Sabre permitting spam registrations

The plugin author appears to have stopped posting here about 8 months ago. Does anyone know if he’s still maintaining the plugin & how to contact him? His own website doesn’t permit registration or commenting so there’s no way for me to contact him in that way.

I took the liberty of updating a few things in the plugin including what I think is causing this error. I’d be surprised if the plugin was actually doing anything for you previously, because it wasn’t able to create the necessary MySQL tables. Hopefully this updated version will allow you to stop spam dead.

I really wanted to use it and the developer seems to have disappeared. If he ever comes back, I’ll be happy to remove my link:

sabre-1.2.2.2.zip

I’ve updated it a couple times for various things, so I just tacked another .2 onto the end of the version number.

I’ve fixed the MySQL table creation error by removing the deprecated TYPE option.

I’ve also fixed the DNS blacklist issues. The queries worked, but they would return false positives. I replaced zen.spamhaus.org with the two correct servers: sbl.spamhaus.org and xbl.spamhaus.org.

I also updated the gethostbyname logic to prevent false positives. It will only show the banned ip error if one of the proper DNS blacklist servers recognizes the IP address.

I don’t have much time to maintain a plugin, but I did fix what wasn’t working for me — and what most people are complaining about on here. I cannot guarantee that I’ll be able to fix any other issues as I seldom have time to visit the forums.

Thanks for clarifying that the plugin had stopped working. Too bad the author has abandoned it without letting anyone know.

I’m glad to know that the updated plugin might stop these spam registrations. I’ll upgrade and let you know how it goes. THanks for taking the time to do this & share it here.

My pleasure, let me know how it goes.

It didn’t appear to work any differently for me. I uploaded the new version. But within hours I got another spam registration. So I’ve changed the setting so that I manually approve all registrations, which is a drag.

I also tried a different plugin that addresses the same issues, but it too wasn’t doing any better in stopping the spam registrations.

Thanks for trying.

What options do you have enabled in the settings?

There are scores of settings. Are there any in particular you want to know?

Here are the Captcha options:

Captcha options

Enable captcha test: Y
Use white background: N
Accepted characters:
String length: 6
Contrast: 60
Number of polygons: 3
Number of ellipses: 6
Number of lines: 2
Number of dots: 2
Min. thickness: 2
Max. thickness: 8
Min. radius: 5
Max. radius: 15
Object alpha: 70

Math options
Text captcha options
Sequence of tests
Stealth options
Confirmation options
Policy options
Invitation options
Miscellaneous options

Particularly the stealth options. I haven’t had any spam registrations since I fixed this… ymmv.

Enable stealth test – checked
Block if Javascript unsupported – checked
Session time out – 300
Speed limit – 3
Check DNS Blacklists: – checked

Those options are why I wanted this plugin to work in the first place – spam prevention without a user-required captcha.

Enable stealth test: On (Turn silent control on/off)
Block if Javascript unsupported: Y
Session time out: 120
Speed limit: 8
Check DNS Blacklists: Y

Interesting. Can you verify that sabre table is installed in the mysql database?

Yes, I do see it under Phpmyadmin->SQL

There is a Sabre table listed.

Then that’s as far as I go, you must be getting more spam traffic than I am. Sorry.

Thanks for trying. If I might ask you a separate, but related question. This registration appears from what I can tell to be legit:

julius nehorai julius at nehorai.eu 78.133.9.222 2013-01-28 02:01:54 323
13839 julius nehorai julius at nehorai.eu 78.133.9.222 2013-01-28 01:58:44 323

But the same person also had 2 failures to register:
13840 julius nehorai julius at nehorai.eu 78.133.9.222 2013-01-28 01:59:15 Invalid code.
13838 julius nehorai julius at nehorai.eu 78.133.9.222 2013-01-28 01:58:05 Invalid code.

Would this be suspicious to you? And why is he failing to register twice & then succeeding in registering twice?

By forcing registration to be done manually am I losing another aspect of protection that I’d have if those registering needed to confirm registration themselves?

I’m not sure. Those look suspicious to me. If you enable user confirmation that can also reduce spam registrations at the expense of making real people click a link in their email. Some bots are smart enough to do that as well.

Enable confirmation – checked
Number of days – 1
Deny early sign-in – checked
Send mail when confirmed – only if you care
Suppress unregistered users – checked

I checked the ip on the DNS blacklists. It’s not on there, so it could just be someone getting paid two cents an hour to spam international pharmacy advertisements.

Thanks. This individual was actually real. One of the few real ones. I wonder if there’s a way to turn registration off entirely. I only have subscribers anyway. Registration doesn’t serve any particular purpose for me.