91
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/24 12:37

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Update, using text mode I had 21 registrations out of 120 registration attempts.

SUCCESS ONES:
- Time between showing form and submiting form on this registrations is between 30s and 60s
- Some don't have HTTP_REFERRER

FAILED ONES:
- Time bettween showing form and submiting is between 1s and 3s.
- Usually have HTTP_REFERRER

Will test asirra now.


92
redheadedrod
Re: Mass user registrations.... bots perhaps? Anyone else getting these?

Have you tried a math "captcha" or any sort of "intelligent response" type challenge?

I have some ideas that should work but I want to do a total rewrite of the profile module and at that point add support for a series of different things that should make bot registration next to impossible.

I think things like hidden fields and some of the other suggestions are things that won't work long term as the bot writers can detect those and program for them.

I want to do things like randomize field names, force intelligent challenges, use pictures and colors instead of words for labels on fields.. One cool trick would be to have lets say your "name" field... You have a graphic label that asks for the name, then the field name is actually "Date". Then when validating you check that field to see if there is a date in it and if there is then you call it a bot and ignore it.

Or populating the whole document with names that are incremented generic names with blank labels and then populate them with javascript after the fact. Or even populating them with random labels and then going back with Javascript and changing the labels to be what they are supposed to be, keep track of the labels used, and then check them to see if the randomized or the correct structure was followed.

But then again those things require a rewrite of the profile module...

Rodney

93
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/24 14:48

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I'm also testing a preload for http://www.stopforumspam.com/

If it is good, it can be added to profile module to check registrations or into protector to cover all posts as an aditional antispam measure.

94
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/24 15:27

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I've got my first spammer registration using asirra. I can tell by the time taken to fill the form that we had human interaction to solve the captcha.
However, stopforumspam preload reported the following:
array (
'success' => 1,
'username' => 
array (
'frequency' => 0,
'appears' => 0,
),
'email' => 
array (
'lastseen' => '2011-09-21 21:48:25',
'frequency' => 2,
'appears' => 1,
),
'ip' => 
array (
'frequency' => 0,
'appears' => 0,
),
)


The email address was dirty!

I think captcha alone will not solve fake registrations and that using external databases to check IPs, Emails, and Usernames might be the best approach.

95
Dante7237
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 0:14

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


I have the 2 part registration going on, and a pretty good .htaccess on my domain. xoops install is in a sub-directory with a different .htaccess

I have had several partial bot registrations , but none actually validated due to bad email addresses, or not filling out the second form.

It's an endless line of them daily making the attempt, and as of yet have had 0 spam posts in 1 1/2 years. (My directory structure confuses a lot of them)

Trabis is correct, but I'd caution against linking any "cloud" services into the basic profile module. I'm still not sold on cloud security.

StopForumSpam is THE resource as far as this stuff goes, and any ability to match to their database would be a great thing.
The more I know, the more I know that I really didn't wanna know.

96
Dante7237
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 1:56

  • Dante7237

  • Friend of XOOPS

  • Posts: 294

  • Since: 2008/5/28


Well shux, I just checked my registration and my recaptcha is broke. hehehehe
I just installed it a month or so ago..

So take my word for it with a tiny bit of salt.


*update*
25 sept
I fixed the recaptcha.
The more I know, the more I know that I really didn't wanna know.

97
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 12:20

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


From what I'm seeing, captcha(if not cracked by ocr) will help you against bots, but when bots fail, human are called to solve the captchas.

And so far so good. 30 registration attempts failed when using stopforumspam. I'm not banning the spammers, I just empty $_POST to give them a little frustration.

My only problem is having a user complaining that his IP is banned by stopforumspam, stopforumspam bans duration is 1 year. I need to make a whitelist for safe IPS.

98
trabis
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 17:18

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


I've added stopforumspam into protector. It had no registration since I'm using it.

Sadly, one of my emails was listed as spam 6 months ago. I don't remember how that happened! I wont be able to register with it until the ban expires :)

99
barryc
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 17:31

  • barryc

  • Just can't stay away

  • Posts: 480

  • Since: 2004/3/20


trabis,

could you write up how you added stopforumspam into Protector?

Personally, I'm still not getting spam registrations using the two step registration and the referrer hacks. I suspect, however, that it might depend on which particular spammers are targeting one's site. I would not be surprised if I started to get spam again in the future.

Anyway, it would be good to have the method on record.

barryC

100
Peekay
Re: Mass user registrations.... bots perhaps? Anyone else getting these?
  • 2011/9/25 17:35

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:

barryc wrote:

Personally, I'm still not getting spam registrations using the two step registration and the referrer hacks.

That's good news, especially as you were getting a lot of robot registrations. Thx for the feedback.

@Trabis
As you are discovering, any method that bans IPs carries with it the risk of excluding innocent people from your site. My company is listed as a spammer with one agency and depite several requests the record has still not been changed. The spam report is completely innacurate.

I could easily report Xoops.org as the source of spam to these online agencies and very few (if any) checks are made to validate that the claim is accurate.

Making register.php bullet-proof by ensuring that 1) data input originates from the site and 2) validation emails are received from valid email addresses is the only solution IMHO.
A thread is for life. Not just for Christmas.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

61 user(s) are online (29 user(s) are browsing Support Forums)


Members: 0


Guests: 61


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits