[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
Overview Updates (79) Reviews (28) History Discussion
This is interesting,

While we now stop both Browser Based Bots, and Non Browser Based Bots, a very small fraction of people from certain countries use semi--automation tools
These tools are used with real mice (that get detected), and there is very much a real human at the other end
- These types of users we're not being blocked (after all, they are real humans)

- However, some people have sent me some logs of theses types of users, and there is most certainly a pattern we can use to block users using these types of semi-automation programs, and it still will not detect real humans

I will look at adding this (as an option) to the next version
 
Last edited:
Yes, with the analysis of our 4000 new users per month (which we all manually moderate) we have found that human spammers mostly stick to specific behavior. This is an interesting subject matter to evaluate.
 
tenants said:
This is interesting,

While we now stop both Browser Based Bots, and Non Browser Based Bots, a very small fraction of people from certain countries use semi--automation tools
These tools are used with real mice (that get detected), and there is very much a real human at the other end
- These types of users we're not being blocked (after all, they are real humans)

- However, some people have sent me some logs of theses types of users, and there is most certainly a pattern we can use to block users using these types of semi-automation programs, and it still will not detect real humans

I will look at adding this (as an option) to the next version
Click to expand...
I also had one today that wanted to sell fake documents. But his message got stuck in moderation. :cool:
I have these every now and then. It's a long time ago a message made it to the public forums. Usually I block them on keywords.
 
I've made another improvement for catching semi-automated programs, there are quite a few different types around, I don't get that many so need to sit and wait for a few days, testing it before releasing the next version.

While I do that, I've realised I can improve the stats section and show how many bots are getting pass your captcha
This will give a good indication of when certain captchas have been bypassed (the date and time this happened)
And it will also be an indication of when you need to change it

I'll also log the number of bots that are now bypassing the core honeypots, so we can watch the trend (I believe both non js and js bots are doing this, mostly gsa & xrumer)
- I find these stats very useful, I'm not sure if anyone else does

Will release this next version withing the next 3-10 days
 
Nice! :cool:
I like your are so on to it to beat them @tenants :D (y)

It will be good to have stats of bots bypassing captchas (y)
I'm looking forward to the update. :)
 
