[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
Overview Updates (79) Reviews (28) History Discussion
Really, I tested that... okay, leave unticked, I'll fix before end of weekend... that shouldn't have happened, tested with ticked and unticked, hmm :(
 
I was just testing the registration on desktop and when I use the tab button to go to the next field I find myself typing passwords, etc in hidden fields. This is something that ordinary people get caught in.
 
If you have the option to avoid pw managers on, it shouldn't matter, since js enabled users have the pw and usernames cleared, although I'm pretty sure I set a tab index of -1 to them, I'll double check
 
tenants updated FoolBotHoneyPot Bot Killer: Spam Combat with a new update entry:

extended the avoid all password managers

I've extended the avoid all password managers option to also reset the hidden email fields, it seems some mangers also store these.... shouldn't be a problem any more

... bots without js... cant get these resets
humans with js will get these hidden fields reset
bots with js are detected with other mechanism (they were avoiding hidden fields anyway)
Click to expand...

Read the rest of this update entry...

update here: http://www.surreyforum.co.uk/thread...th-a-custom-registration-page.1621/#post-2400
 
got a mysql error today @tenants

Code: 
Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: Unknown column 'time_stamp' in 'where clause' - library/Zend/Db/Statement/Mysqli.php:77
Generated By: Unknown Account, Yesterday at 11:28 PM
Stack Trace
#0 /home/dressedw/public_html/library/Zend/Db/Statement.php(115): Zend_Db_Statement_Mysqli->_prepare('\r\n\t\t\tDELETE \r\n\t...')
#1 /home/dressedw/public_html/library/Zend/Db/Adapter/Mysqli.php(381): Zend_Db_Statement->__construct(Object(Zend_Db_Adapter_Mysqli), '\r\n\t\t\tDELETE \r\n\t...')
#2 /home/dressedw/public_html/library/Zend/Db/Adapter/Abstract.php(478): Zend_Db_Adapter_Mysqli->prepare('\r\n\t\t\tDELETE \r\n\t...')
#3 /home/dressedw/public_html/library/Zend/Db/Adapter/Abstract.php(753): Zend_Db_Adapter_Abstract->query('\r\n\t\t\tDELETE \r\n\t...', Array)
#4 /home/dressedw/public_html/library/Tac/FoolBotHoneyPot/Model/HoneyPot.php(351): Zend_Db_Adapter_Abstract->fetchRow('\r\n\t\t\tDELETE \r\n\t...', 1494725325)
#5 /home/dressedw/public_html/library/Tac/FoolBotHoneyPot/CronEntry/CleanUp.php(7): Tac_FoolBotHoneyPot_Model_HoneyPot->runWeeklyCleanUp()
#6 /home/dressedw/public_html/library/XenForo/Model/Cron.php(356): Tac_FoolBotHoneyPot_CronEntry_CleanUp::runWeeklyCleanUp(Array)
#7 /home/dressedw/public_html/library/XenForo/Deferred/Cron.php(24): XenForo_Model_Cron->runEntry(Array)
#8 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(295): XenForo_Deferred_Cron->execute(Array, Array, 7.9999990463257, '')
#9 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 7.9999990463257, '', false)
#10 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, 8, '', false)
#11 /home/dressedw/public_html/deferred.php(23): XenForo_Model_Deferred->run(false)
#12 {main}
Request State
array(3) {
  ["url"] => string(39) "http://www.dressedwell.net/deferred.php"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(3) {
    ["_xfRequestUri"] => string(8) "/forums/"
    ["_xfNoRedirect"] => string(1) "1"
    ["_xfResponseType"] => string(4) "json"
  }
}
 
ah... I have to fix the weekly cron for new installs, will look at, I'm just developing something on stop human spam first (the above error wont stop anything from working, it's just not cleaning up a table that's no longer there), I'll fix as soon as I've updated shs
 
