• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How I stopped spam bot registrations

ibaker

Well-known member
#1
I am not sure how long this will last but seems to be doing the job nicely without any addons or reliance on 3rd party sources.

I was getting about half a dozen bot registrations a day so instead of using something that was dependent on a 3rd party, I thought of making my own cheap imitation and see how long it lasts.

I simply added my own .gif image to the registration page and used questions for human input based on words contained in that image. Not sure if using "avatar" as the image name contributes anything to the confusion for the registration bot or not.

This is what it looks like and fingers crossed it will work for some time:
1.jpg

Hope it might help others
 

steven s

Well-known member
#2
Maybe xf should incorporate some additional anti-spam methods of their own?
They've been getting a lot of spam registrations lately.
 

craigiri

Well-known member
#3
Can a bot get my a rotating QA of most types? I assume not....easily!

I think they might have spam here because of their refusal to use add-ons.
 

melbo

Well-known member
#4
xrumer and others bots are 'smart' - when they repeatedly encounter a captcha they can't crack, they phone home with the info and it's queued for addition to their AI (at least in theory). The above is about as good as it gets but it might be helpful to rotate that question every 3 to 6 months.

Can you share how you did that?
 

ibaker

Well-known member
#5
I first uploaded an image to my site...I called mine avatar.gif and just uploaded it to the styles folder
Then in the helper_captcha_unit template right after:
Code:
<xen:if is="{$captcha}">
I added:
Code:
<img style="margin-top:10px; margin-left:250px;" src="./styles/avatar.gif" alt="avatar" />
(Naturally you insert the file name of the image you uploaded in the above code)

I then added the following questions in the Questions and Answers CAPTCHA settings:
Enter the first 5 characters of the first word in the above image:
Enter the first 5 characters of the last word in the above image:
Enter the first word in the above image:
Enter the last word in the above image:

If or as soon as they catch on then all I need to do is just upload a different image and change the answers to the questions
 

tenants

Well-known member
#6
Pretty good,

Although, keep in mind OCR/ANNs can read text (ANNs are often trained for text recognition, however object recognition can be much harder due to the wide variation) , so asking the user to describe an image/picture/object rather than text within an image often holds ground for longer (even with the additional logic of the question)

I'm about to upload an add-on to allow admins to create their own captcha's (free), users can then share/sell their captcha sets (so it has import / export functionality too)
Basically it is a "custom image captcha" plug-in, this plug-in and your idea share the advantage of QA's (in that they are often original, and not from a large database of "known images"), and the advantage of some image captcha (it weeds out the basic bots that can not easily read text / solve logic from images)

If users create their own customisations, it's so much harder for bots to solve (as long as they avoid simple text / logic being read from the image that makes it easy to solve)

I'll upload this add-on tomorrow... I'm just testing it now.

An example set that I just created and wanted to give away with the plugin (obviously you will be able to add/delete any image you want to your own set):

scorpion.jpg spider.jpg sheep.jpg squirell.jpg seal.jpg snake.jpg

Although, after having looked at this set, if the text "animal beginning with S" was stripped out from the image, the bot could then retrieve a brute force list:

The software is also able to gather and decipher artificial intelligence such as security questions (i.e. what is 2+2?) often used by forums upon registration. Since the latest version of XRumer, the software is capable of collecting such security questions from multiple sources and is much more effective in defeating them.
Helper program Hrefer is also included. This software is used to automatically parse results from search engines including Google, Yahoo, Bing and Yandex for forums and blogs that can then be used as a target list for the main XRumer application.[citation needed]
http://en.wikipedia.org/wiki/XRumer

The text is there to often make it more user friendly, but in doing so, you can often reveal too much to the bot.

So this set isn't very good after all. It would be much better if the set was "objects begin with S", the list to brute force this would be much larger making it less likely for a bot to successful register

If a bot can read your text, and can solve your logic, it might be able to register (although, I think many will have trouble with reading the text and solving the logic in combination for now)

Edit: I have now added this resource http://xenforo.com/community/resources/customimgcaptcha.1161/
 

ibaker

Well-known member
#7
I have updated my post above (post #5) to a better location/template so as to cover all instances of captcha