I saw this in the error log today @tenants

Code: 
Server Error Log
Error Info
Zend_Db_Statement_Mysqli_Exception: Mysqli statement execute error : Data too long for column 'mousemove_log' at row 1 - library/Zend/Db/Statement/Mysqli.php:214
Generated By: Unknown Account, Saturday at 9:57 PM
Stack Trace
#0 /home/admin/domains/example.net/private_html/library/Zend/Db/Statement.php(297): Zend_Db_Statement_Mysqli->_execute(Array)
#1 /home/admin/domains/example.net/private_html/library/Zend/Db/Adapter/Abstract.php(479): Zend_Db_Statement->execute(Array)
#2 /home/admin/domains/example.net/private_html/library/Zend/Db/Adapter/Abstract.php(632): Zend_Db_Adapter_Abstract->query('UPDATE `sf_fool...', Array)
#3 /home/admin/domains/example.net/private_html/library/XenForo/DataWriter.php(1654): Zend_Db_Adapter_Abstract->update('sf_foolbothoney...', Array, '(id = 29)')
#4 /home/admin/domains/example.net/private_html/library/XenForo/DataWriter.php(1623): XenForo_DataWriter->_update()
#5 /home/admin/domains/example.net/private_html/library/XenForo/DataWriter.php(1419): XenForo_DataWriter->_save()
#6 /home/admin/domains/example.net/private_html/library/Tac/FoolBotHoneyPot/Model/BrowserEvents.php(59): XenForo_DataWriter->save()
#7 /home/admin/domains/example.net/private_html/library/Tac/FoolBotHoneyPot/ControllerPublic/Register.php(598): Tac_FoolBotHoneyPot_Model_BrowserEvents->insertBrowserEvents(Array)
#8 /home/admin/domains/example.net/private_html/library/XenForo/FrontController.php(351): Tac_FoolBotHoneyPot_ControllerPublic_Register->actionBrowserEvents()
#9 /home/admin/domains/example.net/private_html/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#10 /home/admin/domains/example.net/private_html/index.php(13): XenForo_FrontController->run()
#11 {main}
Request State
array(3) {
  ["url"] => string(45) "https://example.net/register/browser-events"
  ["_GET"] => array(1) {
    ["/register/browser-events"] => string(0) ""
  }
  ["_POST"] => array(14) {
    ["click_log"] => string(601) "[object HTMLInputElement]|1487415318156,[object HTMLInputElement]|1487415338004,[object HTMLInputElement]|1487415340134,[object HTMLInputElement]|1487415351244,[object HTMLInputElement]|1487415356877,[object HTMLSelectElement]|1487415358613,[object HTMLOptionElement]|1487415360528,[object HTMLInputElement]|1487415361253,[object HTMLInputElement]|1487415370133,[object HTMLInputElement]|1487415388052,[object HTMLInputElement]|1487415414761,[object HTMLLabelElement]|1487415417477,[object HTMLInputElement]|1487415417480,[object HTMLInputElement]|1487415423243,[object HTMLInputElement]|1487415424237"
    ["clickcount_log"] => string(2) "15"
    ["tap_log"] => string(0) ""
    ["tapcount_log"] => string(1) "0"
    ["keypress_log"] => string(1743) "x|1487415308920,x|1487415309255,x|1487415309383,x|1487415309488,x|1487415310849,x|1487415311208,x|1487415332577,x|1487415333120,x|1487415333505,x|1487415333600,x"
    ["keypresscount_log"] => string(3) "109"
    ["mousemove_log"] => string(88481) "455/272|1487415306711,461/277|1487415306719,467/282|1487415306724,472/286|1487415306731,478/290|1487415306740,484/294|1487415306750,494/299|1487415306757,503/303|1487415306761,512/307|1487415306770,517/309|1487415306777,518/309|1487415306787,519/309|1487415306824,530/309|1487415306829,536/309|1487415306840,538/309|1487415306848,540/307|1487415306851,542/306|1487415306859,543/304|1487415306867,544/303|1487415306877,545/301|1487415306883,545/299|1487415306889,545/297|1487415306897,545/296|1487415306907,545/294|1487415306911,545/293|1487415306919,545/292|1487415306928,545/291|1487415306937,545/290"
    ["mousemovecount_log"] => string(4) "3999"
    ["tapthold_log"] => string(0) ""
    ["hover_log"] => string(1034) "[object HTMLLabelElement]|1487415306711,[object HTMLElement]|1487415307377,[object HTMLLabelElement]|1487415312819,[object HTMLLabelElement]|1487415312909,[object HTMLLabelElement]|1487415313324,[object HTMLLabelElement]|1487415315155,[object HTMLLabelElement]|1487415315275,[object HTMLInputElement]|1487415319895,[object HTMLElement]|1487415325787,[object HTMLInputElement]|1487415327986,[object HTMLElement]|1487415328084,[object HTMLElement]|1487415328946,[object HTMLElement]|1487415329058,[object HTMLElement]|1487415336722,[object HTMLElement]|1487415336818,[object HTMLFormElement]|1487415350320,[object HTMLParagraphElement]|1487415350394,[object HTMLParagraphElement]|1487415355797,[object HTMLInputElement]|1487415356001,[object HTMLSelectElement]|1487415359489,[object HTMLDListElement]|1487415360544,[object HTMLElement]|1487415367989,[object HTMLDListElement]|1487415369083,[object HTMLElement]|1487415418571,[object HTMLElement]|1487415420161,[object HTMLInputElement]|1487415423501,[object HTMLLIElement]|1487415423807"
    ["keyupcount_log"] => string(3) "119"
    ["keyup_log"] => string(1903) "y|1487415308990,y|1487415309070,y|1487415309286,y|1487415309446,y|1487415309544,y|1487415310919,y|1487415311302,y|1487415332671,y|1487415333319,y|1487415333335,y|1487415333551,y"
    ["browser_extra"] => string(31) "1271,1225,MacIntel,Mozilla,true"
    ["browser_events_tracker"] => string(32) "5b68978706815da20909d6bec278dd27"
  }
}
Delete...Close

