The Form Customisation Mechanism
- As mentioned above, XRumer and many other bots will try to inject information into forms by using fields names that it knows (name=email, name=password)
- With the customisation mechanism, each of the valid field names (the fields that a user can see) are now uniquely named, and new names are created for each session.
- Since the bot will not know which fields names are which (for instance which is the email and which is the password_confirm) it makes it incredibly difficult for the bot to know how to populate the form correctly, once again preventing the bot from registering
- For those bots that do not use fields names, but simply populate the form according to form index order, this is an addition mechanism to trip them up
- By randomising the field order , it makes it incredibly hard to populate a form according to index number.
- The fields are randomised every time the registration page is loaded/refreshed