[TAC] Fool Bot Honey Pot [Paid] 3.0.32

[tenants]

Does this version require 1.1.4 or will it run on 1.1.3 as well?

Okay, I've now tested it on 1.1.3 and it works as suggested above

Works with 1.1.4, 1.1.3 (and possibly pre 1.1.3 .. untested)

 

[Despair]

If you try to register and get the captcha wrong, the name, email, and timezone are not repopulated.

Also it seems that no gender field is shown at all to the user, although not that I really care, I hid it myself previously too. Maybe some people still want it to be chosen on registration though.

 

[tenants]

- This sex is a silly template mistake (will fix, hiding the sex is something I do myself, but shouldn't be in the template)

- The CAPTCHA / Form resetting is a bit more complicated

Okay, so whats going on here:

1) A user fills in all the fields correctly (except the CATPCHA), and doesn't fill any hidden fileds since its not a bot...

Since this isn't a bot, we set _POST['emai'l], _POST['username'] etc back to "normal" so that the parent php can use them

2) So now the parent actionRegister is called
3) The parent actionRegister checks the CAPTCHA and finds an incorrect value.
4) It send $fields, $errors to the _getRegisterFormResponse

But, since $fields in the parent actionRegister doesn't look for the uuids... it's not setting them!

We can't really use the values from _POST['emai'l], _POST[username] etc, since if a bot filled these honey pots, on the 2nd attempt, we would be making it easy for them by auto-correcting, and matching POST to the uuid

However, we should still be able to get these values..

We just simply look at the other _POST values for the uuids and use these in out child _getRegisterFormResponse (instead of using the field values that are sent via _getRegisterFormResponse($fields, $errors); )

I'm just testing a fix now

 

[tenants]

tenants updated FoolBotHoneyPot Bot Killer: Spam Combat with a new update entry:

FoolBotHoneyPot - Fixes: sex & repopulation

• Fixed issue with Sex not being displayed on the registration form
• Fixed issue with form not repopulating when CAPTCHA is not correct

Read the rest of this update entry...

 

[Despair]

Thanks for the quick fixes as usual.

So the registration timer will be removed from this addon in a future version. There is one advantage your timer has that the official one doesn't though. That is, it doesn't restart the timer resulting in the user waiting again if the user messed up a field and can now quickly resend the form. Posted about that here: http://xenforo.com/community/thread...nts-for-registration.45829/page-7#post-506926 I have a feeling XF won't change that...

Any chance of making an option to not restart the timer on a failed submission? Although I'm not sure if this feature should belong in this addon after removing the timer... it does help in making the registration process more elegant though.

 

[tenants]

I can keep it in, there's no benefit of removing it if users prefer it.

To turn off the FBHP timer, it simply needs to be set to 0 seconds (This stops the validation, but still logs the registration time)
You should be able to turn off the core timer (to stop the restart of the the timer for failed submission) by also setting the timer value to 0

 

[Despair]

I can keep it in, there's no benefit of removing it if users prefer it.

I'm not against removing the timer in this addon, in fact I probably would agree with you removing it, since it would clean up a lot of the code, phrases, and even one less db table. I think it's better to just find a way to have the core timer not restart. If you can't I don't think it's a big deal, the timer not restarting is something really minor.

Speaking of minor, I just noticed something extremely minor. If you disable JS and try to register, the default timezone you chose in the ACP is not selected.

 

[Despair]

So I took a look at the code, just to see if it was easy to not restart the timer, and I think it is quite easy. I only did some minor testing, but it seems to work okay (you may want to test it a little more if you decide to add this).

In _getRegisterFormResponse, before you call the parent add:

$registerTime = XenForo_Application::getSession()->get('registrationTime');

Now, after you've called the parent:

if ($registerTime)
{
XenForo_Application::getSession()->set('registrationTime', $registerTime);
if (($registerTime + $options->registrationTimer) < time())
{
$params['noTimer'] = 1;
}
}

Then in the template where it runs the JS function with the condition <xen:if is="{$xenOptions.registrationTimer}>, just change it to check if the custom noTimer param is set or not, so: <xen:if is="{$xenOptions.registrationTimer} AND !{$noTimer}">. You also need to do this when it sets the timerHtml: <xen:set var="$timerHtml"><xen:if is="{$xenOptions.registrationTimer} AND !{$noTimer}">. Or you could just do a display: none on the timer, even if its actually still ticking it won't have any effect.

I think doing these little code changes would be better than keeping all the code required for your timer. In the case that someone actually wants the timer restart, then maybe you could set an option for this. Well in the end it's up to you whether you want to remove your timer or not.

