Register
Email: Password:
Forum » Spambots please suck my behind kthx
  • « previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • » next
  • Spambots please suck my behind kthx

    Crazy 17 years ago
    Eye like.

    Unless it's going back to PBlang.

    I still think [PBlang < phpBB with bots]
    #
    Grim Reaper 17 years ago
    SMF be awesum.
    #
    Thaif 17 years ago
    I concur. Used it and I liked the "mechanics" of it.
    #
    Vacuus 17 years ago
    You was waiting to say something like that, werent you Amarth?

    But, SMF is truly awesome. Every phpBB board I've had, eventualy degenerates into a fistful of spammers, But, SMF doesn't seem to have these issues.

    There's some converters on the site, too, so you wouldn't loose all the posts

    IPB (Invision) is pretty neat as well, though I don't know if you'd loose all of your posts (you would hope not for a commercial solution), but, hey, it's got some really nice mods, and seems to have the least problems with bots.
    #
    Madgamer 17 years ago
    Did any of you guys notice that we have A LOT less spams than usual?

    I typically saw about 3 spams day per-say. Now we only get 1 to 2 spams.

    Well, time to check up on the news to see if there's any earthquake or terrorism going on to effect this. If it is, HOORAH! I shalt bow down to thee for bringing the utmost apocalypse to our harbringers whilst wreaking complete pandemonium beside 'em. Otherwise, screw you.
    #
    Quanrian 17 years ago
    "Madgamer" said:
    Did any of you guys notice that we have A LOT less spams than usual?

    I typically saw about 3 spams day per-say. Now we only get 1 to 2 spams.

    Well, time to check up on the news to see if there's any earthquake or terrorism going on to effect this. If it is, HOORAH! I shalt bow down to thee for bringing the utmost apocalypse to our harbringers whilst wreaking complete pandemonium beside 'em. Otherwise, screw you.

    I am trying here... It's not as if we're just letting them step all over us. They are extremely persistant to say the least. I've gone one more step by making all gaming threads mod only for creation of threads. I've been finding ads in old sections like Wazzal and such. This may not make them go away, but it certainly makes them being here pretty useless. Eventually I hope they find somewhere else to harass so we can open up the forum fully again.
    #
    Anonymous1157 17 years ago
    There's almost absolutely no traffic whatsoever to those older game threads. I still don't see why at least the Magebane 2 subforum hasn't been locked, since that's the one that gets spam posts.
    #
    Madgamer 17 years ago
    I think that getting a new forum for us is the best thing we can do right now.

    ...You know what? I second that, get a new forum for the adbots to spam on. Let's do the impossible and uncrackable task!

    If I'm talking awkward, it's because I'm doing my English homework right now. Teachers makes the most stupidest questions and I just LOVE rewiring their words. Here's one messed up stuff I wrote:

    'Q. Describe the trick Penelope used to delay choosing a husband from among the suitors'

    'Me: Weave a shroud, unweave that ugly mess while stalking at night, weave it all up again, all in a nice binary 101010101010 formation.'

    That stuff was from Odysseus crapptastic lines.

    However, I think that getting a new forum is our best bet now, as I see this thread has become obsolete, close to anyways. All the suggestions has been proven with false entities.

    We all must pray to this:
    #
    Quanrian 17 years ago
    "Anonymous1157" said:
    There's almost absolutely no traffic whatsoever to those older game threads. I still don't see why at least the Magebane 2 subforum hasn't been locked, since that's the one that gets spam posts.

    Actually they all got spam. I've deleted threads from all of them at one point or another. Besides they're still Ville's games and people 'might' have legitimate questions. So they can always ask in one of the threads that is already there.
    #
    Grim Reaper 17 years ago
    I hads a nice idea... Would it be possible to add a similar thing to prevent bot registration than the one used as a spamfilter for commenting on <!-- w --><a class="postlink" href="http://www.sosiaalisestirajoittuneet.fi">http://www.sosiaalisestirajoittuneet.fi</a><!-- w --> (it's a Finnish webcomic)? It seems rather nice.
    #
    Amarth 17 years ago
    In case you don't want to go researching, it's "select the right option in a drop-down list".

    I like kittenauth a lot more. There doesn't seem to be a test version around, though...
    #
    Grim Reaper 17 years ago
    "Amarth" said:
    In case you don't want to go researching, it's "select the right option in a drop-down list".

