Xortify 3.09 - Killer Ninja's After cache files edition
Community Release by Chronolabs Co-op

Download: xoops2.5_xortify_3.09.zip - 230Kb

For sometime I have been developing a honey pot solution to some human rights abuse we detected in the XOOPS website wells. This solution is called Xortify! Just for fortification of your site, we had a lot of posts start happening on the XOOPS forum about ‘captchas’ being beat by a bot but this was also with people with Recaptcha from Google that is fool proof. So in the research on the source of what was breeching the captcha’s to sign up most of the accounts on the site in a day, it was discovered that this was being done by hand through a form of slavery called Captcha Sweat Shops.

What is a captcha sweat shop? Well essentially it is someone either trafficked in slavery or paid less than $1.00 a day to sign up and record the username, password and URL in a database of a site, this is often happening in places like India, China, Brazil and other countries for a solution to breeching captcha technology for spamming and harvesting of a website. So this is when I started to work on an Open Source floating cloud solution for this problem. This is hosted at www.xortify.com which you can see form the users that are logging in an out is quiet busy, in fact the domain gets over 75 Million hits a month currently.

How does Xortify Work? Well there is a client for the cloud for XOOPS currently – This client talks to the cloud at xortify.com and shares particular user information over a secure username and password system, that provides intel from several honeypots on the web namely – Stop Forum Spam and Project Honeypot as well as maintaining a ban list itself on Xortify. This combination of not one but 3 honeypots, which is the ban list on xortify.com as well as the ban list on the other two mentioned prevents nearly 99% of maluser use of the site, preventing the persecution of data entry slaves in 3rd world and the less privileged countries.

If your interested in the internals of the program I have started documenting articles on it here is onhttp://seoandphp.wordpress.com/2012/08/12/why-use-a-captchas-when-you-can-xortify/

Nice explanation of honeypot solution Wishcraft!
IMO it is useful for high traffic websites.
but anyway this kind of blocking is not wise.
eg: My IP has been blocking by sfs and now i am banned in xoops.org and any other websites using global preventations.
IMO the only solution for it is adding an option to Xortify/Protector to exclude specific groups (eg: trusted group) for any action.
This way we can guarantee that trusted old members will not banned even when their IP has been banned by sfs and project honeypot.
i already sent this feature to tracker for protector.

Do not forget to update the new versions on xortify.com Simon, Xortify 3.05 is still the client version advertised over there... A pity as it might give visitors the impression they don't deal with a serious module.

Same issue with the theme/ layout of the Xortify site. The current blog style theme does not make a very serious impression. I would consider a theme recognizable as xoops.org alike.

In case you wish I would be glad to help you to maintain the Xortify site. I mean keeping it updated and trying to give it a professional look. Just let me know!

I am a little confused Simon.

I believe you use the services to produce a ban listing but a ban is far from a honeypot. You can use this ban list to send someone to a honey pot but in and of its self it is not one.

A honeypot is a place setup to direct a suspected hacker to. If done well the hacker will then be accessing a special site setup for them instead of the site they thought they were. The intent is that the hacker will spend their time hacking a worthless location while being tracked and identified. The hacker is generally given just enough to let them think their hacks are working and that they are where they think they are but in actuality it is a trap.

I am not sure how Xortify qualifies as a honeypot?

Not to take away from the fact this is a much needed piece of software but unless there are features I am unaware of this is a simple banning tool and has no true honeypot in it. Assuming this is the case please stop telling us it has honeypots if it doesn't. I realize it may seem like simple terminology but can be very misleading and/or confusing.