 

[tenants]

One of the advantages of keeping the timer in, is that it gives confidence to the FoolBotHoneyPot Logs (It's nice to see the bots in the FBHP logs and easily compare how long they took to registers, it's fairly rare that they take over 15 seconds, but every now and then one takes 30-60 seconds)

I'm also suspecting that now the timer is in the core, it won't be long until bots start script pausing. It would be nice to see in the FBHP logs exactly when this happens

Removing the timer won't make a significant difference to the speed of registration (not using multiple APIs will), but it will make it a bit tidier

I'm still weighing it up

 

[Despair]

One of the advantages of keeping the timer in, is that it gives confidence to the FoolBotHoneyPot Logs (It's nice to see the bots in the FBHP logs and easily compare how long they took to registers, it's fairly rare that they take over 15 seconds, but every now and then one takes 30-60 seconds)

I'm also suspecting that now the timer is in the core, it won't be long until bots start script pausing. It would be nice to see in the FBHP logs exactly when this happens

Hmm, if you do like I did above and keep setting back the original registration time to the session then you can probably still maintain the original time for recording. This would mean you would no longer be able to make it an option to not restart the timer, although this was never an option in this addon before anyways. You could probably also just set your own separate timestamp in the session as well to avoid that if you really wanted to set it as an option, or am I missing something?

Removing the timer won't make a significant difference to the speed of registration (not using multiple APIs will), but it will make it a bit tidier

I'm still weighing it up

Yea... I might be weird, but I just love it when I can reduce the amount of code necessary.

 

[Despair]

Oh btw, I was creating my own template to reformat the data so it's easier for me to quickly glance at it and noticed that you created your own page nav template. Not sure if you knew, but there is a pagenav tag to easily generate that html. For example, you could just use:
<xen:adminpagenav page="{$currentPage}" perpage="{$perPage}" total="{$total}" link="{$linkType}" linkparams="{$linkParams}" />
And you probably wouldn't need your page nav template as well as a lot of those extra params. Or maybe there was a reason for creating your own page nav?

 

[tenants]

ah...
Possibly something to do with using the filter + nav, but I've since been using <xen:adminpagenav in other areas and using a custom filter (To be honest, I haven't looked at that template in a while)

I may not have known how to use it with linkParams at the time.

Thanks, I should probably get around to tidying that up

 

[Case]

Anyone noticed an increase in the time taken to register by bots recently? Definitely getting more that take longer now.

Reaction to the recent registration timer update in 1.1.4?

 

[tenants]

I haven't seen a new release of XRumer to accommodate script pausing on registration yet (I would expect it to come in this or the next release, and we're about due a new XRumer release)...

A new version of XRumer is usually released every 1-2 months, and they last released one mid Jan March 2013:
botmasterlabs.net/events/
7.7.42 was release on 19th March (which isn't mentioned above)

7.7.42 was mostly about making it easy to create Hotmail accounts and beat more versions of CAPTCHA


It could be a strange coincidence, but I've seen quite a lot of bots now taking longer

Some of them always use to take a while due to slow proxies / slow server response, but there is a bigger number now

The only explanation I can think of right now, is that botters are using their more successful proxies, and these proxies happen to be the slower ones



The ftjply043+tuya001 botter has more than 15 thousand proxies (and they are the ones I know about)... some botters are very serious!

 

[Mouth]

Suggestion for the next version: Add to the log filter to be able to show allowed registrations only.

Ignore. Have realised that the 'no_altered_hidden_fields' filter effectively does exactly this.

 

[MattW]

Had an alert last night from my server at the load went through the roof!



First thing I checked was the spam logs. I've got 4505 registrations attempts from the same e-mail address "enosdgpy @ hotmail. com" from IP address 58.22.155.218

 

[Mouth]

Had an alert last night from my server at the load went through the roof!
First thing I checked was the spam logs. I've got 4505 registrations attempts from the same e-mail address "enosdgpy @ hotmail. com" from IP address 58.22.155.218

Sounds like you need to activate rate limiting per IP address on your web server

 

[MattW]

I already have, but this wasn't picked up.

