[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.31

No permission to buy ($21.00)

Despair

Active member
#61
Tested without a captcha, and so far only 1 bot has made it by out of the ~4k attempts that were blocked.
Just wondering, was the one that made it through actually a bot (spammy username/email) or was it a human spammer? I was also thinking of using this addon without captcha or any other spam prevention addon, but looks like you'd need additional methods to reach that 100%?
 
#62
Just wondering, was the one that made it through actually a bot (spammy username/email) or was it a human spammer? I was also thinking of using this addon without captcha or any other spam prevention addon, but looks like you'd need additional methods to reach that 100%?
I'm unsure. It's the same spam we've been getting for over a month, about kitchens and such. The IP address was from Indonesia, but not registered in any bot DBs that I could see.
 

snoopy5

Well-known member
#63
Hi

I have purchased one licence already. How can I purchase a second licence for another XF Forum? There is no option in the userprofile to add another licence of the same plugin.
 

tenants

Well-known member
#64
1 bot, are you sure it was a bot and not a manual spammer?

Although XRumer is not the only bot, there is no way at the moment to configure XRumer to dynamically pick out the correct fields names (you need to set the field names in a text file, a =name, b = email.. tect) so to dynamically create these and poppulate them with the correct uuids is currently not possible, ... but bot user do come back and look at why things fail (they sometime manually register to see if they can find a way to pass it)
 
#65
1 bot, are you sure it was a bot and not a manual spammer?

Although XRumer is not the only bot, there is no way at the moment to configure XRumer to dynamically pick out the correct fields names, ... but bot user do come back and look at why things fail (they sometime manually register to see if they can find a way to pass it)
Nope, not sure at all. I'm assuming it was manual, but no way to tell otherwise.
 

tenants

Well-known member
#66
1stly, check they registration date of that user. Make sure it wasn't already registered (some sit around for a while before posting)

2ndly, have a look at how it registered. If it came via the registration page, it is highly unlikely it would have been a bot that registered. However, if it came via FaceBook registration (or Google/Twitter Auth), then you have a small leak in your system, and it might be worth considering using an antibot mechanism for these registration areas (see facebookregcaptcha )
(you need to check your server access logs for that IP address)

3rdly, what was the IP address they registered with (and what location was it associated with). I've noticed it's fairly rare that manual spammers use proxies, but bots almost always use proxies. For this reason, I use StopCountrySpam to stop human spammers (since in my case I can block certain countries), and FoolBotHoneyPot for bots. If the user used an IP address that is associated with a country that "spams lots", it's fairly likely they are human spammers.
 
#67
1stly, check they registration date of that user. Make sure it wasn't already registered (some sit around for a while before posting)

2ndly, have a look at how it registered. If it came via the registration page, it is highly unlikely it would have been a bot that registered. However, if it came via FaceBook registration (or Google/Twitter Auth), then you have a small leak in your system, and it might be worth considering using an antibot mechanism for these registration areas (see facebookregcaptcha )
(you need to check your server access logs for that IP address)

3rdly, what was the IP address they registered with (and what location was it associated with). I've noticed it's fairly rare that manual spammers use proxies, but bots almost always use proxies. For this reason, I use StopCountrySpam to stop human spammers (since in my case I can block certain countries), and FoolBotHoneyPot for bots. If the user used an IP address that is associated with a country that "spams lots", it's fairly likely they are human spammers.
It was newly created, and I removed the content it created within a few seconds of registration. Location I had in my previous post (Indonesia).
 

tenants

Well-known member
#68
I hate saying this, but that is one of the coutries I block for manual spam, and possibly one of the most common (I'm not suggesting anyone else should block this coutry, I can block it since my forum is not relavant to that country). If they were botting, they almost always use proxies and they seem to often (but not always) look like they come from the USA / EU

Bot users are almost always proxy savy

Just check your last 10 bots in your logs, my last 5:
http://whatismyipaddress.com/ip/193.105.210.123 (Ukrain, bad example)
http://whatismyipaddress.com/ip/192.210.62.162 (California)
http://whatismyipaddress.com/ip/5.39.69.13 (France)
http://whatismyipaddress.com/ip/113.212.69.98 (USA)
http://whatismyipaddress.com/ip/192.74.255.1 (California)
 
#69
I hate saying this, but that is one of the coutries I block for manual spam, and possibly one of the most common (I'm not suggesting anyone else should block this coutry, I can block it since my forum is not relavant to that country). If they were botting, they almost always use proxies (and they seem to often look like they come from the USA / EU )
Yeah, just don't really want to block entire countries.

