[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
Overview Updates (79) Reviews (28) History Discussion
MattW said:
I'm getting the same error on @Jeffin 's site. I've disabled all add-ons so we can get back in.
Click to expand...
Sounds like DeDOS (as I commented in the other thread).
- DeDos reduces the number of times this is possible, by default, if the user hits 6 pages or more within 7 seconds, a friendly user message is displayed to the user. This friendly message then counts down and redirects them to the original page. If they continue to hit more pages after seeing the message (bots will, humans shouldn't), by default if they hit 8 pages or more within seven seconds, they are locked out of the site and their IP is cached. From then onwards, that IP will only see a 401 Unauthorised page (and only take up 1 query instead of 15- 25 queries).
Click to expand...
 
Tracy Perry said:
That's unusual.. the problem I had with it was it wouldn't let you register/log in at all. Never got a 401 error from it.
Click to expand...
968_upload_2014-9-7_13-24-16.png
 
@Jeffin
I've, just seen the thread. It does sound like a DeDos issue, was it?
If you've set it to update the htaccess, you will probably also need to remove your IP from that

Turning on debug mode for your IP will allow you to log in, look through the logs (FBHP or DeDos) and check why this happened. But, if you have set it up to update the htaccess file, you will need to remove the IP address there too (the forum route htaccess file)

See at the bottom: https://xenforo.com/community/resources/dedos-anti-dos-for-spam-bot-scrapers.3305/
Warning: If you decide to test this plugin on your own forum, and if you decided to refresh the page more times after seeing the warning message, you will be locked out of your entire site (including the ACP area). In such cases, you can turn off the DeDos cache by turning on debug mode, then login to your ACP and remove your IP from the cache, you can then turn debug mode back off.
Click to expand...
 
tenants said:
This message implies only FBHP has been used to block that IP, check through your FBHP logs to see why / when.
Click to expand...
That was my IP address, and I've not visited his site in a week or so. I have a static UK IP address.

Unfortunately, he's uninstalled the addon as soon as I disabled all the listeners, so the FBHP logs have gone.
 
tenants said:
@Jeffin
I've, just seen the thread. It does sound like a DeDos issue, was it?
If you've set it to update the htaccess, you will probably also need to remove your IP from that

Turning on debug mode for your IP will allow you to log in, look through the logs (FBHP or DeDos) and check why this happened. But, if you have set it up to update the htaccess file, you will need to remove the IP address there too (the forum route htaccess file)

See at the bottom: https://xenforo.com/community/resources/dedos-anti-dos-for-spam-bot-scrapers.3305/
Click to expand...

My forum admin told me that when he looked at the IP of new members they were looking similar so he searched for this IP to find if there are others from the same IP and few others genuine members were listed. It looks like the forum is assigning the same IP to everyone now.
 
Last edited:
Update: Hi @tenants , I just found out that my server IP 64.64.16.120 is being assigned to all logged in members. I don't know how.

I recently got my hosting company to install SOAP client on my server. Could this be causing the issue?

ss.webp
 
This is probably an issue with nginxcp and the rpaf module not passing the correct IP back to apache. If the hosting company rebuilt apache via easyapache, you need to re-install nginxcp again.
 
MattW said:
This is probably an issue with nginxcp and the rpaf module not passing the correct IP back to apache. If the hosting company rebuilt apache via easyapache, you need to re-install nginxcp again.
Click to expand...

Thank you very much. :notworthy:
 
rainmotorsports said:
We finally jumped to 1.4 and 2 days later starting to get some spammers coming through.
Click to expand...
Looking at the 1.4 honeypot feature, it shouldn't be that. Like Mike has stated, there is no need to update this with 1.4 as XF now has the same feature... and randomises the fields, so hackers can't write something static to counter it, as you never know what will be hidden on each registration form load, just as this mod does.
 
Anthony Parsons said:
Looking at the 1.4 honeypot feature, it shouldn't be that. Like Mike has stated, there is no need to update this with 1.4 as XF now has the same feature... and randomises the fields, so hackers can't write something static to counter it, as you never know what will be hidden on each registration form load, just as this mod does.
Click to expand...

The absence of logging to determine whats going on will obviously be a terrible loss though.

The honeypot fields in 1.4 are actually 100% obvious. It's the real fields that are randomized it looks like to me. There are fake username and password fields for example this time im looking at the source. But the real fields have random identities. It's the same idea but I don't think its actually implemented entirely the same.

All the hidden fields in 1.4 appear to have (as previously pointed out):
Code: 
<p class="explain">Please leave this field blank.</p>

Would seem to make missing the honeypots easy, but putting the correct information in the correct fields harder instead. Such as how do we know which field we used was the username. So the bot might get to register still hitting none of the wrong fields. But if you don't know what field was the username or the password... can't login. If thats how it is then in theory still effective but not the same.
 
Does 1.4 implement all of the great statistics/logging that are in FBHP? It's actually very useful for me to track how many bots we're blocking because we have an extremely long baseline on vBulletin for the statistic of # of active users. However, on vB, those active users included any registered bots so tracking that helps adjust my baseline.

While I appreciate when functions are folded into the core and can result in the removal of plugins, this one is particularly well done and useful and I'd hate to lose any of that utility.
 
Ridemonkey said:
While I appreciate when functions are folded into the core and can result in the removal of plugins, this one is particularly well done and useful and I'd hate to lose any of that utility.
Click to expand...

dito.

XF1.4 final is out today, but I really would like to stick with FBHP....
 
You must log in or register to reply here.
Top Bottom