[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
Overview Updates (79) Reviews (28) History Discussion
please read the post, exactly one post above you.

It's because your theme does't have a background for the registration page
 
Just to make this easier for the majority, I've added

Code: 
.xenForm fieldset,
.xenForm .formGroup
{
   background-color: @contentBackground;
}

People who dont use contentBackground for the background colour of the forum can then just comment this out in the template Foolbothoneypot.css
(I think most people, if not all people will use the colour contentBackground for their form background )
 
tenants updated FoolBotHoneyPot Bot Killer: Spam Combat with a new update entry:

added a default bg colour to the reg form, for custom styles that remove it

Just to make this easier for the majority, I've added

Code: 
.xenForm fieldset,
.xenForm .formGroup
{
   background-color: @contentBackground;
}

People who dont use contentBackground for the background colour of the forum can then just comment this out in the template Foolbothoneypot.css
(I think most people, if not all people will use the colour contentBackground for their form background )
Click to expand...

Read the rest of this update entry...
 
I am getting these errors:
Error Info
Zend_Db_Statement_Mysqli_Exception: Mysqli statement execute error : Data too long for column 'mousemove_log' at row 1 - library/Zend/Db/Statement/Mysqli.php:214
Generated By: Unknown Account, 43 minutes ago
Stack Trace
#0 /library/Zend/Db/Statement.php(297): Zend_Db_Statement_Mysqli->_execute(Array)
#1 /library/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)
#2 /library/Zend/Db/Adapter/Abstract.php(632): Zend_Db_Adapter_Abstract->query('UPDATE `sf_fool...', Array)
#3 /library/XenForo/DataWriter.php(1654): Zend_Db_Adapter_Abstract->update('sf_foolbothoney...', Array, '(id = 62)')
#4 /library/XenForo/DataWriter.php(1623): XenForo_DataWriter->_update()
#5 /library/XenForo/DataWriter.php(1419): XenForo_DataWriter->_save()
#6 /library/Tac/FoolBotHoneyPot/Model/BrowserEvents.php(59): XenForo_DataWriter->save()
#7 /library/Tac/FoolBotHoneyPot/ControllerPublic/Register.php(598): Tac_FoolBotHoneyPot_Model_BrowserEvents->insertBrowserEvents(Array)
#8 /library/XenForo/FrontController.php(351): Tac_FoolBotHoneyPot_ControllerPublic_Register->actionBrowserEvents()
#9 /library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#10 /index.php(13): XenForo_FrontController->run()
#11 {main}
Request State
array(3) {
["url"] => string(47) "https://forum.com/register/browser-events"
["_GET"] => array(0) {
}
["_POST"] => array(14) {
["click_log"] => string(637) "[object HTMLInputElement]|1488413194221,[object HTMLInputElement]|1488413220000,[object HTMLInputElement]|1488413225837,[object HTMLInputElement]|1488413227822,[object HTMLInputElement]|1488413229190,[object HTMLSelectElement]|1488413229940,[object HTMLSelectElement]|1488413230278,[object HTMLInputElement]|1488413230948,[object HTMLTextAreaElement]|1488413235600,[object HTMLInputElement]|1488413268083,[object HTMLElement]|1488413270752,[object HTMLInputElement]|1488413271180,[object HTMLInputElement]|1488413272507,[object HTMLInputElement]|1488413304114,[object HTMLDivElement]|1488413307391,[object HTMLInputElement]|1488413309452"
["clickcount_log"] => string(2) "16"
["tap_log"] => string(0) ""
["tapcount_log"] => string(1) "0"
["keypress_log"] => string(4559)
[snip]

["keypresscount_log"] => string(3) "285"
["mousemove_log"] => string(104590) "
[snip]
"
["mousemovecount_log"] => string(4) "4666"
Click to expand...
I cannot post the whole thing because its too long for XF posts.
 
I downloaded and installed it 7 hours ago and the latest version I can find is older. Its the same version number as I have.
 
I'm looking more at selenium / headless browsers now (things like phantomJS)

We currently have general mechanisms to detect them, we can also add specific mechanisms to detect each type, I'm looking into this for next version

I use selenium myself, I am an automater in this field, I'm surprised I didn't think of this before (Generally it is used to scrape forums, I hadn't realised how many botters actually use it to bypass forum registration, from looking at the detection I've currently got in place, it's not as infrequent as I had first thought)
 
Last edited:
what do you mean

With AI, there is no real limit to what you can achieve. If you want to look like a human, and you put enough effort into it, then that's exactly what you will achieve.
We can detect lots of things, most bots are thankfully very easy to detect (non browser based), but the progress of these browser based bots it's becoming impressive.

