[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot 3.0.32

No permission to buy ($29.00)
Minor Fixes:

- about 1 out of every 100 IP addresses were not getting logged, this should now be fixed
- core hp_user name was not getting logged correctly, this is now fixed

- Nothing major, it works, these are just logging related fixes
  • Like
Reactions: Gonanda

I've added some extra alternative honey pot mechanisms in
I've added honey pots that specifically detect browser based bots
I've added honey pots that specifically detect non browser based bots (so these two alone should catch 100%)

I've also updated it so it works with xf 1.4.x -> xf 1.5.x

This will prevent the new wave of Xrumer and GSA that detect classical core honeypots, that bypass the registration timer, that have clean IP's thus bypass APIs

- This type of honeypot simply distinguishes between browsers and non browsers
- couple of minor bug fixes (stopobotters api - issue when no email/username sent, fixed)
  • Like
Reactions: Gonanda
I've reintroduced this addon for xenforo 5, getting ready for the xf2.0 release
  • Like
Reactions: Gonanda
  • Fixed an issue in EI related to fake z-index of real fields not showing
  • We now use caching mechanism (similar to DeDos) and do not need to use _preDispatch, since we check the cache earlier with init_dependencies
  • We now list all of the locked out ip addresses (similar to DeDos)
  • Like
Reactions: Gonanda and MattW
  • Fixed and issue with KeyCapthca not working
  • APIs from anyAPI were not getting recorded in the stats
  • Invalid DOB in 2 steps mechanisms are now validated correctly
  • Like
Reactions: Gonanda
  • Added 4 more types of hidden fields (none can be tabbed into)
  • Opacity Hidden
  • Z Index Hidden
  • Left Off Page Hidden
  • Right Off Page Hidden
  • For these new types, I also use uuids for class selectors (so a bot can't just read the class names to identify if something is hidden, it will need to use a JavaScript engine and work it out)
  • Like
Reactions: Gonanda
  • Added options to turn off the CAPTCHA for registration (but keep it for all other areas)
  • Added options to hide the timezone option (reducing the number of fields on the registration page)
  • Added RecentActivity and Members to the areas protected by the cache (since these seem to be significant areas also hit and spam bots)
  • Also now update the cache time on bot re-attempts (so the ip doesn't suddenly become un-cached even though the bot is continuously hitting the forum)
  • Added dynamic spacers for rare bots that attempt to auto-fill based on know form positions (I believe it's unlikely most forums will experience these)
  • Added stats, this also works with AnyApi (this option is more for myself to show the strengths of various APIs)
  • Added a dynamic url, so forms get submitted to register/register&xxxxx=yyyyy instead of just register/register (both the param and values are uuids). When bots target xenforo, they often post directly to the core location: register/register, this would now throw an error (the param and values acts like an extra hidden field).
  • Added option to make the registration process 2 step (This stops some bots, but primarily allows more customisation for admins)
Removed XfAddOns_Blogs_ControllerPublic_Blog from the listener, since it's not using a protected _preDispatch
  • Fixed an issue with access levels, _preDispatch should be protected
This is only going to concern you if you use EWRporta
Top Bottom