[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
that's a core xenforo phrase
"some_fields_contained_unexpected_data_try_again"

*_insertParamsEscaped;b:1
*_phraseNameOnInvalid;b:1

Could it have been a time out, I'm not sure where these params are (they are not part of fbhp). I could do a search for them when I get back
 
Last edited:
Thanks @tenants, if it's not part of FBHP then I'll keep a watch and see if it happens again. It happened quite a few times for the same user, so I'll monitor the logs.
 
I have paid for FoolBotHoneyPot and the DDos plugins but I see nowhere that I can download them so that I can use them on my website.

Is this resource still maintained and if so, how long do you have to wait for someone to contact you after you have paid for these plugins?

Cheers,
Craig
 
It's immediate and automatic from the same place that you paid for it. I should possibly send out an automated email mentioning the same, since a few people miss this every now and then.

First Post Attachment:
http://www.surreyforum.co.uk/thread...stering-with-a-custom-registration-page.1621/
http://www.surreyforum.co.uk/thread...m-scrapers-spam-bots-simple-dos-attacks.1843/

In the first post where you paid for it, it mentions the following
This is a paid plugin, you will need to pay for the appropriate upgradeto download this plug-in:
http://www.surreyforum.co.uk/account/upgrades

Once you have upgraded, this plugin is immediately available to download (as an attachment below), this process is automated.

For the latest version, download the attached file:
(This plugin is added as an attachment to the 1st post BELOW)
 
FYI

This project works, it stops the new wave of bots, once again, I dont think I'm needed for a while, I cant see bots making another leap anytime soon, if they do I will poke my head in.

So, if some one want's to take over this entire project (own it, sell it, support it, improve it), let me know, I'm not asking anything for it, but would prefer to hand it over to someone with dev experience in the field of anti-spam (and that everyone is happy with)

As for me... I'm kind of out of here and working on my own projects, will keep my hand in this project until it's properly handed over.
 
To keep everything central and tracked, I'm going to start referencing any bugs I take on fixing with the tag: [Issue n], where n is the issue number. I've had a request for a ticket system, but don't I think it's currently necessary given my current add-on support load. So if you have any support requests, centralize them here.

[Issue 1]
Password/form autocompleters like chrome can trigger the honey pot.
 
Last edited:
I've purchased this under Surrey's site a while, back. But now that you have taken over development is there any way to gain access to the latest versions? I have no account for your site and Surrey's site does not appear to list the download any longer.
 
I've purchased this under Surrey's site a while, back. But now that you have taken over development is there any way to gain access to the latest versions? I have no account for your site and Surrey's site does not appear to list the download any longer.
If you register on my site with the same email address you originally used, it should give you access automatically.
 
The autofill warning has significantly decreased the number of people blocked. But unfortunately people do not read. Instead of daily multiple support tickets, I now get 5 tickets a week. Which is an improvement, but I guess only a small percentage will bother opening a ticket.
 
TBH here...I really didn't think I had that bad of a spambot problem. My forum isn't that big, but my web host kept telling me it was getting a ton of traffic. So I downloaded the apache log for the last month to discover that 67% of all hits were coming from one single IP address. I discovered this after another issue (corrupted server routing file) caused a yuge headache for me today.

So I installed this and Bot Arrestor and within 40 minutes I've got 10 trapped spambot registrations and 1 bot trapped.

worth. every. cent.
 
In just over 3 days, over 300 registration attempts blocked and over 180 IPs locked out.

Note that on every one of them - zero of the "core classic" honeypots were filled in. None. The average number of FBHP honeypots filled in was around 10.
 
The number of false positives and legit users getting blocked is still very significant. It has gone up quite a bit recently.
 
The number of false positives and legit users getting blocked is still very significant. It has gone up quite a bit recently.
I guess I could level the "don't use autocomplete" warning up to flashing red capitals. A legit user getting caught due to actually behaving in an automated way hits the limits of the whole concept.

The only logical way I see out of this to reduce false results, apart from warning the user to not be like a bot, is to have stages. Kind of like the Blade Runner tests in reverse.
I.e. Yes -> block; No -> pass; Maybe -> stage 2

Stage 2 could be anything from new tests, to "We suspect you're a bot, but we're not sure. You'll get a 2nd chance to register. Warning etc. Do you understand etc."

But this is all academic until I get around to porting to XF2, which is more pressing.
 
Funny thing is that I halfway wonder something...I use an addon on one site that forces someone to read the Terms & Conditions, and that has a 30 second timer on it. I never - ever - get any spammers registering. At least, not spam bots. A human spammer, but rarely. Also the Q&A captcha is very specific to the region.

But the point is, my other site (where this is now running) does not have the T&C timer, and the questions are more generic, so when a spammer breaks the answers, I get a flood of successful registrations. I change the Q&A and they fail for a while (usually, months). But they never stop hammering the site.

So the first one, it never gets touched because, I think, the timer and requirement to click to proceed to the next page is a deterrent. Either that, or the Q&A hasn't been broken, so the bots haven't been released on it. Not sure but it is interesting since they are on the same server and one gets a magnitude of order more spambot traffic.
 
Indeed, it's only ever economical for a bot spammer to target 'universality' (Q&A is next line of universality). The moment you do anything unique, they're written off.
 
Indeed a rules timer also worked great for my site when we had it. Unfortunately there is no equivalent on XF. At least no working addon.
 
Top Bottom