Headless browsers are common ish method of automation (but not as common as Xrumer or GSA), and are being used for forum registration (look thought your logs, they are usually js enabled, get picked up by proxies but are not detected as non-broser bots ... they are browser based, but might not always get detected by the genreal browser base bot detection... this is an area that I am now looking at for these types of bots)
https://en.wikipedia.org/wiki/Headless_browser

- foolbothoneypot does have ways to detect them (using a general mechanism)
- but since I've noticed quite a few of them getting picked up, I'm wondering how many are we not picking up?

Are there bots going the extra mile to look like a human (they shouldn't need to, but do they)?
There are lots of ways to detect these types of bots ... But to weed them out, we have to look at specific mechanisms for each type.
however, with enough effort, every method of detection can be avoided (unfortunately that is our doomed future).

There is a standard for many headless browser that they must comply with detection, however, it can easily be coded out of the system (by botters that want to avoid detection)

While we have a general method, lets also find out what extra specfic methods that target each type pick up
 
Last edited:
I'd just never heard of a "headless browser" before, your description made it sound like someone could access content that was restricted to a registered user vs a "guest" by way of using a headless browser.
 
Think of it as a browser that doesn't need a browser, it doesn't need to be visible
It can do all the things that a browser can: scripting, css, clicks, mouse movement, (with the right script, even complete captcha) but it just doesn't need to render

The interesting thing, is not only can they do all the things a browser can do, they can often do more.... that is how we will target each one.
 
An IE bug has been fixed
The fingerprint logging has been significantly improved

So much so, that I can pretty much tell the exact type of browser based bot / semi automated bot attempting to register
There may be some bots that Im still unaware, but that no longer matters, if a bot shows the finger print, we can use the information to prevent them

So, this logging information is very useful, I might later add the type of bot that is attempting to the foolbothoneypot logs (so there's really no doubt)
 
The finger print will pick up a whole load of things, for instance anything that plugs into the browser, even things like browser anti virus (I've tried to clean this up and strip out the most common things, so we should be left with a smaller list, which will contain information about the bot)

If we see bots in the logs that aren't getting picked up, we'll see information in the finger print about what type of bot it is, I can then use this directly to improve FBHP

- even if we already catch these bots, it's nice to have extra mechanisms to do so
- and even nicer for it to tell us the exact bot application

The bots that don't have a fingerprint are the old bots, they are very easy to detect, we catch them with multiple methods, they are still the most frequent, but will kill them off easily. It is the new wave of bots that interest me.

The level of detection that I'm going into, I dont think has ever been seen in anti-spam before. Certainly some of these methods have never been used, since many of these methods are my very own original ideas (there's no data about some of these techniques, it is pioneering detection). I am far ahead of these bot application, most of them get picked up with the basic methods, but I'm targeting the bots that really try to avoid detection. It's a challenge I like, nothing worth doing is ever simple :)

All of this said, the most important things still stand
  • It is elegant
  • It does not bother humans at all (unlike captcha)
  • It picks up no false positives
  • It should now pick up 100% of bots (if new ones crop up, we can now look at the logs and add them to fbhp)
 
Last edited:
Does FBHP override or extend XF's user registration anti-spam measures?
Is XF's minimum user registration timer setting used by FBHP? Is XF's Stop Forum Spam function still used, or is it necessary to install AnyAPI after FBHP to still have Stop Forum Spam functionality?
 
FBHP doesn't touch the reg timer, it just leaves it in place. Bots have started to bypass core honeypots, regt imer and avoid APIs by waiting for a registration threshold.

If a bot gets caught by the core mechanism, it's an old bot ... there are still a lot around
but since I don't touch the core mechanism, it will still get caught

All fbhp methods are original methods added (in addition) to what ever anti-spam you are using (core or other plugins)

Oh, you can carry on using the core sfs, I use anyApis version, since I have more control over it (I turn off username detection for instance, since the core picks up false positives for this).
But, you can use the core API, other plugin APIs or anyApi, it won't make any difference to fbhp. If you use anyApi for your APIS then it will appear in fbhp logs, but that's it really
 
Last edited:
You must log in or register to reply here.
Top Bottom