@tenants got another database error

Code: 
Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: Unknown column 'time_stamp' in 'where clause' - library/Zend/Db/Statement/Mysqli.php:77
Generated By: Unknown Account, Yesterday at 11:23 PM
Stack Trace
#0 /home/dressedw/public_html/library/Zend/Db/Statement.php(115): Zend_Db_Statement_Mysqli->_prepare('\r\n\t\t\tDELETE \r\n\t...')
#1 /home/dressedw/public_html/library/Zend/Db/Adapter/Mysqli.php(381): Zend_Db_Statement->__construct(Object(Zend_Db_Adapter_Mysqli), '\r\n\t\t\tDELETE \r\n\t...')
#2 /home/dressedw/public_html/library/Zend/Db/Adapter/Abstract.php(478): Zend_Db_Adapter_Mysqli->prepare('\r\n\t\t\tDELETE \r\n\t...')
#3 /home/dressedw/public_html/library/Zend/Db/Adapter/Abstract.php(753): Zend_Db_Adapter_Abstract->query('\r\n\t\t\tDELETE \r\n\t...', Array)
#4 /home/dressedw/public_html/library/Tac/FoolBotHoneyPot/Model/HoneyPot.php(351): Zend_Db_Adapter_Abstract->fetchRow('\r\n\t\t\tDELETE \r\n\t...', 1495329836)
#5 /home/dressedw/public_html/library/Tac/FoolBotHoneyPot/CronEntry/CleanUp.php(7): Tac_FoolBotHoneyPot_Model_HoneyPot->runWeeklyCleanUp()
#6 /home/dressedw/public_html/library/XenForo/Model/Cron.php(356): Tac_FoolBotHoneyPot_CronEntry_CleanUp::runWeeklyCleanUp(Array)
#7 /home/dressedw/public_html/library/XenForo/Deferred/Cron.php(24): XenForo_Model_Cron->runEntry(Array)
#8 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(295): XenForo_Deferred_Cron->execute(Array, Array, 8, '')
#9 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(429): XenForo_Model_Deferred->runDeferred(Array, 8, '', false)
#10 /home/dressedw/public_html/library/XenForo/Model/Deferred.php(374): XenForo_Model_Deferred->_runInternal(Array, 8, '', false)
#11 /home/dressedw/public_html/deferred.php(23): XenForo_Model_Deferred->run(false)
#12 {main}
Request State
array(3) {
  ["url"] => string(39) "http://www.dressedwell.net/deferred.php"
  ["_GET"] => array(0) {
  }
  ["_POST"] => array(4) {
    ["_xfRequestUri"] => string(58) "/threads/stories-on-the-working-man-and-all-his-ills.2480/"
    ["_xfNoRedirect"] => string(1) "1"
    ["_xfToken"] => string(8) "********"
    ["_xfResponseType"] => string(4) "json"
  }
}

also, not particularly relating to this addon but to the spam package as a whole, could you please tell me what this is and why it was blocked?

Action: Rejected - Spam phrase matched (*.net)
Generated By: C0keZer0, May 11, 2017, Content: post (196399)
Request State
array(4) {
["url"] => string(51) "http://www.dressedwell.net/posts/196399/save-inline"
["referrer"] => string(85) "http://www.dressedwell.net/threads/disagreeable-menswear-post-of-the-day.763/page-439"
["_GET"] => array(0) {
}
["_POST"] => array(6) {
["message_html"] => string(276) "<p>This thread is the bomb! As I look at these pictures, I am dumbfounded, in particular, by the Asian man who spends money on clothes only to look like a homolessperson.</p><p><img src="http://www.dressedwell.net/attachments/img_7927-jpg.22187/" alt="IMG_7927.JPG"><br></p>
"
["_xfRelativeResolver"] => string(85) "http://www.dressedwell.net/threads/disagreeable-menswear-post-of-the-day.763/page-439"
["_xfToken"] => string(8) "********"
["_xfRequestUri"] => string(59) "/threads/disagreeable-menswear-post-of-the-day.763/page-439"
["_xfNoRedirect"] => string(1) "1"
["_xfResponseType"] => string(4) "json"
}

looks like he was just trying to upload a picture.
 
Last edited:
strange,have you ticked the options to allow internal links and images:


upload_2017-5-21_22-51-17.webp

looks like its picking up ".NET" from this:

Code: 
<img src="http://www.dressedwell.net/attachments/img_7927-jpg.22187/" alt="IMG_7927.JPG">

Wait a second, this is not how stop human spam reports the logs, where did you get that message from. Stop human spam logs are found here:

admin.php?stophumanspam/logs

Action: Rejected - Spam phrase matched
Click to expand...

Is a core phrase, you are blocking your own content with the core ... shs does not do this by default, and strips out your images and internal links before the check, this is a core issue

Take the .net rule out of your core spam phrases, else you will continue to keep having this issue (it's fine in stop human spam, since shs goes in and checks for internal links and images)
 
Last edited:
tenants said:
strange,have you ticked the options to allow internal links and images:


View attachment 152662

looks like its picking up ".NET" from this:

Code: 
<img src="http://www.dressedwell.net/attachments/img_7927-jpg.22187/" alt="IMG_7927.JPG">

Wait a second, this is not how stop human spam reports the logs, where did you get that message from. Stop human spam logs are found here:

admin.php?stophumanspam/logs



Is a core phrase, you are blocking your own content with the core ... shs does not do this by default, and strips out your images and internal links before the check, this is a core issue

Take the .net rule out of your core spam phrases, else you will continue to keep having this issue (it's fine in stop human spam, since shs goes in and checks for internal links and images)
Click to expand...
i have these listed under spam management > spam phrases:

[url*
*.com
*.net
*.org
*.info
*.ru
*.asia
*.us
*.in
*.de
*.tk
*.com.br
http://*
*@*
investment
fullz
credit card
forex
mortgage
pharmacy
casino
viagra
outlet
prada
marketing
seo
vn
maletestosterone...
supplements

Is this the .net you're talking about?
 
