1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implemented Spam Suggestion Feature

Discussion in 'Closed Suggestions' started by BamaStangGuy, Mar 12, 2013.

  1. BamaStangGuy

    BamaStangGuy Well-Known Member

    This part of this addon: http://xenforo.com/community/resources/foolbothoneypot-bot-killer-spam-combat.1085/

    should be standard

    1) The Honey Pot Mechanism
    • XRumer and many other bots will often try to register by sending a request directly to the registration form (carrying over the session cookie). In order to populate the form, the bots will use fields names, text is then injected into the field values containing that name (this process is written into a script / used by a standard script against XenForo registration), these field names will often be standard field names such as name = "name", name = email, name=password.. etc
    • With the Honey Pot Mechanism, these fields still exist but are hidden (from humans). A bot will automatically fill these fields, but by doing so the bot has been fooled by the "honey pot" and is subsequently prevented from registering
    • Additionally, XRumer bot users will sometimes write the script so that all form fields are populated, this will of course be caught by the standard honey pots, additionally there are multiple other hidden trick fields that will catch these bots, and these fields are named with uuids that are created on the fly for each session
    2) The Form Customisation Mechanism
    • As mentioned above, XRumer and many other bots will try to inject information into forms by using fields names that it knows (name=email, name=password)
    • With the customisation mechanism, each of the valid field names (the fields that a user can see) are now uniquely named, and new names are created for each session.
    • Since the bot will not know which fields names are which (for instance which is the email and which is the password_confirm) it makes it incredibly difficult for the bot to know how to populate the form correctly, once again preventing the bot from registering
    3) The Form Field Randomisation Mechanism
    • For those bots that do not use fields names, but simply populate the form according to form index order, this is an addition mechanism to trip them up
    • By randomising the field order , it makes it incredibly hard to populate a form according to index number.
    • The fields are randomised every time the registration page is loaded/refreshed
     
    shawn likes this.
  2. RoldanLT

    RoldanLT Well-Known Member

    What's your experience about the said addon?
    99% spam detection?
     
  3. BamaStangGuy

    BamaStangGuy Well-Known Member

    It's the only one I use. I don't use Q&A nor do I use Captcha and it stops literally all bots from registering. Since xenForo 1.1.4 will have registration timer, this will be a perfect addition to it.
     
    RoldanLT likes this.
  4. BamaStangGuy

    BamaStangGuy Well-Known Member

    http://www.shottalk.com/register you can see it in action there. I don't have any visible anti-spam for users to fill in. Makes registration a lot less painless for people.
     
    RoldanLT likes this.
  5. RoldanLT

    RoldanLT Well-Known Member

    Using paid or Free version?
     
  6. BamaStangGuy

    BamaStangGuy Well-Known Member

    Paid.
     
  7. RoldanLT

    RoldanLT Well-Known Member

    Anyway, What is lacking with the free version?
     
  8. BamaStangGuy

    BamaStangGuy Well-Known Member

    I think the difference is only the branding removal.
     
  9. RoldanLT

    RoldanLT Well-Known Member

    Branding appears on?
     
  10. BamaStangGuy

    BamaStangGuy Well-Known Member

    No idea, never used the free version.
     
    RoldanLT likes this.
  11. Jeremy

    Jeremy XenForo Moderator Staff Member

Share This Page