1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FoolBotHoneyPot [Paid] - Stop Spam Bots Elegantly With A Custom Registration Page & Honey Pots

Discussion in 'Add-on Releases' started by tenants, Oct 3, 2012.

  1. tenants

    tenants Well-Known Member

    This is included in Both
    i) Free (Branded) Tac Anti Spam Collection
    ii) Paid (unbranded) Tac Anti Spam Collection

    tenants submitted a new resource:

    FoolBotHoneyPot (version 1.0.1) - Stop bots from registering using hidden fields

    Read more about this resource...
     
  2. tenants

    tenants Well-Known Member

    What a suspect bot would currently see if hidden fields were tampered with:

    HiddenFieldsRegistration.png
    There are many more hidden fields, this is just showing the email fields
    Later, options to BAN on hidden field tampering will be added

    You can see an example here: www.surreyforum.co.uk
    On attempting to register, use firebug to display a hidden field and "tamper" with it
     
  3. tenants

    tenants Well-Known Member

    To Do List

    i) The actual visible field names (and many invisible field names) are currently hard coded uuid names, these will eventually be updated to real uuids... each form will have there own set of uuid per install (random uuids will be created on installation) - Done v1.0.2
    ii) The order of the fields will be randomised -Done v1.0.4
    iii) Banning The bots: since these will build up (banning thousands of IP address and emails in XF is not nice to deal with), a 3rd party banning solution will be adopted Done, use StopBotters
    iv) Logging: Logging of Registration prevention will be added -Done v1.0.5
    v) Option to not log further entries for already logged email addresses Done v1.0.7
    vi) Option to not log further entries for already logged usernames Done v1.0.7
    vii) Option to not log further entries for already logged ip addresses Done v1.0.7
    vii) Option to not log events Done v1.0.7
    viii) Registration Timer Done v1.0.11
    iix) Look at options for turning off CAPTCHA just for the registration page Done
    To do /* Add cron job to clear up temp uuids */ Done

    ix) Point and click bots, randomise visible field order, random sized spacers, random line height
    x) Graphical stats for data

    This add-on is fairly complete, it does exactly what it says on the tin. Stops 100% of spam bots elegantly without humans even noticing it! If you think of any enhancements, let me know.
     
    Last edited: Apr 4, 2014
  4. tenants

    tenants Well-Known Member

    After installing this, I would recommend testing that you can register an account

    After that, to test what a robot would see:
    1) Use chrome/Firefox with Firebug
    2) Display one of the hidden fields on the registration form and fill it & then register
     
  5. tenants

    tenants Well-Known Member

  6. Brentnauer

    Brentnauer Well-Known Member

    This is pretty cool! Will definitely think about it.
     
  7. tenants

    tenants Well-Known Member

  8. tenants

    tenants Well-Known Member

  9. tenants

    tenants Well-Known Member

  10. tenants

    tenants Well-Known Member

    tenants updated FoolBotHoneyPot with a new update entry:

    FoolBotHoneyPot v1.0.7

    Read the rest of this update entry...
     
  11. erich37

    erich37 Well-Known Member

    I have installed and tested this add-on and it works great !
    Before installing this add-on, a couple hundred spam-bots created more than 14000 spam-threads at my forum. :eek:

    After installing this add-on, no single spam-bot have managed to spam my Forum anymore.

    Great job tenants! (y)
     
  12. tenants

    tenants Well-Known Member

  13. CyclingTribe

    CyclingTribe Well-Known Member

    Just wanted to double-check - do I need to purchase for each forum I use this at?

    Thanks,
    Shaun :D
     
  14. tenants

    tenants Well-Known Member

    PM me, essentially, yes.

    1 license covers 1 forum, but if you have multiple forums and find that it is too expensive to cover many forums, we should be able to come to an agreement.
     
  15. CyclingTribe

    CyclingTribe Well-Known Member

    No, that's fine, I accept owning multiple sites means multiple costs and don't wish to dilute add-on developers efforts ... (y)

    TBH only two of my sites are busy enough at the moment to warrant this so I'll add it to my to-do list and hopefully get it installed in the coming weeks (there's never enough time is there? lol :D ).

