Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) How to stop the bots cold (Read 3,507 times)
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: How to stop the bots cold
Reply #12 - Jan 30th, 2013 at 12:16am
Post Tools
You might also want to try the Minimum Registration Time mod:

http://www.boardmod.org/yabb2/YaBB.pl?num=1354763852

From what I hear, it's been working okay for some people.
  
Back to top
 
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: How to stop the bots cold
Reply #11 - Jan 29th, 2013 at 11:37pm
Post Tools
WestwegoMan wrote on Jan 29th, 2013 at 5:10am:
I haven't had one get by in over a year


That's impressive.  I'm just enjoying looking at my error log now.  It's a beautiful thing..... Cool
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
westwegoman
Ex Member
**




None
Re: How to stop the bots cold
Reply #10 - Jan 29th, 2013 at 5:10am
Post Tools
Autonerdz wrote on Jan 28th, 2013 at 4:24pm:
I changed all the challenge questions so that they could only be answered if you were on my registration page.  Things like 'What is the last word in the registration agreement?'

Thanks for the idea. That's kinda what I did in mine. I make them identify an image at the top of my registration page. That along with Carsten's spam fruits mod has kept them all out. I haven't had one get by in over a year. Smiley
  
<div class=
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: How to stop the bots cold
Reply #9 - Jan 29th, 2013 at 4:43am
Post Tools
Derek Barnstorm wrote on Jan 29th, 2013 at 12:42am:
Quote:
- Don't show
- Show before registration form
- Show on registration form

It was actually you who came to mind when I made it selectable, because I know you like to add things to the registration agreement which wouldn't make sense if it preceded the form - so I thought it would make everyone happy that way. Smiley

Thanks Derek. Giving those three options make perfect sense, and it's good to have choices. Smiley

****************************************

Autonerdz wrote on Jan 29th, 2013 at 1:08am:
Bill Myers wrote on Jan 29th, 2013 at 12:34am:
What is the password that you see in this parentheses (nomorespam)?

I would not use that one.  Like asking 'What is the fourth word in this sentence?'  The question is forwarded to the humans to solve and the answer cannot be in the question.

Exactly, and that's the irony! What's interesting about making it that simple is spam-bots still can't figure it out unless of course a hu-bot gets involved. Added to a statement, I actually used the following simple question with the answer included, and spam-bots weren't able to pre-register.

Quote:
To help stop spam-bots, please answer the following question: What is 1 + 1 (the answer is 2)?

I only rotated 2 questions.

I didn't want people to have to jump through hoops to register. I also did it this way to see if spam-bots or hu-bots were trying to register. As it turned out, hu-bots rarely ever tried.

At some point hu-bots must have seen what was going on in our forum or in another forum, and that apparently lead to information given for spam-bots to work.

But that was okay, too. Changing the question, and providing a clear answer again was easy to do. Besides, I also used two other anti-spam mods, so the three together worked to keep spammers from registering.

****************************************

Autonerdz wrote on Jan 29th, 2013 at 1:08am:
Editing the agreement is another great idea though.  I just used words already in the agreement and asked what's the fourth word, last word, etc.

That makes perfect sense. Cool

The bottom line about stopping spam-bots cold is that YaBB gives us great options, and we can edit these options to best effect whatever works in our respective forums.

Shhhhh! Don't say anything, but I almost miss having spam-bot registrations to reject. Cheesy

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: How to stop the bots cold
Reply #8 - Jan 29th, 2013 at 1:08am
Post Tools
Bill Myers wrote on Jan 29th, 2013 at 12:34am:
The point is, YaBB's anti-spam options give us even more ways to stop spam-bots cold if we think outside of the box.


Indeed.

Bill Myers wrote on Jan 29th, 2013 at 12:34am:
What is the password that you see in this parentheses (nomorespam)?


I would not use that one.  Like asking 'What is the fourth word in this sentence?'  The question is forwarded to the humans to solve and the answer cannot be in the question.

Editing the agreement is another great idea though.  I just used words already in the agreement and asked what's the fourth word, last word, etc.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: How to stop the bots cold
Reply #7 - Jan 29th, 2013 at 12:42am
Post Tools
Bill Myers wrote on Jan 29th, 2013 at 12:34am:
However, I did notice in YaBB 2.5.4 that the registration aggreement precedes the registration form

It's an admin option to display it where you want:

Quote:
- Don't show
- Show before registration form
- Show on registration form

It was actually you who came to mind when I made it selectable, because I know you like to add things to the registration agreement which wouldn't make sense if it preceded the form - so I thought it would make everyone happy that way. Smiley
« Last Edit: Jan 29th, 2013 at 12:47am by Derek Barnstorm »  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: How to stop the bots cold
Reply #6 - Jan 29th, 2013 at 12:34am
Post Tools
Autonerdz wrote on Jan 28th, 2013 at 6:47pm:
Bill Myers wrote on Jan 28th, 2013 at 6:14pm:
(and/or possibly provide a password on your registration page, which is easy to add through the Admin Center, and easily changed as needed).


I don't know about this, Bill.  Is it available in YaBB 2.5.AE?

Your reply made me realize I didn't explain this well. My apologies! Roll Eyes

What I meant to explain is that YaBB makes editing of the Registration Agreement so easy to do through the Admin Center that you can simply add anything to it including a required password to register.

In other words, you can quickly and easily publish at the top of the agreement the current password to register (and change it whenever you want).

So the question presented in the registration form might be as follows:

What is the current password (see the 1st line of the registration agreement below)?

