Page Index Toggle Pages: 1
Topic Tools
Normal Topic Easy Anti-spam Technique (Read 1,265 times)
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Easy Anti-spam Technique
Reply #6 - Jan 11th, 2012 at 4:57pm
Post Tools
Quote:
Code (Perl)
Select All
    if ($FORM{'dateset'} eq '') {
        $dateset = $FORM{'dateset'};
        &fatal_error("", "Registration not allowed: Our system has detected that you are a spammer. ($dateset)");
    } 


Oh buggers! What was I thinking!? This would't work anyway, because it will only be triggered if the value is empty, so the $dateset variable will always be empty anyway. Embarrassed

Oh dear! Sorry about that! Cheesy

I was getting mixed up with another technique I've been testing out which does it the other way around, by relying on a value to be set in an invisible field. Huh
« Last Edit: Jan 11th, 2012 at 5:36pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Easy Anti-spam Technique
Reply #5 - Jan 11th, 2012 at 4:48pm
Post Tools
Ah, yeah. The 'dateset' check is actually below the image verification check (it's actually one of the last ones), so the image verification check will be triggered before the 'dateset' check is. If that made sense.

If you wanted it before the image verification, then you would have to move it to before this line:

Code (Perl)
Select All
    if ($regcheck) { require "$sourcedir/Decoder.pl"; &validation_check($member{'verification'}); } 

« Last Edit: Jan 11th, 2012 at 4:51pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: Easy Anti-spam Technique
Reply #4 - Jan 11th, 2012 at 4:40pm
Post Tools
Thus far, the message "Registration not allowed: Our system has detected that you are a spammer. ($dateset)" is not showing up in my forum's error log.

Instead, a common error is "The Verification code was not the same as the image presented on screen, please go back, refresh (hit F5 on most browsers) and try again."

So, i guess the bot(s) targeting my forum are indeed using the registration form, and sometimes not accurately reading the captcha image.
  

Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: Easy Anti-spam Technique
Reply #3 - Jan 11th, 2012 at 4:13pm
Post Tools
Hi George,

I certainly wouldn't rely on it as your 'only' spam prevention, I'd just use it as a little extra. I was reading just yesterday that spammers can adjust their robots now and again to any changes on your forms, so there is a chance that they have sussed it, and are entering a random value.

If you was interested in seeing if they are entering a value or not, then change this line:

Code (Perl)
Select All
    if ($FORM{'dateset'} eq '') { &fatal_error("", "Registration not allowed: Our system has detected that you are a spammer."); } 


To:

Code (Perl)
Select All
    if ($FORM{'dateset'} eq '') {
        $dateset = $FORM{'dateset'};
        &fatal_error("", "Registration not allowed: Our system has detected that you are a spammer. ($dateset)");
    } 


Then in the error log, if there is a value between the parentheses you know that one has been entered. It should be a unix timestamp, but a bot would probably enter any random value.


Thanks a lot for the feedback anyway. Smiley
« Last Edit: Jan 11th, 2012 at 5:26pm by Derek Barnstorm »  
Back to top
 
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: Easy Anti-spam Technique
Reply #2 - Jan 11th, 2012 at 3:51pm
Post Tools
I spoke too soon about this hack stopping spam registrations. They're continuing as before, and seem to be automated. I suppose the bot is using Register.pl to register.
« Last Edit: Jan 11th, 2012 at 3:52pm by George Maschke »  

Back to top
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: Easy Anti-spam Technique
Reply #1 - Jan 11th, 2012 at 3:34pm
Post Tools
Thanks, Derek! That's a clever hack, and it seems to be preventing automated spam registrations on my forum.
  

Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Easy Anti-spam Technique
Jan 11th, 2012 at 3:23am
Post Tools
I'm working on another anti-spam mod at the minute which will use three very simple techniques which should be fairly successful at stopping spambots, so I thought I'd share one of them here with you which is extremely easy to add to your forum.

The idea is that a robot won't actually visit the register page, it will post the field values with its own form. So you place a hidden form field in the register page and apply the '$date' variable to the value:

In Sources/Register.pl find:

Code (HTML)
Select All
            <input type="hidden" name="language" id="language" value="$language" /> 


And add after:

Code (HTML)
Select All
            <input type="hidden" name="dateset" value="$date" /> 


You then check for the value when the form is submitted, and if the value is empty (i.e. the date hasn't been set) you can reject it as spam because you know that it didn't visit the register page, and therefore must be a bot using its own form.

So next, still in Sources/Register.pl find:

Code (Perl)
Select All
    &ToHTML($member{'regrealname'}); 


And add after:

Code (Perl)
Select All
    if ($FORM{'dateset'} eq '') { &fatal_error("", "Registration not allowed: Our system has detected that you are a spammer."); } 


You'll be able to see if it's working by checking your error log.

I've caught a good few out already just on my test board, and as you can see, it's extremely simple. It obviously won't stop humans, but it isn't a bad bit of extra defense against bots.
« Last Edit: Jan 11th, 2012 at 3:59am by Derek Barnstorm »  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top