    I like kittenauth a lot more. There doesn't seem to be a test version around, though...
    You know what, that actually seems very awesome. And to help things out a bit, one could REPLACE the link to the registration page with KittenAuth or something similar, and when the user gets through the authing system, s/he'll be directed to the ACTUAL registration form.
    #
    Zombie 17 years ago
    That's brilliant. It would trick the spambots and, in all likelihood, a spambotter wouldn't waste their time making a bot to overcome it. Even if they did, the "auth code" could be randomly generated in the "funky texty image" style. The main code would be in a box, like normal... Then you have to select from a drop down list of similar boxes, only one with the same text (randomly organized, and in a different format) in addition to typing the code into a text box.

    Not only is that completely paranoid security, I think it very well might be almost impervious to spambots. Each authentication to get to registration would require human interaction and would require a little time to complete. It should make it easy for legitimate users, but botters would actually need to manually complete the authentication portion and, if it is required before AND after completion of the registration form, it might just make it too much of a hassle for casual spambotters. A quick auth code for new posts and new threads might also help. Something that is easy and not too much of a hassle for us, but something that would require way too much interaction for a botter to find it worthwhile at all.

    If we do that and switch forum software, we might have a chance of eliminating a major chunk of our bot problem. The only way I can see this being a problem is if we're not just the target of random adbots. If this is a directed attack against the forum for whatever reason, then I doubt anything we can do will stop them. Short of finding out who they are and getting their ISP to DOS them out of our hair, I can't think of a way to beat them.

    For the automated adbotters, making an easy-for-humans but hard-for-bots entry auth system is crucial. Dual code (image code and text code) authentication should ensure that only humans or devoted botters get in. Post and thread authentication also should ensure that only humans or devoted botters can make threads or posts. It would be easy enough for a human to do and it wouldn't be much of a hassle to enter in a short code or to match a code across funky image variations of it via drop-down box before making a post or thread.

    I should start a paranoid security devision... "Paranoid Security: We can keep you safe, as long as you don't trust us."
    #
    Amarth 17 years ago
    Still, someone should code it if we want to use it.
    #
    Vacuus 17 years ago
    I'ld gladly code it, but time seems to be an issue at the moment so:

    Here's another way that'd work, though I doubt very much whether it would last for long.. Basically, I'm thinking of checking the clients IP on SPEWS, to determine if they are a recognised spammer or not..

    If they are, then obviously we deny them access on registration (but possibly still return a "Completed succesfully" message for added confusion), otherwise it all continues as normal (a big if/else statement would work here).

    Simple, eh? I figure I could code this in a couple of hours this coming Sunday, however I want to point a few things out if anyone else wants to try:

    -The check would need to be AFTER form-data has been submitted to the forums, as Bots do not use the standardised forms and instead send data directly.. (Ville, was this the problem with your addition?)

    -It isn't full-proof. Not all spammers are listed on SPEWS

    -I'm not sure if PHP's fopen() function will read of another site, need to experiment with that one.
    #
    Crazy 17 years ago
    I think i know what's keeping these things going.

    http://www.monkkonen.net/forum/profile.php?mode=viewprofile&u=3781&sid=60143bdb94f202de1ce0313466060e40
    #
    MageKing17 17 years ago
    One method of spambot prevention I've seen is a special code is required to create an account, which can be found only inside a forum post. Now you might say, "Why make the code publicly available like that?" Well, remember that every page access costs more bandwidth. Viewing that one post would require, at the minimum, two extra page requests. I've seen it work before.
    #
    Grim Reaper 17 years ago
    "MageKing17" said:
    One method of spambot prevention I've seen is a special code is required to create an account, which can be found only inside a forum post. Now you might say, "Why make the code publicly available like that?" Well, remember that every page access costs more bandwidth. Viewing that one post would require, at the minimum, two extra page requests. I've seen it work before.
    HOLYSHIT totally yes.

    Also, use the idea where the registration link shown directs you to some page with a validation thingummy, and if/when you pass THAT, you get to the propar registrashun page.
    #
    Zombie 17 years ago
    Maybe a combination with the text recognition/matching textbox/dropbox idea... Or just pick the one with the least hassle. I honestly think having one of those funky auth code images, then having a box that says, "Input the code in the image into this box", and finally a dropbox that says, "Pick the image with the same code as the first image." Randomize the dropbox order and image/code generation and make it before and after the actual registration forum and bot presence will probably drop a whole damn lot.

    If we add the "pick the image with the same code" or the "input the code" box to make a post or thread, then the probability of them being able to get in and annoy us drops further. It introduces hassle to the bots while not introducing much hassle to the actual humans who want to register. It's meant to be fast, random, and secure. Having a broadcast code might cost the botters some extra bandwidth, but if they're an ad corporation then I doubt they'll care. They might even have a way around those sorts of things. They're also likely to have a way around the dual auth code idea but I doubt it will be as effective if the code and images are random and hard for image recognition softwares to decipher the text from. It would take a lot more than two page requests of time/bandwidth to solve the system I propose, and it won't require new arrivals to look for a code. If you tell people to look for a code, too, they might just say, "Screw that, I'll do it later" and end up not registering at all.

