[TAC] Fool Bot Honey Pot

[TAC] Fool Bot Honey Pot [Paid] 3.0.32

No permission to buy ($29.00)
Overview Updates (79) Reviews (28) History Discussion
So the attempts are approximately every 0-5 seconds, over a large period of time?

It looks like they attempted if for about an hour from your load average (which averages 1 attempt every 0.8 seconds)
Rate limiting might not catch this without catching false positives.

I can stop this, and I can do it by extending FPHP

I can log attempts in their session (so there wont be additional queries overhead)
If X attempts within Y time, send them to a 404 (they would have to start a new session to avoid this)
This is much lower risk than blocking IP's, since I can target the individual users attempting to brute force the registration area
- Optionally, also send that IP to a 404 for Z minutes (10 minutes?)

I'm working on a few personal plugins at the moment, but does the above sound good?
 
tenants said:
I can stop this, and I can do it by extending FPHP

I can log attempts in their session (so there wont be additional queries overhead)
If X attempts within Y time, send them to a 404 (they would have to start a new session to avoid this)
This is much lower risk than blocking IP's, since I can target the individual users attempting to brute force the registration area
- Optionally, also send that IP to a 404 for Z minutes (10 minutes?)

I'm working on a few personal plugins at the moment, but does the above sound good?
Click to expand...

I use http://xenforo.com/community/resources/fail2ban-for-spam-waves.978/ to great effect. Perhaps this is an alternative (and existing) solution than the above?
 
MattW said:
DDOS Deflate.
Click to expand...

Ahhh yes, highly ineffective for this sort of behaviour. You need single IP rate limiting over a time period, not blocking because of too many connections in a single snapshot.
Nginx has it, and apache probably does too.
 
CSF also has something built in, but I've not really looked into configuring it properly yet, as DDOS Deflate has worked well for me so far.
 
Hi @tenants - this looks like a very solid addon and package, and I'm trying to test it as my site is getting an increasing amount of bot traffic - but I'm getting an error on trying to submit user registration with FBHP enabled :-(

Code: 
[Fri May 17 03:24:08 2013] [error] [client 71.203.103.143] PHP Parse error:  syntax error, unexpected T_STRING in /home/portal/httpdocs/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240, referer: http://forum.movingblocks.net/login/login

Any idea what that may be? This is on a 1.1.2 XF install, too old?

I grabbed the whole suite and uploaded it, then just installed FBHP and AnyAPI, didn't change any of the settings, although I did try to disable CAPTCHAs entirely to see if that mattered (nope). Double checked file permissions.

PHP version is 5.3.3 if that matters. Would appreciate any hints :)
 
My registration page is now totally broken with the last update.

Returns a white page in Firefox, and Chrome reports a 500 internal error

I'm getting the same errors as Cervator below:

Code: 
[17-May-2013 01:27:23 UTC] PHP Parse error:  syntax error, unexpected 'FoolBotHoneyPot' (T_STRING) in /home/z22se/public_html/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240
[17-May-2013 01:59:00 UTC] PHP Parse error:  syntax error, unexpected 'FoolBotHoneyPot' (T_STRING) in /home/z22se/public_html/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240
[17-May-2013 02:00:17 UTC] PHP Parse error:  syntax error, unexpected 'FoolBotHoneyPot' (T_STRING) in /home/z22se/public_html/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240
[17-May-2013 02:00:20 UTC] PHP Parse error:  syntax error, unexpected 'FoolBotHoneyPot' (T_STRING) in /home/z22se/public_html/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240
[17-May-2013 02:01:26 UTC] PHP Parse error:  syntax error, unexpected 'FoolBotHoneyPot' (T_STRING) in /home/z22se/public_html/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240
Cervator said:
Hi @tenants - this looks like a very solid addon and package, and I'm trying to test it as my site is getting an increasing amount of bot traffic - but I'm getting an error on trying to submit user registration with FBHP enabled :-(

Code: 
[Fri May 17 03:24:08 2013] [error] [client 71.203.103.143] PHP Parse error:  syntax error, unexpected T_STRING in /home/portal/httpdocs/library/Tac/FoolBotHoneyPot/Model/StopBotters.php on line 240, referer: http://forum.movingblocks.net/login/login

Any idea what that may be? This is on a 1.1.2 XF install, too old?

I grabbed the whole suite and uploaded it, then just installed FBHP and AnyAPI, didn't change any of the settings, although I did try to disable CAPTCHAs entirely to see if that mattered (nope). Double checked file permissions.

PHP version is 5.3.3 if that matters. Would appreciate any hints :)
Click to expand...
 
OK, to fix the error

/library/Tac/FoolBotHoneyPot/Model/StopBotters.php

(line 240)

Change:
PHP: 
public function getOptionIdbyValue($val)
        {   
                return $this->_getDb()->fetchRow('
                        SELECT option_id
                        FROM xf_option
                        WHERE option_value = ?
                        AND addon_id = 'FoolBotHoneyPot'
                ', $val);
        }

to:
PHP: 
public function getOptionIdbyValue($val)
        {   
                return $this->_getDb()->fetchRow('
                        SELECT option_id
                        FROM xf_option
                        WHERE option_value = ?
                        AND addon_id = \'FoolBotHoneyPot\'
                ', $val);
        }
 
You're absolutely right...

I made a quick fix to three add-ons related to the update functionality... I'll update them again now
 
It hasn't let a bot through yet (and doesn't affect humans), ... from the API results, FoolBotHoneytPost has stopped close to 2.5 Million bots in the last few months, 0 false positives reported ;)

It won't stop the human spam (AnyApi/StopHumanSpam/StopCountrySpam can be used for that), but it will stop XRrumer
 
Just installed this on a second forum and wanted to reiterate that it is a great product. If you are looking for an effective, hassle-free method to stop spammers, look no further.
 
Still works on beta 1.2, I've had a quick test, everything seems to be okay (detects bots, lets humans through).

This plugin is one that I suspected might break for this update (since there have been changes related to registration), but no issues seen.

Let me know if you spot anything, it doesn't currently need updating (no bugs)
 
I'm just looking through my registration logs, and nine of the bots appear to be getting detected on StopBotters. Is this anything to worry about?
image.webp
 
It went down yesterday... I was switching it over to hosting service kindly provided by @Slavik

The nameserver can take up to 24 hours to change over, so it might be due to this

For the sites I use it on, it's up and working again today

Can you PM me your API key (found in your FoolBotHoneyPot options). I believe I moved all of the API keys over, but I'll check anyway
 
Okay, the issue was that MattW had moved his site to a new host.

StopBotters checks where the request is coming from and the API key (so that the API only works for installs of XenForo, and users can not manually query StopBotters)

If anyone else has changed their host and finds StopBotters isn't picking up bots any more, just reset your API key to the following:
2da6a50bf884414306

Stopbotters will then auto-update it (if it hasn't been changed too many times)
 
Last edited:
You must log in or register to reply here.
Top Bottom