These are core settings that are producing your issue

Rambro said:
*.net
Click to expand...
tenants said:
Take the .net rule out of your core spam phrases
Click to expand...

http://* is also going to cause this issue (I'm not sure about "url" )


Using the core phrases instead of stop human spam is going to ban them without consideration of being internal or links from uploaded images etc... I wouldn't try to prevent these types of links using the core (use stop human spam for that, otherwise you will see the types of issues you have just seen). Dont ban them as words, stop human spam detects links in various way, no links get through (for new users, or users you don't want to post links), even links such as "w w w . example . c o m" will get picked up as a sneaky links, dont ban them as phrases any where

... maybe carry on this conversation under stop human spam
 
Last edited:
I had a user complain that when they tried to register via Edge in private mode, it rejected them. I checked out the logs and see that as soon as they used Chrome, they were able to proceed. It looks like they were detected as a bot, by "non browser mechanisms".

Here's the log entry:

Log Info
Bot detection by Non Browser Mechanisms, FoolBotHoneyPot: Detected As A Bot - Registration Blocked
8 minutes ago
generated by username attempt: anonusername
generated by email attempt: anonemail@address.com
IP Address: xxx.xxx.xxx.xxx:59894
Host: xxx.xxx.xxx.xxx.constant.com
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Time Taken To Register: 68 (seconds)
Basic Proxy Detection: Possibly Forged IP Address, ReverseDNSIP (xxx.xxx.xxx.xxx.constant.com) != ipAddress (xxx.xxx.xxx.xxx)
JavaScript Enabled: FALSE
Browser Plugins Detected: None
Altered Hidden Fields
Registration Errors
fbhp_sec1 => foolbothoneypot_sorry_youve_been_detected_as_an_automated_program secret ingredient 1

Bot detection by Non Browser Mechanisms,
FoolBotHoneyPot: Detected As A Bot - Registration Blocked
9 minutes ago : xxx.xxx.xxx.xxx:59894
Username: anonusername
Email: anonemail@address.com
Host: xxx.xxx.xxx.xxx.constant.com
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Time taken to register: 68 (seconds)
JavaScript Enabled Browser: FALSE
Detected as Non Browser Bot: TRUE
Core Classical Honeypots: 0
FBHP Classical Honeypots: 0
Basic Proxy Detection: Possibly Forged IP Address, ReverseDNSIP (xxx.xxx.xxx.xxx.constant.com) != ipAddress (xxx.xxx.xxx.xxx)
Browser Plugins Detected: None
 
What is the version number of foolbothoneypot, there was an edge issue with an earlier version that I fixed. In addition, the latest version does not check for non browser mechanisms when js is enabled

Hmmm, but they seem to be js disabled. What version of fbhp are you on?
 
Thanks for the fast reply. It's 3.0.27.

It's configured with default settings, except that "Avoid All Password Managers" is checked.

I've just checked Edge, and JS was enabled, even though it suggests it wasn't.
 
Okay, the simple fixed would be to not do non browser based detection when edge. It's not a fix that I like, does it have to be private mode? I've tested edge before with no issues, I'll try to reproduce and fix one way or another this weekend. Have you reproduce it?
 
I was able to reproduce it at the time, but when I've tried again now, the registration went through OK. I'll do some more testing and see if I can reliably reproduce this and then post the logs.
 
nrep, can you send me a pm with your forum url

There was an edge issue that occurred infrequently in an older fbhp version, it was avoided by just turning of non browser based detection when js is detected. Basically, if js is found, there is little point in doing non browser based detection anyway. So seeing that your edge users was detected with no javascript is concerning

In all the edge tests I've tried, I've not seen this issue, so looking at your forum might reveal something. Private mode and non private mode edge tests, you can see js is detected:

54811f


and with the same edge version you mention above

548154



Your forum reg page should tell me more, for instance, if there is a script error on the registration page, the js detection wont work... hence you might see the edge issue occasionally

equally it could be a cache issue of script requests
http://www.itworld.com/article/2693...r-updating-in-internet-explorer-solution.html


This should not really be an issue, since on the registration page, it only makes one request to detect of js, but if it is this, it's a simple fix. If it's the first issue, then the fix would be to fix your script issue, either way, I think I will know more by looking at your registration page.

edit - actually, the cache issue is not likely, since it's a post request and contains a uuid value
 
Last edited:
You must log in or register to reply here.
Top Bottom