1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How I stopped spam bot registrations

Discussion in 'XenForo Questions and Support' started by ibaker, Oct 20, 2012.

  1. ibaker

    ibaker Well-Known Member

    I am not sure how long this will last but seems to be doing the job nicely without any addons or reliance on 3rd party sources.

    I was getting about half a dozen bot registrations a day so instead of using something that was dependent on a 3rd party, I thought of making my own cheap imitation and see how long it lasts.

    I simply added my own .gif image to the registration page and used questions for human input based on words contained in that image. Not sure if using "avatar" as the image name contributes anything to the confusion for the registration bot or not.

    This is what it looks like and fingers crossed it will work for some time:
    1.jpg

    Hope it might help others
     
    melbo and Russ like this.
  2. steven s

    steven s Well-Known Member

    Maybe xf should incorporate some additional anti-spam methods of their own?
    They've been getting a lot of spam registrations lately.
     
  3. craigiri

    craigiri Well-Known Member

    Can a bot get my a rotating QA of most types? I assume not....easily!

    I think they might have spam here because of their refusal to use add-ons.
     
  4. melbo

    melbo Well-Known Member

    xrumer and others bots are 'smart' - when they repeatedly encounter a captcha they can't crack, they phone home with the info and it's queued for addition to their AI (at least in theory). The above is about as good as it gets but it might be helpful to rotate that question every 3 to 6 months.

    Can you share how you did that?
     
  5. ibaker

    ibaker Well-Known Member

    I first uploaded an image to my site...I called mine avatar.gif and just uploaded it to the styles folder
    Then in the helper_captcha_unit template right after:
    Code:
    <xen:if is="{$captcha}">
    I added:
    Code:
    <img style="margin-top:10px; margin-left:250px;" src="./styles/avatar.gif" alt="avatar" />
    (Naturally you insert the file name of the image you uploaded in the above code)

    I then added the following questions in the Questions and Answers CAPTCHA settings:
    Enter the first 5 characters of the first word in the above image:
    Enter the first 5 characters of the last word in the above image:
    Enter the first word in the above image:
    Enter the last word in the above image:

    If or as soon as they catch on then all I need to do is just upload a different image and change the answers to the questions
     
    whynot and melbo like this.
  6. tenants

    tenants Well-Known Member

    Pretty good,

    Although, keep in mind OCR/ANNs can read text (ANNs are often trained for text recognition, however object recognition can be much harder due to the wide variation) , so asking the user to describe an image/picture/object rather than text within an image often holds ground for longer (even with the additional logic of the question)

    I'm about to upload an add-on to allow admins to create their own captcha's (free), users can then share/sell their captcha sets (so it has import / export functionality too)
    Basically it is a "custom image captcha" plug-in, this plug-in and your idea share the advantage of QA's (in that they are often original, and not from a large database of "known images"), and the advantage of some image captcha (it weeds out the basic bots that can not easily read text / solve logic from images)

    If users create their own customisations, it's so much harder for bots to solve (as long as they avoid simple text / logic being read from the image that makes it easy to solve)

    I'll upload this add-on tomorrow... I'm just testing it now.

    An example set that I just created and wanted to give away with the plugin (obviously you will be able to add/delete any image you want to your own set):

    scorpion.jpg spider.jpg sheep.jpg squirell.jpg seal.jpg snake.jpg

    Although, after having looked at this set, if the text "animal beginning with S" was stripped out from the image, the bot could then retrieve a brute force list:

    http://en.wikipedia.org/wiki/XRumer

    The text is there to often make it more user friendly, but in doing so, you can often reveal too much to the bot.

    So this set isn't very good after all. It would be much better if the set was "objects begin with S", the list to brute force this would be much larger making it less likely for a bot to successful register

    If a bot can read your text, and can solve your logic, it might be able to register (although, I think many will have trouble with reading the text and solving the logic in combination for now)

    Edit: I have now added this resource http://xenforo.com/community/resources/customimgcaptcha.1161/
     
  7. ibaker

    ibaker Well-Known Member

    I have updated my post above (post #5) to a better location/template so as to cover all instances of captcha
     

Share This Page