The error message was way too large to post here (It is huge) so I had to shorten it.
 
that was already fixed with the latest version, I make sure it's trimmed down now, you need to download:
v3_0_11

http://www.surreyforum.co.uk/thread...stering-with-a-custom-registration-page.1621/

I mentioned that issue in the logs for the fix:
https://xenforo.com/community/resou...t-killer-spam-combat.1085/update?update=21494
Also, the logs could get pretty insane, so I've limited all browser event logs to no more than 50 events
Click to expand...

That's some crazy mouse moving by the way, 3999 mouse move events, what were they doing, twitching nervously as the filled your form?
 
Last edited:
tenants said:
that was already fixed with the latest version, I make sure it's trimmed down now, you need to download:
v3_0_11

http://www.surreyforum.co.uk/thread...stering-with-a-custom-registration-page.1621/

I mentioned that issue in the logs for the fix:
https://xenforo.com/community/resou...t-killer-spam-combat.1085/update?update=21494


That's some crazy mouse moving by the way, 3999 mouse move events, what were they doing, twitching nervously as the filled your form?
Click to expand...
Ah, I didn't see that. I should have checked! :oops:
Thanks! :)
I think he was counting pixels :LOL:
 
Last edited:
tenants updated FoolBotHoneyPot Bot Killer: Spam Combat with a new update entry:

semi-automation detection improvements and additional checks for the bot cache

  • Since some of fbhp methods relly on styles, I've pushed the styles in line to avoid the rare case of styles not loading
  • Before adding bots to the cache, we now do additional checks (is browser / no browser based bot / semi automated & has failed honeypots / timer) before considering adding bots to the cache, thus being thorough about avoiding false positives
  • I've increased the strictness of semi-automation detection, this now catches far more (if not all) semi automated...
Click to expand...

Read the rest of this update entry...
 
Just pulled it down temporary, there is one other tweek I want to do, so people have the option of turning off the semi-automation detection properly
 
So, I've been watching how the various types of semi automated software work, with this new version even these will now have real issues trying to automate the registration process...

I had never intended to stop semi automation, but since we can, why not!
The option is there to turn it off, maybe you want to allow these types of people to register on your forum (I have no idea why, they will just spam)

We're killing them!
 
If anyone gets any bots that bypass all the new detection methods:

1) Browser Based Detection
2) Non Browser Base Detection
3) Semi Automation Base Detection

- But yet fails either the core / fhhp classical honey pots

Can you send me the logs (whether they are js enabled or not), the logs from fbhp 3.0.14 should tell me a little extra.
-- It's important that we catch these while we can, it wont be long until classical honeypots are dead as a method, we need to be designing strong secondary mechanism for when the first mechanisms become obsolete. I think I have covered all areas, but the collective information from you guys is more accurate than my own logs from 3 forums (one of them is a bot magnet, but I know some of you get more bots).

I personally think I've now got all the bots again, but I want you to prove me wrong, please send me logs by PM, these logs will not only help me improve fbhp, but they will also help you to have better protected forums
 
Last edited:
If you use a black background (or no background) on your form and can see one of the "hidden" fields, it's probably because you are using no background colour rather than a black background

This is not something that should be fixed in fbhp, all you need to do is add a black/white background back to your to EXTRA.css :

Code: 
.xenForm fieldset,
.xenForm .formGroup
{
   background-color: @contentBackground;
}

Thanks @Ibrahim H for pointing this out
 
Last edited:
You must log in or register to reply here.
Top Bottom