goffy wrote:
hi geekwright
two additional ideas, which I have implemented on myxoops.org:
1) starting point of bots is register.php, I'm using another name (changed manually). Would it be possible to generate during installation of xoops a random file name and write this file name into xoops config?
2) normally nobody types in "http://website.com/register.php" in the Url field of browser. Everybody use the link somewhere on the website to get to registration form, therefore there must be a http referer if register.php starts.
Of course, this steps do not help against cheap human labor.
What do you think?
Have the changes made a measurable impact?
It seems like the changed name of the register.php would just be another database item for the bot logic, just like the domain and field details. A bot survey of the site could just look for the link by proximity or labels. It would invalidate the current state for bots targeting the site, but I'm wondering if it would really deter new ones.
The referer check comes with a lot of potential for collateral damage. Lots of things blank that header. I've seen corporate proxies that do that, along with a number of security and privacy services/extensions. It would stop bots coming in directly, but it also could stop legitimate traffic.
I'll definitely keep considering the possibilities. Thanks for the ideas!