Plugin is working great though. :)
 

Case

Well-known member
#70
I'm using the built in Q&A captcha as well as this. Does this mod record if the bot failed the captcha? Can't see it anywhere but I might be looking in the wrong place.
 

tenants

Well-known member
#71
yes, go into the log section (Admin CP >> Tools >> FoolBotHoneyPot Logs)

Then for each bot, click the row. You will get something like this:

captchafail.png
If the CAPTCHA fail is not present in the registration errors, then the bots are getting through your CAPTCHA
 

tenants

Well-known member
#72
If you have lots of CAPTCHA, then you will need to go through a few of these. You could take images of your text and use that with customImgCaptcha (but if you are going to take images, you may as well use something unique that is not text)

I use CustomImgCaptcha with custom images, foolbothoneypot then tells me for each CAPTCHA how many times humans have passed/failed it and how many times bots have passed/failed it:

botvscustomcaptcha.png

(I then know when I need to change my CAPTCHA)
 

Mouth

Well-known member
#73
Does this also work on the contact and lost-password forms?

I'm thinking of turning off captcha, but cannot if it would leave the above unprotected.
 

tenants

Well-known member
#74
FoolBotHoneyPot nope, currently registration only...
(CustomImgCaptcha works everywhere the standard CAPTCHA works)

Those forms (contact / lost-password) don't have as many areas where you can trip bots up
(for instance, you don't have to put your timezone/dob/password/password confirm).

It could be extended to cover those areas (but it would take a bit of work, and I have a few other things I'm doing with this 1st)


I think some body mentioned that you can turn CAPTCHA off for certain areas ( I can't confirm this, since I haven't done it my self). I'm not sure if you can turn CAPTCHA off for registration but leave it on for contact/lost-passwords
 

Mouth

Well-known member
#75
We use it with XenUtiles without problems.
If you have XenUtiles installed also, which add-on is actioned first when the registration form is submitted? Does it run through FPHP or XU first? I'd like to know which should thus catch the most spam?
 

Despair

Active member
#76
It could be extended to cover those areas (but it would take a bit of work, and I have a few other things I'm doing with this 1st)

I think some body mentioned that you can turn CAPTCHA off for certain areas ( I can't confirm this, since I haven't done it my self). I'm not sure if you can turn CAPTCHA off for registration but leave it on for contact/lost-passwords
I don't think this is possible without an addon/modification. I only took a quick look though so I'm not certain. Maybe for now you could add a simple option that allows you to disable captcha on the register_form template? I think I read that this addon uses its own register_form template. I'd assume it'd be as easy as not including the captcha helper and then forgoing the check in the register action if the admin chooses to set the option to disabled?
 

tenants

Well-known member
#77
tenants updated FoolBotHoneyPot Bot Killer: Spam Combat with a new update entry:

FoolBotHoneyPot v2.0.07 - Fixed a bug for IE7 (and possibly IE8)

Fixed an infrequent and hard to detect bug. In IE7 (and possibly IE8). If a user has non default settings and turns on Auto Complete on for forms and passwords, 'sometimes?' it seems setting [AUTOCOMPLETE = "off"] is not abided to by the browser. I've now set these values after the page has loaded bypassing the IE auto complete

Thankfully, the explicit logging details made the identification of this bug much easier
Read the rest of this update entry...
 

tenants

Well-known member
#79
Heh, for a second I thought you added my suggestion really quickly. I take it you're not interested in adding that option?
I'll take a look, but it might not be a simple as just turning it off for registration, I don't want to add bugs where they dont need to exist, but if I can do this without complications, I'll add your suggestion as an ACP option

I'll add it to the "to-do list" and will take a look when I get a chance

I have a couple more things that I want to add to this 1st (which might take a few days)
 
Top