

Name this mask, Members 2


2. Create a New User-group, name it Members 2, and select the specific permission mask Members 2

ACP > Users and Groups > Manage User Groups > Set Up New Group

---

This is where it gets more complicated.

3. Name your original members group and the original members mask, Newbies, or something along those lines. Then edit the group so that anyone in that group is automatically promoted to Members 2 after One post.

ACP > Users and Groups > Manage User groups > Edit group > Promote members of this group to: Members 2
when they reach 1 posts.

While you are editting that group, also change the following:
Can post new topics (where allowed)? > No

That will stop this group from creating new topics (How bots post their adverts). However, you will find that alot of new members want to post their introduction first (Assuming you have an introductions thread). If you want to allow this, then ignore doing this:

While you are editting that group, also change the following:
Can post new topics (where allowed)? > No

Leave it as:

Can post new topics (where allowed)? > Yes.

Now you will need to manually adjust the permission masks for each forum, go:
ACP > Forum Control > Manage Forums > Permissions

Untick the boxes for Start on all the forums except the ones you want first time posters to start topics in. I find it works fine like this as bots tend to post in topics such as General Discussion, and Off-Topic.

Now you've set everything up, just rename the Members 2 and Newbies group and mask to whatever you please.

This cut out 100% of bots from spamming up my forum.

Note: Any members in the group that you've now renamed Newbies will only be automatically promoted after they've made one post.

I've been using Gladstones method on my board and it has, indeed, stopped all bot posting. I wrote about it in this topic: Stopping the spam bots and other spammers, in the Invisionfree Discussion forum.
I've done it a little differently, in that I require newly registered members to reply to a confirmation post before having access to the whole board, but the method of using the "Can post new topics where allowed?" permission switch is a lot easier way to go, and may be less confusing to new members since they just have to make a reply anywhere on the board.

*agrees*

Great work Gladstone!

I have a question.....I have a growing number of bots who have managed to register and complete email validation. They have not been able to post. But what is the best way to deal with the bot registrations?

Is there any value to keeping them on the member list? Like maybe it prevents them from re-registering? Or should they just be deleted?

If they've got disturbing names, then you can delete, I'd leave them in the memberlist, because it bumps it up. I think they pratically have an unlimited number of names, but it might stop the more simplistic bots.

You could leave them there (to bump it up), but hide them from view. Do you know how to hide usergroups from the member list? Do that the the group that hasn't posted, but has validated.

I have recently found out that bots who can reply cannot deal with flood control.

So....to make your system 100% effective, you will need to set up flood control (set for 15-20 seconds) for the member group the bots come into when they validate their registration, and require TWO replies for promotion to the regular member group. Even if a bot is programmed to reply and is successful in making one reply, they will not try to reply again after being stopped by the flood control.


Doing this will remove any necessity to moderate your new members to catch any bots that made it through, or deny PM & email permissions to prevent bot spamming.

As well as hiding this group from the member list,you can color the group name the same color as your board stats background. Any bot names that appear there will only show up as a blank space unless moused over. This eliminates the problem of disturbing names showing up on your active user list.

Now we just need a code to choose the member group the "newest member" statistic comes from....

Useful,but very,very confusing to me. :doh:

I've had quite the influx of bots lately, and they've been using gmail and yahoo.uk addresses. I blocked the yahoo.uk addresses, but to many people use gmail to block that e-mail provider.....

Awesome idea! Why not use an iframe or AJAX to make that first post for them since spambots don't bother with Javascript? As an added bonus you could make it do something useful (such as set up *ahem* my blog code or a similar one which requires an automated post.)

Not quite sure I understand what you are suggesting, slaytanist. Are you talking about making a code that posts the required reply for a real user? How would that work?

And I love your profile blog code, BTW....only all my members could not get it to work (it would appear and function for some, but not for others), so I had to regretfully move on to another system.

Heheh cheers. Yeah it seems there's a few issues in my method with certain browser settings or other that stop it working for everyone unfortunately. But there must be other codes out there that use a similar system and a bot wouldn't know to post there without the JS doing it for them. Even then they'd be posting in a non human-read part of the board so their spam would not be damaging (in my experience the majority of bots post their message and get out of the way, although having not used IF for a while now this may no longer be the case...)

Except Melissa of course but that bot's just funny XD

My blog code automatically posts in a hidden forum if it hasn't already done so. A spambot-protection code could use Gladstone's method but make the post using a code like mine, letting members start using the board immediately rather than jumping through a couple of hoops which may put them off hanging around. This post could then be used for a useful purpose too since it's automated (possibly a referral system, extra registration details or anything really.) Since most bots certainly don't have a JS interpreter they wouldn't do this and would stay in the "validating" group. In case any did you could protect against them by including one of the JS registration hacks.

For bonus balls the whole thing could be wrapped in an autoinstaller that performed all the steps and set up the forums : )

Hope that made sense and is still relevent - like I said I've not seen IF bots for a while so I don't know their strategies anymore.

Yes, that makes sense and would be an incredibly cool way to deal with the issue. If anything, the bot problem has gotten worse for most everyone, so it's totally relevant.

I'm not totally understanding how a real user would move through the registration process with this system, but if it would relieve them from making the reply post required to get our of my spambot pen, it sounds like something I would definitely be interested in.

I've been having the same problem. I've considerded blocking yahoo.uk but I get a lot of british members so I'm not sure. :(