This is a snip from CSF alert showing apache processes

6-9    10759    0/16/5885    W    0.67    2    0    0.0    0.01    58.19    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
7-9    -    0/0/4994    .    0.49    35    0    0.0    0.00    38.24    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
8-9    10836    1/9/4917    W    0.72    5    0    0.0    0.00    34.81    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
9-9    10837    9/10/4372    W    0.67    8    0    0.0    0.00    38.44    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
10-9    -    0/0/5175    .    3.33    30    351    0.0    0.00    43.61    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
11-9    10838    1/7/4476    W    0.51    5    0    0.0    0.00    30.76    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
12-9    8966    1/153/4053    W    3.38    5    0    0.0    0.56    33.02    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
13-9    10839    1/9/3108    W    0.63    4    0    0.0    0.00    37.68    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
14-9    -    0/0/3450    .    0.23    38    0    0.0    0.00    20.69    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
15-9    10841    0/9/3301    _    0.59    5    4713    0.0    0.00    30.72    58.22.155.218    z22se.co.uk    NULL
16-9    10863    1/8/2780    W    0.57    5    0    0.0    0.00    24.64    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
17-9    9039    1/141/2308    W    3.90    5    0    0.0    0.68    21.22    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
18-9    10864    7/7/1460    W    0.55    8    0    0.0    0.00    12.48    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
19-9    10865    1/9/1210    W    0.43    5    0    0.0    0.00    10.34    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
20-9    10866    1/9/1266    W    0.52    5    0    0.0    0.03    10.86    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
21-9    10867    0/8/1410    _    0.48    2    7923    0.0    0.00    11.90    58.22.155.218    z22se.co.uk    NULL
22-9    -    0/0/703    .    3.58    29    0    0.0    0.00    2.47    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
23-9    10868    1/9/974    W    0.38    3    0    0.0    0.00    4.58    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
24-9    10869    7/9/265    W    0.63    6    0    0.0    0.00    2.18    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
25-9    10870    1/9/500    W    0.57    6    0    0.0    0.01    2.95    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
26-9    10876    3/8/512    W    0.56    1    0    0.0    0.00    3.01    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
27-9    10877    0/9/432    _    0.61    3    0    0.0    0.00    2.77    66.249.78.21    z22se.co.uk    GET /forum/find-new/1096396/threads?page=3 HTTP/1.1
28-9    10878    6/7/354    W    0.55    4    0    0.0    0.00    4.51    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
29-9    10879    1/7/579    W    0.55    6    0    0.0    0.00    4.17    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
30-9    10880    1/7/505    W    0.54    5    0    0.0    0.00    3.74    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
31-9    10881    4/8/201    W    0.55    6    0    0.0    0.00    0.79    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
32-9    -    0/0/127    .    0.35    3    0    0.0    0.00    0.96    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
33-9    10883    1/9/79    W    0.44    5    0    0.0    0.00    0.81    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
34-9    -    0/0/252    .    0.37    13    0    0.0    0.00    0.88    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
35-9    -    0/0/615    .    0.26    27    0    0.0    0.00    3.11    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
36-9    10886    0/7/40    W    0.49    4    0    0.0    0.00    0.15    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
37-9    10887    2/6/208    W    0.38    4    0    0.0    0.00    0.83    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
38-9    -    0/0/27    .    0.16    32    0    0.0    0.00    0.34    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
39-9    10889    2/6/709    W    0.37    6    0    0.0    0.00    3.03    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
40-9    -    0/0/136    .    0.25    33    0    0.0    0.00    1.10    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
41-9    10891    1/7/30    W    0.46    6    0    0.0    0.00    0.16    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
42-9    10902    0/6/149    W    0.37    5    0    0.0    0.00    0.93    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
43-9    10911    0/8/35    W    0.35    5    0    0.0    0.00    0.38    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
44-9    10912    2/8/29    W    0.47    1    0    0.0    0.00    0.43    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
45-9    10961    6/8/126    K    0.11    4    13    0.0    0.00    0.79    146.90.202.248    moto-scat.com    POST /forum/chat.php HTTP/1.1
46-9    10915    1/7/28    W    0.66    2    0    0.0    0.00    0.20    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
47-9    -    0/0/22    .    0.23    26    0    0.0    0.00    0.34    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
48-9    10917    2/6/29    W    0.46    5    0    0.0    0.00    0.19    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
49-9    10918    0/6/17    W    0.48    4    0    0.0    0.00    0.04    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
50-9    10919    1/7/19    W    0.48    6    0    0.0    0.03    0.19    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
51-9    10920    3/7/30    W    0.39    3    0    0.0    0.00    0.26    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
52-9    10921    1/7/77    W    0.41    5    0    0.0    0.00    0.42    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
53-9    -    0/0/30    .    0.25    37    0    0.0    0.00    0.35    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
54-9    10923    6/6/16    W    0.45    7    0    0.0    0.00    0.09    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
55-9    10924    6/7/73    W    0.41    6    0    0.0    0.00    0.63    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
56-9    -    0/0/30    .    0.30    45    0    0.0    0.00    0.22    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
57-9    10949    3/7/107    W    0.38    4    0    0.0    0.00    0.59    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
58-9    10962    0/6/18    W    0.36    0    0    0.0    0.00    0.07    127.0.0.1    vps.z22se.com    GET /whm-server-status HTTP/1.1
59-9    -    0/0/11    .    0.04    51    0    0.0    0.00    0.08    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
60-9    10968    0/7/56    _    0.60    1    1786    0.0    0.00    0.39    66.249.78.21    z22se.co.uk    GET /find-new/1096396/threads?page=3 HTTP/1.1
61-9    10969    5/5/124    W    0.47    4    0    0.0    0.00    4.44    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
62-9    -    0/0/69    .    0.00    42    0    0.0    0.00    0.38    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
63-9    10972    3/6/11    W    0.40    5    0    0.0    0.00    0.00    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1
64-9    10973    4/6/12    W    0.29    6    0    0.0    0.00    0.02    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
65-9    -    0/0/8    .    0.16    24    0    0.0    0.00    0.00    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
66-9    -    0/0/5    .    0.04    41    0    0.0    0.00    0.03    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
67-9    -    0/0/6    .    0.05    40    0    0.0    0.00    0.01    127.0.0.1    vps.z22se.com    OPTIONS * HTTP/1.0
68-9    10977    0/6/36    W    0.26    4    0    0.0    0.01    0.02    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
69-9    10978    2/5/22    W    0.29    2    0    0.0    0.00    0.00    58.22.155.218    z22se.co.uk    GET /register/ HTTP/1.1
70-9    10979    1/5/8    W    0.32    5    0    0.0    0.00    0.01    58.22.155.218    z22se.co.uk    POST /register/register HTTP/1.1

