History: Anti-spam
Source of version: 19 (current)
Copy to clipboard
{syntax type="markdown" editor="wysiwyg"} # {{page}}
{DIV(float=right,width="200px")}{BOX()}
{DIV(style='text-align: center')}Related Topics{DIV}
- ((Spam Protection))
- ((Security))
- ((Comment moderation))
- ((How to Ban many IP from fake registrations))
- ((How to Remove SPAM))
- See also: [http://tiki.org/How+to+deal+with+spam|How to deal with SpamBots]
{BOX}
{DIV}
Measures to protect sites against spam
##$ Tiki registrations: Passcode to register + show it for humans
###$ Using pretty tracker template
Using "Use tracker to collect more user information" (admin -> login) you can design your own registration page by setting "Use pretty trackers for registration form". Activate the passcode option and enter a number (8 for example). In your registration pretty tracker template enter some text like "How much is 5+3" and add the field {$register_passcode}. As long the user is not human an not entering the number 8 in the field, registration will fail.
###$ Newer versions: using an admin setting
In the most recent versions of 6.x, 9.x, 10.x and 11.0 this is now a feature. Just visit **tiki-admin.php?page=login** and activate "**Require passcode to register**", save your settings. And then activate the new option that you will see saying: "**Show passcode on registration form**".
###$ Older versions: setting it by hand
If you can't see the option "**Show passcode on registration form**" in the security admin panel, then you can still use passcode and show it in the registration screen by configuring this behavior by hand.
An easy trick (by luci: thanks!)
1. Enable the option "**Passcode to register**" (Admin > Login > ...)
1. Enter the passcode the users will need to use and save by clicking "Change preferences". For this example, assume the passcode is **foobar**.
2. Code to add before the end < /body> tag. (**Admin > Look & Feel > Customization > Custom end code**):
1. If you are using some user tracker to collect more information from users at registration time, use this code:
{CODE(colors="javascript", ln="1", caption="code to add in Admin > Look & Feel > Customization > Custom end code")}
{if $mid eq "tiki-register.tpl"}{jq}$("form[name='editItemForm1']").prepend("<b>Passcode to Register:</b> <i>foobar</i> <br/>");{/jq}{/if}
{CODE}
2. If you just use the basic registration form by default (no user tracker to collect more information from users at registration time), then use this other code:
{CODE(colors="javascript", ln="1", caption="code to add in Admin > Look & Feel > Customization > Custom end code")}
{if $mid eq "tiki-register.tpl"}{jq}$("form[name='RegForm']").prepend("<b>Passcode to Register:</b> <i>foobar</i> <br/>");{/jq}{/if}
{CODE}
3. *(optional)* If you're comfortable editing files and have access, line 12 or so of the **templates/register-passcode.tpl**, which has the description of the passcode field, could be changed to refer to the passcode as follows:
{CODE(wrap=1)}
<em>{tr}Not your password. Enter passcode to register shown above. The code is case sensitive.{/tr}</em>
{CODE}
{REMARKSBOX(type="note" title="Note")}
To make the passcode a bit trickier to fetch properly by robots we can also write it with some html tags inside (or affecting half the passcode). E.g.:
{CODE()}foo<i>bar</i>{CODE}
instead of just
{CODE()}foobar{CODE}
or
{CODE()}<i>foobar</i>{CODE}
This way, the user will read the same word that they have to type in: `foo*bar*`, but robots will potentially read the html code, with the italic html tags in between, etc.
{REMARKSBOX}
##$ Banning Users or IPs
See ((How to Ban many IP from fake registrations))
You can also mass ban ips from comments pending moderation. See ((Comment Moderation))
Or you can ban many ip's at once directly through the ((Action Log)) interface.
##$ Remove Spam
If you got spam before you applied the measures to avoid it, see ((How to Remove SPAM))
{DIV(class=titlebar)} Alias names for this page {DIV}
(alias(Spam)) | (alias(Anti Spam)) | (alias(Antispam))