CB Antispam released with great protection tools

This thread discusses the big news CB Antispam released with great protection tools .

Great job once again Kyle!
Congratulations to Kyle (krileon) for the great new major release!

Keep up the great work.

Wonderful ans vert useful plugin.

Could you tell us how and where phrases for anti spam can be translated ?

How does it fit with admin tools ? Can both tools be used at the same time for front end login control ?

Thanks

This plugin seem to be very complete and powerful... I looked on all settings but I'm a bit lost and unfortunately like all Incubator project no documentation are provided.

My goal was to only block user IP after (for example after 5 login attempt) for prevent brute force attack. So if I understand correctly is only required to:

- Go to Configuration plugin
- Go to Tab Login
- Go to Tab Auto-block
- Enable block

Could you confirm if this is right please ?

thank

Could you tell us how and where phrases for anti spam can be translated ?

All strings can be translated. Even the Question captcha mode questions and answers can be translated.

How does it fit with admin tools ?

I've no idea what admin tools is. CB AntiSpam acts on CB triggers so its goal is to only protect CB sites. It also only functions for frontend as there's plenty of tools to block backend (best case for backend is htaccess lockdown admin).

Can both tools be used at the same time for front end login control ?

I don't see why not.

Could you confirm if this is right please ?

Yup, that's correct location. Set the Attempts to 5 and adjust the other settings as needed as well to have your desired results.

Delighted to see a plugin to combat SPAM, but what we really need is something that can pattern match against registrations data to provide automatic blocks. We get a lot of robotic registrations with pretty consistent patterns: For example:
Name - Sleegrern SleegrernAZ
E-mail - teeptesty@hotmail.com
Username - Sleegrern

The "lastname" will always end in 2 Upper case characters and first, last, and username all match (except for the 2 uppercase characters) OR we get some where first, last, and username all match exactly. These are and a few other repeating patterns are all generated by SPAM-bots out there. A CB plugin that let use set up rules using REGEX patterns for these three fields and block if the pattern is matched would be HUGELY helpful.

We can not block by IP or email domain as the IPs vary widely and the emails are generally hacked accounts on popular email services like hotmail, yahoo, gmail, etc.). The best option would be something to detect the robot generated patterns of name and username and block if the pattern is matched.

Any chance you may add a feature like this to the new anit-spam plugin? Or is there any otther way this could be done with existing CB plugin(s)?

Delighted to see a plugin to combat SPAM, but what we really need is something that can pattern match against registrations data to provide automatic blocks. We get a lot of robotic registrations with pretty consistent patterns: For example:
Name - Sleegrern SleegrernAZ
E-mail - teeptesty@hotmail.com
Username - Sleegrern

The "lastname" will always end in 2 Upper case characters and first, last, and username all match (except for the 2 uppercase characters) OR we get some where first, last, and username all match exactly. These are and a few other repeating patterns are all generated by SPAM-bots out there. A CB plugin that let use set up rules using REGEX patterns for these three fields and block if the pattern is matched would be HUGELY helpful.

You don't need a plugin for this. You've been able to do this for years now. Just add custom regex validation to your fields by editing them in CB > Field Management and setting "Authorized input:" to "Custom PERL regular expression" now add your custom validation to "Perl Regular Expression:". Then they'll never even make it past registration validation and will fall into failed registration attempts and be subject to blocking if you enable and use it.

We can not block by IP or email domain as the IPs vary widely and the emails are generally hacked accounts on popular email services like hotmail, yahoo, gmail, etc.). The best option would be something to detect the robot generated patterns of name and username and block if the pattern is matched.

Nothing can detect such patterns reliably. What if a legitimate user has 2 upper case letters? You just lost a customer or user due to it. Spam registrations will always be a reality. The idea behind CB AntiSpam is to cut back on them. Human spam bots, like what you're probably experiencing, will always surpass stuff like this because it's a person sitting there inputting the data. Spam bots won't or shouldn't make it past the new captcha in CB AntiSpam so you should be able to completely eliminate automatic bots; you can also use ReCaptcha captcha mode if you like which uses advanced image recognition deterrent techniques.

Any chance you may add a feature like this to the new anit-spam plugin?

Nope.

Or is there any otther way this could be done with existing CB plugin(s)?

In addition to the above you can use CB Auto Actions to check against post data and try to fail the registration. Conditionals has a REGEX operator so you could regex a field value to see if it contains a match to something you don't like then set a $_PLUGIN error which should stop registration using a Code action with PHP Method. Be careful though as simply checking for 2 capital letters at the end of a last name could easily backfire and block many legitimate users.