1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XRumer discussion

Discussion in 'Off Topic' started by Rudy, Nov 27, 2012.

  1. tenants

    tenants Well-Known Member

    That's old school, user_agent is just a header (easily spoofed), they use quite a variation of user agents now... most come through faking there self as Mozilla:

    http://www.projecthoneypot.org/harvester_useragents.php?dt=7

    Out of the 5,000 bots I just checked via my access logs, none used the user_agent xpymep.exe

    Most bots I detected have user agents like:
    "Mozilla/5.0 (Windows NT 5.2; rv:12.0) Gecko/20100101 Firefox/12.0"
    "Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0"
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
    (these were confirmed bots ... making their selves appear as browsers)

    << Obviously don't ban these, you might find it reduces your bots... but you exclude quite a few humans too

    but it cant do any harm to give the other ones ago.
  2. vVv

    vVv Guest

    lol true though, but knocked wind from the sails at same time :p haha. i figured there was downfall to it, too good/easy to be true lol. :ROFLMAO: would be awesome to really know who and how they're accessing the site though and stop them that way.. >_<
  3. tenants

    tenants Well-Known Member

    user_agent isn't the route to go, it was once thought as a good route to block bots (foolishly, as lists of IP address currently are), but by blocking this route, you just ask them to spoof something that is easy to spoof.

    Anything that can be spoofed to avoid detection, will be spoofed (especially if it is commonly used for prevention)... there lies in the eventual downfall of IP based detection too (it is becoming common)
  4. vVv

    vVv Guest

    :( yeah, kinda like.. trying to block Proxy IP addresses, you can try blocking millions of them, but pointless because there will always be new proxies made anyway.. it's endless fight, and we're losing the battles.
  5. Jaxel

    Jaxel Well-Known Member

    The Q&A questions on my forums are all related to Soulcalibur... yet bots still get through them like crazy.
  6. whynot

    whynot Well-Known Member

    Change them often,only humans can go through.
    They will distribute them but they will be useless.
    Blue likes this.
  7. BamaStangGuy

    BamaStangGuy Well-Known Member

    Ya'll all seem to be coming up with some really wild things. KeyCaptcha has killed all the spam across my 21 forums. One plugin, one captcha. No one seems to be having a problem using it to register and KeyCaptcha is aware of xrumer and they stay on top of it.
    Dan likes this.
  8. tenants

    tenants Well-Known Member



    Welcome to the XRumer discussions, QA has been targeted so if you have a QA in place, it's only a matter of time until some one decides to add it to the TextCAPTCHA file (this could be seconds or weeks)

    see here
    It's now very easy for bot users to record your QA and share with everyone (they even held a competition recording over 70K QAs recently)

    I know at least one mod that kept mentioning their QA hadn't been broken... but unfortunately now it has

    You can keep changing your QA, but how frequently you do this is like playing a game of Russia roulette (you never know when some one has finished their round of automation and are about to start a new one)

    You can use a common CAPTCHA (rather like google ReCaptcha), but if it is common, it too is only a matter of time until it is solved (Google too are very aware of XRumer and seem to have a fair amount of funding)... these sorts of CAPTCHA will work and break in waves (ReCaptcha will work again one day)

    ... I do suggest, if you use CAPTCHA, use custom images (take a picture of something in your bedroom and add a question to it) ... this is always unique and hard to solve. CustomImgCaptcha is there for that (this method is not easy to targeted and very hard to solve with automation)

    But there are plenty of other CAPTCHA that are still working (since they are uncommon so not yet targeted, or have not been targeted/have only just started to be targeted)

    Other CAPTCHA:

    Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
    XF QapTcha (very human friendly, and uncommon)
    Are you Human(sp) (eng)
    KeyCaptcha
    Funny Img Catpcha (uses CustomImgCaptcha)
    WE FIGHT SPAM (can use CustomImgCaptcha)
    Solve Media
    8thos and vVv like this.
  9. Blue

    Blue Well-Known Member

    Works fine like that.
  10. HWS

    HWS Well-Known Member

    In our forum KeyCaptcha reduced the daily registrations by 20-25% and raised support tickets by 100%.
    People are simply not used to that kind of protection. We would have to add a large instruction block to it and even then many wouldn't read it. So we decided to install FoolBotHoneyPot. ;)
  11. BamaStangGuy

    BamaStangGuy Well-Known Member

    I guess if you can't work a puzzle I don't want you posting on my forum lol
    MattW, vVv and Brandon Sheley like this.
  12. MattW

    MattW Well-Known Member

    KeyCaptcha hasn't affected our genuine user registrations. I've rolled it out across all the forums I own (Xenforo and phpBB3), and also onto some Wordpress blogs I have. I've even just had them make it compatible with the shop software I use, OpenCart.
  13. Blue

    Blue Well-Known Member

    I have 40+ Q&As. Something that would be handy would be having the question the person answered when registering in their profile info that only the admin could see. That way you could see which question was figured out by the spammers and change it.
  14. Carlos

    Carlos Well-Known Member

    Just report it. :D
    vVv likes this.
  15. Carlos

    Carlos Well-Known Member

  16. vVv

    vVv Guest

    i did earlier when i wrote that haha.. xD just hoped a moderator be on to get it, but guess they haven't been on yet lol
  17. tenants

    tenants Well-Known Member

    You might be intrested, I now log user_agent for FoolBotHoneyPot (images on the bottom of this page):

    http://xenforo.com/community/resources/foolbothoneypot-spam-combat.1085/

    The XRumer bots are just about always faking this to look like a type of browser, I don't use it as a detection method since I've never seen a case where they don't fake this header.
    Brandon Sheley likes this.
  18. Digital Doctor

    Digital Doctor Well-Known Member

    Hello all
    XRumer 7.0.12 become too old now
    This version of program not effective at the moment

    Where I can download latest, actual version of XRumer?
    Thank you!

    P.S By the way, price of the XRumer after 5.01.2013 will grow up to $650...
    Therefore, if anybody want to resell this, write me on PM or Skype Mr.MarcusSug54

    ===
    saw this today. 7 must be a typo :)
  19. tenants

    tenants Well-Known Member

    I dont think it is a typo, they're just saying that version is now old

    XRumer 7.7.35 Elite (this is about 4 weeks old). There will probably be an update soon, but there is nothing on seobay / botmasterlabs about a new release yet.

    I suspect they will now be targeting the most common CATPCHA mechanism (that they aren't currently getting through) or just bug fixing
    The ability to make use of the StopFourmSpam public look up in core will possibly be used , so spammers can change ip/name/email on the fly, as they are detected (not just xblack.txt... which allows users to avoid contributors)
    Xrumer plugins worry me (updates all of the time) << Making this easier to do, could be an update?

    These are just guesses, but my "targeting QA" guess last time was correct. It's quite possible that the next release will just be bug fixes though

    I suspect next release is very soon, so we'll find out

Share This Page