Guests on register page!

Empire

Confederation of lords
Jul 16, 2015
21,749
2,430
320
25
United Kingdom
www.baysidegamers.com
FP$
68,109
Lately I see allot of guests on the register page and when I check they tend to spent some time on that page. but they do not register an account. I See traffic on that page but no one is joining.

I check the site register account settings and it's fully working with no errors and just still can't think to why they are just stuck on the register page

  1. fake traffic, like bots and whatnot
  2. they are just there for the sake of it
  3. something is wrong and can't join, yet again once they are in I would have logs
  4. There are no errors listed on the logs
 
B

Bryn

Guest
If you take note of their IP addresses and look them up, then you'll know which are mindless bots or not. Not sure if that partly solves your problem. Don't panic.
 

Empire

Confederation of lords
Jul 16, 2015
21,749
2,430
320
25
United Kingdom
www.baysidegamers.com
FP$
68,109
If you take note of their IP addresses and look them up, then you'll know which are mindless bots or not. Not sure if that partly solves your problem. Don't panic.
I have and they are allover the world, so can't tell.
 
B

Bryn

Guest
You can also look them up under StopForumSpam to see if there's anything ominous about them each.
 
D

Deleted member 44219

Guest
I commonly have guests on my forum but they always just sit on the Board Index. I always wonder why they do it.

Of course, the both of us are dealing with these odd guests and I suspect every other forum is. Something isn't right.
 

Azareal

Paragon
Dec 18, 2010
1,746
354
130
Mars
gosora-project.com
FP$
4,498
They are bots. A good portion of the users you'll get will largely be machines.
There a lot of tell-tale signs like a strangely high number of Linux users (people use Linux, but nowhere near as much as Windows), suspicious registration attempts, etc.
 

Ghost

Seasoned Veteran
Blogger
Jun 25, 2009
3,105
141
135
Earth
wubur.com
FP$
2,157
Your registration page looks pretty self explanatory. I doubt many of these users are real humans. They are most likely bots.
You should look at the IP addresses and see if there are "ranges" in use. When you buy IP addresses you can buy them at discount if you get a 'block' or 'range' of addresses. This basically means like 192.168.0.1, 192.168.0.2, 192.168.0.3. As you can see there is a range where the IP addresses are extremely similar and incremented up the range. Many spammers and hackers buy their IP addresses in ranges because it's more affordable and allows them to avoid IP bans (although modern security services are well aware of this technique) and automatically triggered "human checks".

That brings me to my next point... The Google reCaptcha is very useful, and it's something I use on all of my clients' projects. It's very effective, and it's extremely possible that they are stuck on this part for some reason - especially if it's an older bot that either can't handle that anti-spam measure or a bot that is detected by Google.

There is a solution you can put in place if you truly want to know.
Essentially you can create a tiny AJAX request on that page that does the following:
-> tracks IP address
-> tracks arrival time/date
-> tracks what input/registration field they are on

Every time they move on to a new registration field, it triggers a new AJAX request & adds that data to their log. If they successfully register you can automatically remove this data. Additionally you can set up a 'cron job' to analyze the data every day or week and send you a report that basically says:
-> 553 users visited registration but didn't sign up
-> 112 users left after attempting Google reCaptcha
-> 57 users left after filling out the confirm password field
-> 13 users left after attempting to uncheck "send me news & updates"
-> 59 users did not fill out any part of registration
etc etc

It could offer you some pretty detailed insight into what they are doing on registration & when they are leaving :)
It's not to hard to implement either - just requires some knowledge of JS, AJAX, PHP, MySQL and the cron job. It would take about an hour or two to really flesh something like this out, but it might be worth it to you. I'd build it for $50 if you wanted :)
 

Empire

Confederation of lords
Jul 16, 2015
21,749
2,430
320
25
United Kingdom
www.baysidegamers.com
FP$
68,109
People don't want to join forums much. Instead, everyone is on social media. Well, people might browse a forum - but no motivation to join - even if it's good.
Do get an odd one. But now so offer guests to post then register an account option for new people
 

Azareal

Paragon
Dec 18, 2010
1,746
354
130
Mars
gosora-project.com
FP$
4,498
This basically means like 192.168.0.1, 192.168.0.2, 192.168.0.3.
I do have to note that those are private IP addresses.
Please don't ban yourselves off local installations of sites lol
Many spammers and hackers buy their IP addresses in ranges because it's more affordable and allows them to avoid IP bans (although modern security services are well aware of this technique) and automatically triggered "human checks".
They often infect people's computers with a virus and use them as slaves to attack sites.
There was even one virus for Windows XP which forced someone to solve CAPTCHAs before they would be allowed to login.
The Google reCaptcha is very useful
It's particularly useful for filtering out humans too.
I usually try to avoid it, unless it's absolutely necessary, like pills with a dozen side-effects lol
 

Ghost

Seasoned Veteran
Blogger
Jun 25, 2009
3,105
141
135
Earth
wubur.com
FP$
2,157
I do have to note that those are private IP addresses.
Please don't ban yourselves off local installations of sites lol
Haha yeah, those were just examples! But those IP addresses will usually refer to your router & aren't even the IP address a website sees. So if your router is 192.168.1.1 and you ban it, you can still access your own site because your router is actually altering the public IP that the website sees.

They often infect people's computers with a virus and use them as slaves to attack sites.
There was even one virus for Windows XP which forced someone to solve CAPTCHAs before they would be allowed to login.
Yeah, that's very true. There are also services for CAPTCHA answering (I know I've seen it at least once where you can get paid to answer CAPTCHAs in bulk). It's similar to the malware that replaces ads with banners that benefit the malware owner instead of the site you're on.

It's particularly useful for filtering out humans too.
I usually try to avoid it, unless it's absolutely necessary, like pills with a dozen side-effects lol
I think that's much more likely with the extremely difficult / "most secure" CAPTCHA settings. You can go for the more relaxed settings that don't scrutinize the user as much and won't repeatedly force them to solve new questions. I don't like the pills / question methods because a bot can just continue trying different answers until they find the correct answers or a human can solve them & give all the answers to their bot.