 

[tenants]

I take it that after ~5000 attempts, they still didn't get passed FBPH?

That's a fairly large number of attempts. Some bots try 5-100 times to attempt to brute force the CAPTCHA, 4500 is quite a lot... this is affectively using XRumer to DOS attack (even if it is by accident).
What's the 2nd row (this is just an id isn't it?), can you pull out the timestamp, including seconds?

 

[MattW]

These are the column headers:

SrvPIDAccMCPUSSReqConnChildSlotClientVHostRequest

This is a snip from the registration logs showing the time taken:

|              1842 |
|              1839 |
|              1844 |
|              1848 |
|              1847 |
|              1850 |
|              1844 |
|              1843 |
|              1849 |
|              1842 |
|              1844 |
|              1844 |
|              1846 |
|              1849 |
|              1854 |
|              1847 |
|              1849 |
|              1845 |
|              1844 |
|              1853 |
|              1845 |
|              1855 |
|              1857 |
|              1850 |
|              1858 |
|              1855 |
|              1855 |
|              1852 |
|              1858 |
|              1851 |
|              1859 |
|              1848 |
|              1853 |
|              1858 |
|              1851 |
|              1866 |
|              1864 |
|              1862 |
|              1856 |
|              1857 |
|              1867 |
|              1860 |
|              1858 |
|              1857 |
|              1867 |
|              1859 |
|              1866 |
|              1859 |
|              1861 |
|              1867 |
|              1870 |
|              1871 |
|              1873 |
|              1871 |
|              1872 |
|              1866 |
|              1870 |
|              1874 |
|              1876 |
|              1865 |
|              1866 |
|              1867 |
|              1867 |
|              1869 |
|              1876 |
|              1867 |
|              1869 |
|              1877 |
|              1878 |
|              1868 |
|              1878 |
|              1873 |
|              1882 |
|              1882 |
|              1873 |
|              1879 |
|              1874 |
|              1884 |
|              1874 |
|              1876 |
|              1883 |
|              1881 |
|              1887 |
|              1881 |
|              1879 |
|              1879 |
|              1889 |
|              1890 |
|              1889 |
|              1883 |
|              1893 |
|              1884 |
|              1892 |
|              1890 |
|              1895 |
|              1896 |
|              1886 |
|              1888 |
|              1894 |
|              1887 |
|              1886 |
|              1888 |
|              1897 |
|              1898 |
|              1890 |
|              1898 |
|              1890 |
|              1901 |
|              1892 |
|              1902 |
|              1894 |
|              1901 |
|              1899 |
|              1897 |
|              1894 |
|              1896 |
|              1907 |
|              1910 |
|              1903 |
|              1902 |
|              1910 |
|              1912 |
|              1908 |
|              1902 |
|              1901 |
|              1913 |
|              1904 |
|              1905 |
|              1908 |
|              1907 |
|              1909 |
|              1916 |
|              1917 |
|              1919 |
|              1919 |
|              1910 |
|              1909 |
|              1917 |
|              1911 |
|              1910 |
|              1914 |
|              1916 |
|              1914 |
|              1925 |
|              1925 |
|              1923 |
|              1918 |
|              1917 |
|              1926 |
|              1918 |
|              1926 |
|              1917 |
|              1931 |
|              1930 |
|              1941 |
|              1931 |
|              1939 |
|              1942 |
|              1936 |
|              1935 |
|              1946 |
|              1941 |
|              1951 |
|              1942 |
|              1946 |
|              1963 |
|              1968 |
+-------------------+
4505 rows in set (0.01 sec)

If you want to see any more, I can dump the table and send you a copy?