As such, the top line might read and look as follows:

The current password needed to register in this forum is: nomorespam

However, I did notice in YaBB 2.5.4 that the registration aggreement precedes the registration form, and they're on separate pages. As such, registrants might see the following question:

What is the password that you see in this parentheses (nomorespam)?

I hope I explained this better.

The point is, YaBB's anti-spam options give us even more ways to stop spam-bots cold if we think outside of the box.

  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: How to stop the bots cold
Reply #5 - Jan 28th, 2013 at 6:47pm
Post Tools
Bill Myers wrote on Jan 28th, 2013 at 6:14pm:
(and/or possibly provide a password on your registration page, which is easy to add through the Admin Center, and easily changed as needed).


I don't know about this, Bill.  Is it available in YaBB 2.5.AE?

Derek Barnstorm wrote on Jan 28th, 2013 at 5:44pm:
I have been thinking of adding another option to display an image, so you can ask "What do you see in the picture?"...


Great idea!

Another bit of info.....many of the bots I was fighting had clean IPs and I was the first to report them to Stop Forums Spam.  Many more had just one or two reports.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,557
Location: Los Angeles

YaBB 2.4
Re: How to stop the bots cold
Reply #4 - Jan 28th, 2013 at 6:14pm
Post Tools
Autonerdz wrote on Jan 28th, 2013 at 4:24pm:
I changed all the challenge questions so that they could only be answered if you were on my registration page.  Things like 'What is the last word in the registration agreement?'

Now that is smart thinking!  Smiley

Your solution is a great way to very quickly edit this mod as it's needed. So when an auto-bot or hu-bot figures it out, and bots in mass then hit your registration page, you can simply change the question as you've described how to do it (and/or possibly provide a password on your registration page, which is easy to add through the Admin Center, and easily changed as needed).

I've been doing this for a while with ggn's anti-spam hack that pretty much does the same thing with CAPTCHA (after automated anti-spam programs began to easily decipher whatever image CAPTCHA generated). Surprisingly, I haven't had to make any edits to our forum's altered CAPTCHA; not yet anyway, but it's easy enough to do if or when it becomes needed.

Thanks to Derek's suggestion, and Dandello's approval, there's great news regarding the implementation of ggn's anti-spam hack ("This will be a standard feature in the next release - Admin editable ...").

« Last Edit: Jan 28th, 2013 at 6:19pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Derek Barnstorm
Support Team
YaBB Next Team
Development Team
Beta Testers
****
Offline



Posts: 1,269
Location: United Kingdom

None
Re: How to stop the bots cold
Reply #3 - Jan 28th, 2013 at 5:44pm
Post Tools
Autonerdz wrote on Jan 28th, 2013 at 5:14pm:
Oh....and special thanks to Derek for this awesome Anti-Spam Question mod or this would not have been possible.

And thanks for sharing the tip.

I have read that bots can also use Google to search for answers, so how you're doing it is going to be the most effective way.

Q & A has pretty much become the most common form of CAPTCHA  now, so it's going to be top priority for spam programmers to crack - they just keep building up their database of answers.

I have been thinking of adding another option to display an image, so you can ask "What do you see in the picture?"...
  
Back to top
 
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,785
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: How to stop the bots cold
Reply #2 - Jan 28th, 2013 at 5:16pm
Post Tools
Tom,

Thanks very much for the details

Cool
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
Re: How to stop the bots cold
Reply #1 - Jan 28th, 2013 at 5:14pm
Post Tools
Oh....and special thanks to Derek for this awesome Anti-Spam Question mod or this would not have been possible.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Autonerdz
Full Member
***
Offline



Posts: 148
Location: Washington State USA

None
How to stop the bots cold
Jan 28th, 2013 at 4:24pm
Post Tools

We use YaBB 2.5 AE customized by Jon B. 

I would like to share with you how I stopped the bot registrants this weekend.  Not just slow them down but stopped them all cold in their tracks.  It's been two days now since a bot validated and made it to admin approval.

We have always used admin approval so that our forums are spammer free.  Bots continue to evolve and multiply and you never know when one might get through and of course a human always can.  But they don't get past me.  I use Forum Spam List Checker to help automate the vetting process.

First, a little history.  Some time ago, bots evolved with the ability to solve captchas.  When this happened I saw it immediately with all the bot registrants waiting for approval.  I did some experiments with the YaBB captcha and boogerd it up to the point a human could not solve it.  The bots were still solving it in less than 60 seconds.

So, we installed the Anti Spam Question.  That was working great until a couple of weeks ago when the bots started defeating that in mass.  I wondered if they had been programmed with the default questions, so I changed them all.  That didn't slow them down at all.

They are bots because there is only a couple variants of the reason for registering I also see that they come from everywhere as in bot net.  A don't believe it's possible for a bot to solve an unknown challenge question so i assumed that they are doing what was done with captchas before the bots learned to solve them.  They send them off to a sweat box somewhere full of humans that solve them.  Then the bots continue their evil work.

I thought that if this is the case with the challenge questions I bet the humans fed the questions cannot see my registration page.  So, I tried another experiment.  I changed all the challenge questions so that they could only be answered if you were on my registration page.  Things like 'What is the last word in the registration agreement?'

That did it.  It stopped all of them cold.  So, that is my current solution until the next bot net evolution.   Wink

I hope you find this useful.
  

Tom Roberts
http://www.autonerdz.com
THE PicoScope Authority in North America
Back to top
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top