    I'm not sure my cheif spam-killing moderator will appreciate it though - I think he rather enjoys pulling the trigger on our little "friends". :ROFLMAO:
     
  16. tenants

    tenants Well-Known Member

    Ah, yes... not many bots will get through this (currently 0% on my forums)

    It's also worth having a secondary defence. This plug-in works well with CustomImgCaptcha (FBHP lets you know which CAPTCHA images have been beaten by bots and how many humans found the CAPTCHA too hard)... That's a big advantage over any other Image CAPTCHA mechanism

    The moderator may still have the odd Human spammer that gets through (although, I use StopCountrySpam which has also stopped 100% of them so far, but I realise this isn't an option for everyone)
     
    CyclingTribe likes this.
  17. CyclingTribe

    CyclingTribe Well-Known Member

    Wow ... within 10 mins. of installing I've got 5 pages of blocked registration attempts. :eek:

    Nips off to investigate the IP address that's hammering the registration form!!! (y)
     
  18. tenants

    tenants Well-Known Member

    The options are there to turn off the logs / reduce the amount of logging information
    By default, it doesn't log multiple attempts from the same IP address... otherwise you would be getting a lot more (but you can turn this on if you like)

    However, from the logs, if you click each entry, you can almost see straight away that they are bots, since they will often fill lots of hidden fields with random strings:

    PHP:
    a:14:{
        
    s:8:"username";s:7:"jywcnhl";  // hidden honey pot
        
    s:5:"email";s:27:"levijohnston917@yahoo.co.uk"// hidden honey pot
        
    s:8:"timezone"s:11:"Asia/Almaty"// hidden honey pot
        
    s:8:"password";s:10:********"; // hidden honey pot
        s:16:"
    password_confirm";s:10:"********"; // hidden honey pot
        s:18:"
    367c2507056130cc0f";s:14:"Ramon Gonzales"; // hidden honey pot
        s:18:"
    9bd30507056130a4d9";s:10:"Ajasonde12"; // hidden honey pot
        s:18:"
    97c68507056131fc84";s:10:"Ajasonde12"; // hidden honey pot
        s:18:"
    57ed050705613094fe";s:15:"Randall Nedescu"; // hidden honey pot
        s:18:"
    46bab507056130f2ed";s:10:"Ajasonde12"; // hidden honey pot
        s:18:"
    0218b5070561310e6e";s:10:"Ajasonde12"; // hidden honey pot
        s:18:"
    2af465070561319724";s:12:"Im a Spammer";  //<< omg!  this bot really put that
        s:18:"
    02b2550705613148ff";s:10:"Ajasonde12"; // hidden honey pot
        s:18:"
    4907e507056130fece";s:10:"Ajasonde12"; // hidden honey pot
    }

    Why would a human need to fill so many hidden fields with the text "Ajasonde12" ?
    [PS I don't feel particularly bad about exposing bot passwords, even if they use this account on many fourms]


    Note: they do not always fill out all the honey pots, sometimes they just target XF and fill out what they expect to see (they would then obviously also fail on a custom catpcha test, since this field would not be expected to be there). What they often do is fill out the cunning honey pots named "username/email/.. etc", they do not know that the real fields are named with uuids


    You can also google the username / ip address and email address... and most of the time (but not always) these are old circulating bots picked up by stopforumspam etc...

    The great thing is, this doesn't just catch bots that are already known (which will be implemented in XF 1.2) but it catches bots that are not known yet, so this will continue to be useful for a while.

    Code:
    Registration Blocked: User blocked from registering
    Today at 10:22 AM
    generated by username attempt: jywcnhl
    generated by email attempt: levijohnston917@yahoo.co.uk
    IP Address: 91.236.74.197
    


    I still highly recommend using this with the free resource CustomImgCaptcha, they work pretty well hand in hand. I've had bots that at least atempt the custom CAPTCHA, but none that pass them yet (I also havent had any humans that fail the CAPTCHA, apart from when clickfinity put no anwser for "spoon" ^^ <tuts>)

    This works well on its own, but it's nice to see real stats for CATPCHA for human fails and what CAPTCHAs bots can pass, this makes it very easy to "prune" CAPTCHA images
     
    D.O.A. likes this.
  19. CyclingTribe

    CyclingTribe Well-Known Member

    Interestingly I've had a couple of people get in touch via the site contact form claiming they cannot register because they have been blocked as bots; does the add-on sometimes produce false positives?

    If so, which setting do I need to turn off to stop this happening - I really don't want to put genuine new members off. (y)

    Cheers,
    Shaun :D
     
  20. tenants

    tenants Well-Known Member

    It shouldn't do, can you have a look at the logs and send me (PM) the details.. (star out if passwords are present)

    It will only stop people from registering if hidden fields have been changed, and present a contact message if this has been detected (so they can contact you as mentioned).

    The only reason I can think of, is they the hidden fields have been auto-populated (which also shouldn't happen, since their values are set, and have a param autocomplete="off")

    If you can send me the logs of the hidden fields that were completed by these users, I can look into it (it might be that I have missed one, but didn't find any during testing)

    For now, while I look into it, ask just those users to register with an alternative browser (it's fairly likely any auto-complete has come from a the browser)

    It would be useful to know which browser they used, so I can test the fix
     

Share This Page