Hello everyone, today I will guide you on how to prevent spam auto-registering nick for XenForo 2
To accomplish this, please follow my instructions.:
Navigate to the "PAGE_CONTAINER" template and find
Replace it with:
Afterward, create a file named antispam.php next to index.php and paste the following code into it:
Go to src/XF/Pub/Controller/Register.php
Find:
And replace it with:
The code will block the IP for 300 seconds if the wrong password is entered, ensuring XSS security.
That's it, you're all set! Wishing you success!
To accomplish this, please follow my instructions.:
Navigate to the "PAGE_CONTAINER" template and find
HTML:
<xf:if is="$xf.options.registrationSetup.enabled">
<a href="{{ link('register') }}" class="p-navgroup-link p-navgroup-link--textual p-navgroup-link--register"
data-xf-click="overlay" data-follow-redirects="on">
<span class="p-navgroup-linkText">{{ phrase('register') }}</span>
</a>
</xf:if>Replace it with:
HTML:
<xf:if is="$xf.options.registrationSetup.enabled">
<a href="{{ link('register') }}" class="p-navgroup-link p-navgroup-link--textual p-navgroup-link--register"
data-follow-redirects="on">
<span class="p-navgroup-linkText">{{ phrase('register') }}</span>
</a>
</xf:if>Afterward, create a file named antispam.php next to index.php and paste the following code into it:
PHP:
<?php
session_start();
// Change to your actual password
$real_password = 'XenForo';
// Generate hashed password
$correct_password_hash = password_hash($real_password, PASSWORD_DEFAULT);
// Maximum number of login attempts before IP lockout
$max_login_attempts = 3;
// Lockout duration after reaching maximum login attempts (in seconds)
$lockout_duration = 300; // 5 minutes
// Check login status
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
// Check if IP is locked
if (isset($_SESSION['failed_login_attempts']) && $_SESSION['failed_login_attempts'] >= $max_login_attempts && isset($_SESSION['lockout_time']) && $_SESSION['lockout_time'] > time() - $lockout_duration) {
$time_remaining = $_SESSION['lockout_time'] - time();
die("IP locked out. Please try again in $time_remaining seconds.");
}
// Check password when submitted
if (isset($_POST['password'])) {
$password = $_POST['password'];
if (password_verify($password, $correct_password_hash)) {
$_SESSION['loggedIn'] = true;
$_SESSION['failed_login_attempts'] = 0; // Reset failed login attempts when login succeeds
header("Location: /register/index.php");
exit();
} else {
// Increase failed login attempts
$_SESSION['failed_login_attempts'] = isset($_SESSION['failed_login_attempts']) ? $_SESSION['failed_login_attempts'] + 1 : 1;
// If maximum login attempts reached, lock IP
if ($_SESSION['failed_login_attempts'] >= $max_login_attempts) {
$_SESSION['lockout_time'] = time() + $lockout_duration;
$error = "IP locked out. Please try again in $lockout_duration seconds.";
} else {
$error = 'Invalid password.';
}
}
}
if (!$_SESSION['loggedIn']): ?>
<html>
<head>
<title>Register User</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Register users" />
<meta name="keywords" content="Register users" />
</head>
<body>
<div align="center">
<?php if (isset($error)) echo "<p>" . htmlspecialchars($error) . "</p>"; ?>
<p>Please enter XenForo below:</p>
<form method="post">
Password: <input type="password" name="password">
<input type="submit" name="submit" value="Login">
</form>
<?php
if(isset($_SESSION['lockout_time']) && $_SESSION['lockout_time'] > time() - $lockout_duration) {
$time_remaining = $_SESSION['lockout_time'] - time();
echo "Time remaining: $time_remaining seconds";
}
?>
</div>
</body>
</html>
<?php
exit();
endif;
?>Go to src/XF/Pub/Controller/Register.php
Find:
Pour consulter le contenu, vous devez : Se connecter ou S'inscrire.
And replace it with:
Pour consulter le contenu, vous devez : Se connecter ou S'inscrire.
The code will block the IP for 300 seconds if the wrong password is entered, ensuring XSS security.
That's it, you're all set! Wishing you success!