    I mean, if we have a code and it's meant to tax the bots, then we can't openly display a link for the code. If there is already a method to get past that, which there might be (search for link, go to link, search for likely codes and test them, repeat as needed) then it might not be as taxing as you think. If they are an ad company then they probably have a deep pool of resources to draw from as they would need to figure in fluctuation in bandwidth usage and possible overages. They probably also figure that into what they charge the companies purchasing their surfaces. If this is an attack then, depending on how pissed/stupid/mean they are, they might not care about a few extra clicks or page requests. It might stop them and then again it might not.

    On the other hand, that idea does benefit because it requires little coding and such. While it is equal hassle for bot and human alike to register, it does have a strong point in its ease to code. I do think, however, than we might be able to obtain code for code and image generation. Possibly even for the drop-box and the code input portions. If we splice them together or modify the code input portion a bit to act as the drop-box portion of the auth, then we reduce the amount of coding that needs to be done. The name of the image file would also have to be a completely random string of characters. Some auth systems seem to name the images something based on the code and bots may be able to use that to get in. A random and arbitrary naming system would waste bot resources and time, which is very precious to botters. More importantly, each registration would cost them this time. Same with each post and thread creation. Their business is to make many, many, many advertisements in many, many, many forums at an extremely fast rate in order to maximize profits. If we cost them time and bandwidth, we can not only block them from entrance in some/most cases, we can also deter them from even trying to crack the system we have in place.

    It would be very excellent if the system we have in place is even incapable of being deciphered or cracked from outside of the server. Then they'd have to actually hack and steal the system we use to figure out how to beat it, in which case we could just modify code generation to completely nullify their attempts yet again. This would then also give us legal leverage as we could sue or even just prosecute against them for such attack. It would be a supreme risk of time, profit, and the business itself to try to crack a system like that.

    A server-side code gen device (generate something like a random many, many, many character code that is deposited into a text file that the auth code generator reads and uses random sections of in order to generate a code) would be an act of sheer brilliance, I think. It would be an ultimate randomization and adaptability for the system. Not only could it resist cracking attempts and deter botters, it could also simply change it's code generation technique and style every week or so, nullifying all past attempts to crack it.

    Of course, a system like this would be very, very precious and awesome to every forum plagued by adbots. That is, if it works. We could possibly be doing a community service! Even if the botters got a copy of the system, it wouldn't do they any good because the random code gen server side could generate it's many, many digit code from several sources based solely on things that are machine-dependent and variable. Maybe one time it uses core temp and fan speed? I don't know, but it would maximize possible security with an auth code, I think. Also, even if they could somehow magically crack that, having the super-long code would do no good as the web-side code gen uses a random section of that super-long code (random number of chars would be good, too) in order to generate the auth code.

    I think it would be a very effective and paranoid way to protect any sort of forum. With testing and such it could quite possibly evolve into the ultimate forum protection system. At least that is what I think.
    #
    Grim Reaper 17 years ago
    As an addition to the dropbox thing, the first two options should ALWAYS be "Choose from the list" and a blank space, in that order.
    #
    Madgamer 17 years ago
    What strikes me odd is that now more members are joining in instead of spambots but they're doing a lot of forum digging. Now how are we going to stop THAT?
    #
    harwe 17 years ago
    start by making a thread called
    "Thread Miners suck my behind plz thnx"
    #
    Anarion 17 years ago
    Anyone noticed any adbots around here lately?
    #
    Amarth 17 years ago
    "Anarion" said:
    Anyone noticed any adbots around here lately?
    Yes, in the memberlist. The fact they don't post is because, well, almost nobody can post in Notrium Modding (where they are going to for some mysterious reason).
    #
    Grim Reaper 17 years ago
    Howsabout adding that page you're taken to when you click "Register", and after you've passed through the safe-check, you'll be taken to the actual registration page?
    #
    Anonymous1157 17 years ago
    I say we write a script that removes new members that never posted after a week or two. 'Cause now that we've stopped them from posting, all we have to do is stop them from taking up space.
    #
    Grim Reaper 16 years ago
    They're baaaack...
    #
    Idiota 16 years ago
    It's important to note that some of the people coming to spam our forums are actually normal people paid 2 cents per post they make.
    #
    Forum » Spambots please suck my behind kthx
  • « previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • » next
  • Post Reply


    Your email:
    Your name: