1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FoolBotHoneyPot Bot Killer: Spam Combat 3.0.27

Stop bots registering using elegant methods that do not bother humans

  1. tenants
    Compatible XF Versions:
    • 1.4
    • 1.5
    Visible Branding:
    No
    Is now compatible with XF 1.4, XF 1.5 and above and has multiple new methods for catching the new types of spam bots started in 2017

    (for more info about the new types of bots, see: new version of xrumer (and GSA) passing core honey pots)

    If you like this plugin, please>>rate it<<
    Currently Stops 100% of bots registering via the registration form

    - Bots will not be able to register via the registration form once installed, if you think even 1 bot does, please read this

    This is included in Both

    i) Free (Branded) Tac Anti Spam Collection
    ii) Paid (unbranded) Tac Anti Spam Collection

    Stop bots from registering with elegant methods that do not bother humans (these mechanims are described in more detail below):
    • Various types of hidden honey pot traps (and other types of honey pots that are not hidden fields)
    • StopBotters API request to detect known Bots (optional and logged)
    • JavaScript Detection (optional and logged)
    • Dynamically ordered registration fields
    • Registration Field names which are different for every session
    • Basic Proxy Detection (logged)
    • User Agent (logged)
    • Browser Plugin Detection(logged)
    • Spam Bot Server Resource Reduction (new) - (reduce spam bots: querying, downloading data, using cpu)

    In addition, we now have 3 secret ingredients methods to catch the new wave of bots that bypass classical honeypots and APIs :

    • Detected as Non Browser Bot
    • Detected as Browser Bot
    • Detected as Semi Automation
    - The methods for these will not be discussed, they just simply detect the type of bot!


    • Works with the Free Plugin AnyApi (designed for this add-on, but can be used as a stand alone), so any api you want can be added to prevent registration:

    i) Project Honey Pot Http:BL
    ii) Stop Forum Spam
    iii) FSpamlist
    iv) Bot Scout
    v) Spam Busted
    vi) up to 10 APIs defined by you
    Note: even without AnyApi, this plugin currently blocks 100% of bots

    Works brilliantly on its own, but can also be used in combination with :

    • AnyApi (Use any API you want, to prevent spam bots / spam humans from registering)
    • StopHumanSpam (Stops human creating links / sigs / banned content, it also check for "sneaky broken links")
    • StopCountrySpam (to reduce spam from particular countries bot/human),
    • CustomImgCaptcha (as a second wave fallback mechanism),
    • DeDos (to reduce the amount or resources spam bots use)
    [CustomImgCaptchais free and recomended with this plug-in, since FoolBotHoneyPot will also unlock some of CustomImgCaptchas features]

    Many Forum Spam Bots such as Xrumer, are incredibly "intelligent", and solve almost all common CAPTCHA mechanisms. Not only can they solve many CAPTCHA images, but they can also solve common question / answers and logical problems

    Often, regardless of how good the anti-bot mechanism of a particular forum software is, if it's too common then it becomes a target to break.
    Customisations and variations of plug-ins can often help stop the vast majority of Forum Bots from registering

    These mechanisms are particularly nice anti-bot mechanisms, since they have no negative impact on users (compared to some very complicated CAPTCHA)

    1) The Honey Pot Mechanism
    • XRumer and many other bots will often try to register by sending a request directly to the registration form (carrying over the session cookie). In order to populate the form, the bots will use fields names, text is then injected into the field values containing that name (this process is written into a script / used by a standard script against XenForo registration), these field names will often be standard field names such as name = "name", name = email, name=password.. etc
    • With the Honey Pot Mechanism, these fields still exist but are hidden (from humans). A bot will automatically fill these fields, but by doing so the bot has been fooled by the "honey pot" and is subsequently prevented from registering
    • Additionally, XRumer bot users will sometimes write the script so that all form fields are populated, this will of course be caught by the standard honey pots, additionally there are multiple other hidden trick fields that will catch these bots, and these fields are named with uuids that are created on the fly for each session
    2) The Form Customisation Mechanism
    • As mentioned above, XRumer and many other bots will try to inject information into forms by using fields names that it knows (name=email, name=password)
    • With the customisation mechanism, each of the valid field names (the fields that a user can see) are now uniquely named, and new names are created for each session.
    • Since the bot will not know which fields names are which (for instance which is the email and which is the password_confirm) it makes it incredibly difficult for the bot to know how to populate the form correctly, once again preventing the bot from registering
    3) The Form Field Randomisation Mechanism
    • For those bots that do not use fields names, but simply populate the form according to form index order, this is an addition mechanism to trip them up
    • By randomising the field order , it makes it incredibly hard to populate a form according to index number.
    • The fields are randomised every time the registration page is loaded/refreshed
    4) The Dynamic Registration URL (Param & Val Randomisation)
    • Although this is fairly rare, some bots that target forum software do not always post data where the form tells them to, but POST data to where they expect the core to be located. For instance, the core data will always usually be posted to yoursite.com/register/register
    • By Adding a URL param and value and only accepting the data posted to yoursite.com/register/register&xxx=yyy, we can stop these type of bot attempts (this acts like an extra hidden field).
    • Both the Param and Values are UUIDs that change with every session attempt, making the URL effectively dynamic
    5) StopBotters (Optional) Detection Mechanism
    • Stops A high percentage of known bots using an API request.
    • Known bots are detected via IP address / Email Address / Username.
    • The underlying StopBotters mechanism is confidential
    6) The (Optional) JavaScript Detection Mechanism
    • This registration prevention method is optional (defined in the ACP)
    • As you probably know, many bots are simply applications running scripts, they do not have their own JavaScript version, they simply fake what they can.
    • This method detects the availability of JavaScript by sending an Ajax request at the time of registration.
    • If no Ajax request is made, then the browser does not have JavaScript enabled (and has a high potential of being a bot).
    • This information is logged for bots, but there is also the option (in the ACP) to not allow users that do not have JavaScript Enabled to register.
    • If a genuine user attempts to register without JavaScript enabled, they are presented with an error asking them to enable JavaScript.
    • At the time of writing this, approximately 98% of users have JavaScript enabled by default (and it's even higher in certain countries)
    7) Basic Proxy Detection
    • This has not been used as a preventative mechanism for this plug-in, but for each bot that fails registration, this information is logged. There are many ways of detecting proxies, but none of them are full proof. One mechanism is to detect open ports (some times know as scanning back). However, this is time consuming (can take between 1-3 seconds or longer for each port), since bots can use any port ranging from 0 to 65535, and will often use rare / non standard ports, this type of detection has not been used.
    • Instead the headers have been checked for known proxy variables (this catches mainly transparent proxies)
    • Additionally, proxies are detected with a ReverseDNS Look up (catches some anon/high_anon proxies)
    • Additionally, proxies are detected by comparing the ReverseDNS IP address to the hostname for that IP address. (catches some anon/high_anon proxies)
    • After testing this, approximately 70% of bots were found to be using proxies that were easy to detect using these proxy detection mechanisms (so this may be added as an optional preventative mechanism)
    8) User Agent Detection
    This has not been used as a preventative mechanism for this plug-in, but for each bot that fails registration, this information is logged. Patterns of user_agent can give you more confidence that the bot detection is valid, but for a long time now, many bots fake the user_agent header to appear as if they are browsers

    9) Browser Plugin Detection
    This has not been used as a preventative mechanism for this plug-in, but for each bot that fails registration, this information is logged. Users will often have JavaScript enabled (bots will often not). By having JavaScipt enabled, it is then possible to detect which plug-ins the browser supports

    10) AnyApi
    More and more APIs are becoming avialiable, this allows you to choose the approriate ones.

    The AnyApi plugin is a free plugin designed to work hand in hand with FoolBotHoneyPot (AnyApi can work as a free stand alone). By Default, it is set up with the following APIs:
    • Project Honey Pot Http:BL
    • Stop Forum Spam
    • FSpamlist
    • Bot Scout
    • Spam Busted
    But the way it is designed makes it possible for you to add Any API of your choice (even future APIs).

    11) Server Resource Reduction

    Now there is an option so that spam bots that attempt to hit your forum multiple times, and do it so many times it causes server limit issues, these bots hit a low query and low byte page. The entire core forum can benefit from a reduced server usage from spam bots that attempt to hit your site many times (these spam bots ips are cached locally for x minutes, they are only cached if they have attempted to register, altered many hidden fields and done this within seconds and also have no JavaScript! so there is no doubt these are spam bots)


    Admin Logs:

    AnyApiFbhpIntergration2.png

    FurtherDetail1.png

    Installation:
    (note, if the forum tells you that it is closed from registering, it is likely I have prevented your country from registering with StopCountrySpam, let me know if this is the case via PM/Conversation)
    When you account upgrade at SurreyForum the plugin is immediately available to download (as an attachment in the first post), this is automated.
    • Unzip the file
    • Upload this folder into the library folder of your XenForo root
    You should now have the following folder structure:
    http:// www. yourforum.com/library/Tac/FoolBotHoneyPot
    • Go to ACP -> Add-ons -> Install Add-on -> Install from file on server
    • Install from file on server: " library/Tac/FoolBotHoneyPot/addon-FoolBotHoneyPot.xml"
    • Set options in the administration control panel ACP>>Home>>Options>>FoolBotHoneyPot

    Upgrade:

    1. Unzip the following zip file, and copy over the original files with the new versions (just copy over the entire FoolBotHoneyPot Folder)

    2. From within the Admin Control Panel: yourforum/admin.php?add-ons/
    find the FoolBotHoneyPot, and select the options
    Control >> Upgrade

    3. Upgrade from file on server: library/Tac/FoolBotHoneyPot/addon-FoolBotHoneyPot.xml

    Notes:
    • 1 payment for this add-on covers one install on one forum
    • Do not use this add-on on warez or illegial sites, doing so may prevent you from using this add-on and you will not be allowed further updates / other plug-in resources
    • If you have not paid for this add on, please do not use it on your forum, doing so may prevent this add-on from working

Recent Reviews

  1. Crunkle
    Crunkle
    5/5,
    Version: 3.0.23
    Very pleased - tested on Internet Explorer, Edge, Firefox & Chrome. All working perfectly and haven't had a single bot in weeks!
  2. MattW
    MattW
    5/5,
    Version: 3.0.01
    I'm SOOOO pleased this has been updated and development is back on the cards again. 100% the most critical addon for my site.
  3. Toxic
    Toxic
    5/5,
    Version: 3.0.01
    Thanks for the new Update tenants to support the newer version of xenForo.

    Keep up the great work and once again Thank You!
  4. rainmotorsports
    rainmotorsports
    5/5,
    Version: 2.4.05
    Prior to 1.4 this was an essential plugin. Most of us would like to see its functionality continue to live on. But it remains some of the best money I have spent in regards to Xenforo. I needed nothing but this plugin and the core features to keep spammers at bay.
    1. tenants
      Author's Response
      The work now continues, since xrumer have started to target the cores type of honeypots. Updated for xf1.4 and xf1.5
  5. resonansER
    resonansER
    5/5,
    Version: 2.4.05
    Thank you so much, tenants! Really very useful plagin! Must have!
  6. kontrabass
    kontrabass
    5/5,
    Version: 2.4.03
    Kudos on the active development and staying one step ahead of the bots.
  7. Brent W
    Brent W
    5/5,
    Version: 2.4.0
    Thanks again for keeping this updated. This saves a lot of time for our moderator team.
  8. kontrabass
    kontrabass
    5/5,
    Version: 2.4.0
    I seriously can't live without this addon.
  9. shawn
    shawn
    5/5,
    Version: 2.3.06
    Great add-on. Thanks, tenants.
  10. Tracy Perry
    Tracy Perry
    5/5,
    Version: 2.2.22
    Don't want spam with that? Then this is THE utility to stop the bots at the front door. Author provides great support and is very responsive to feedback. You can't go wrong (but I'd suggest getting the full package of all his utilities).