[TAC] Total XF1 Anti-Spam Collection Complete

[TAC] Total XF1 Anti-Spam Collection Complete [Paid] 1.2.92

No permission to buy ($48.00)
Overview Updates (24) Reviews (4) History Discussion
We are getting more and more registrations from bots which copy content from the net and post it our site to make them look legitimate. Its getting to the point where we need to do a google search for the exact text a new user has posted. Which is unmanageable for a moderator. At least on a big board.
Could an automatic function like that be added? That would catch all such bots before they post spam.
 
I am afraid so. Every day of the week we have lots of spam bots and human spammers getting past while our ticket system is filled with people who have erroneously been blocked.
 
Alfa1 said:
erroneously been blocked.
Click to expand...

If it's something fbhp is doing, you need to report this to me, I don't want one real person getting picked up by any of my anti spam
.. if my plugins are not catching all the bots it is frustrating, but the bots are advancing and spreading out in various directions, I can improve on the antispam, but catch all mechanisms are becoming less likely against bots (that is what happens when a large product such as xenforo puts target-able mechanisms into the core, making them then dead for everyone). FBHP still has lots of mechanisms, but most are specific to particular bots, or catch groups of bots rather than catch all.

More curiously, bots are becoming less detectable, so it is hard to really pin point what is human and what is bot, so it's harder to say if anything is/isn't working with absolution. I'm not going to turn around and say are you sure they were not human spammers... sometimes they are, but now it's trickier than it has been in the past to justify either way. Human spammers are often incredibly daft and sometimes use semi-automation and sound often like bots, yet bots get around many non customisable captcha (often better than humans) and content spin well, replying to threads on subject better than some paid posters. The distinction is sometimes becoming blury... I am quite bitter towards xenforo for killing some very useful tools for the entire World Wide Web (not just forums), it would have always happened, but it didn't need to be so soon.

Are you using customImgCaptcha ?

It will stand the test of time far more so than many other anti-spam (including Goolges no captcha, actually.... especially Goolges no Captcha)... I have always said this, it is a strong fall back mechanims (despite it's simplicity in concept). Sometimes simple tricks defeat AI for quite some time (but realise, it is always only a matter of time)

However, catching humans is an absolute MUST NOT EVER, so let me know any details of erroneous blocks if they were due to fbhp/TAC

@Alfa1, are you using dedos, the reason I ask is that the bots you are talking about sound like they are also scrapping. Dedos is designed at catching scrappers, however it's quite normal for botters to use one app for scrapping and another for posting
 
Last edited:
Alfa1 said:
We are getting more and more registrations from bots which copy content from the net and post it our site to make them look legitimate. Its getting to the point where we need to do a google search for the exact text a new user has posted. Which is unmanageable for a moderator. At least on a big board.
Could an automatic function like that be added? That would catch all such bots before they post spam.
Click to expand...


Hmmm, there are APIs for content checking (often used for checking article content originality, and some for forums), sonnb also designed a contend checking api method quite some time back, at that point I avoided most of the API's due to the false positives and lack of need for them.

Checking every post would be quite resource heavy, but it could be grouped based of new users only

I could extend AnyAPI to not just work on registration, but content too, I'll see how much work it would be... bare in mind people with be moving over to xf2 so committing to it in xf1 might not be the best direction
 
I don't expect to be able to upgrade to XF2 this year. It will take a lot of time before the major addons for xf are all ported. Especially from those authors that carry a lot of (popular) addons. So far i have not spoken to one admin that uses addons and thinks he can upgrade anytime soon.
 
Where do I download the lastest version ? I tried at Surrey, I hae bought it a while ago, but the attached version of that post is from 2014... v1_1_3b
 
1.1.3b was updated end of March 2017, the individual plugins will always be a little more up to date (if you have access to the pack, you have access to the indivdual plugins) I replace the attachment of the first post regularly, the date of the first post does not reflect the date of the attachment. 1.1.3b is the most up to date pack.
 
Last edited:
@Alfa1 I've sent you a pm, the option to ignore all password managers has now been extended to pw managers logging email fields too, this should solve the fbhp issue.... it should NEVER false positive humans, even if they are using password managers
 
The Fool honeypot causes errors when installed:

Error Info
ErrorException: Missing argument 5 for Tac_AnyApi_Model_AnyApi::isAnyApiBot(), called in /home/gamerebels/public_html/library/Tac/FoolBotHoneyPot/ControllerPublic/Register.php on line 605 and defined - library/Tac/AnyApi/Model/AnyApi.php:8
Generated By: Unknown Account, 1 minute ago
Click to expand...

Stack Trace
#0 /home/gamerebels/public_html/library/Tac/AnyApi/Model/AnyApi.php(8): XenForo_Application::handlePhpError(2, 'Missing argumen...', '/home/gamerebel...', 8, Array)
#1 /home/gamerebels/public_html/library/Tac/FoolBotHoneyPot/ControllerPublic/Register.php(605): Tac_AnyApi_Model_AnyApi->isAnyApiBot('Testing123', 'testing@gamereb...', 'api_1', Array)
#2 /home/gamerebels/public_html/library/Tac/FoolBotHoneyPot/ControllerPublic/Register.php(395): Tac_FoolBotHoneyPot_ControllerPublic_Register->aaMethods(Object(XenForo_Options), Array, Object(MasterBadge_DataWriter_User), 'Testing123', 'testing@gamereb...', false, Array, true, false, false)
#3 /home/gamerebels/public_html/library/XenForo/FrontController.php(351): Tac_FoolBotHoneyPot_ControllerPublic_Register->actionRegister()
#4 /home/gamerebels/public_html/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#5 /home/gamerebels/public_html/index.php(13): XenForo_FrontController->run()
#6 {main}
Click to expand...

Request State
array(3) {
["url"] => string(44) "https://www.gamerebels.com/register/register"
["_GET"] => array(0) {
}
["_POST"] => array(28) {
["50e8a20f32b782f16bc5175f4cae61d4"] => string(0) ""
["a5fff2535e67eae853eda96fed2cfc19"] => string(0) ""
["form_name"] => string(0) ""
["username"] => string(0) ""
["8756692d2fdf2daf05a3451acbecd9a5"] => string(10) "Testing123"
["768e8a25ddf68fcb12e6956e4e254393"] => string(0) ""
["form_email"] => string(0) ""
["2a9435f3c8f00fd736bdd16de92d1288"] => string(22) "testing@gamerebels.com"
["password"] => string(8) "********"
["form_password"] => string(8) "********"
["form_password_confirm"] => string(8) "********"
["640a996fe7970653f574b21c8ebb34ac"] => string(0) ""
["0fea290c8c98fc82dada87e67926426b"] => string(32) "43835d2149220677737ac1ced7b1adf5"
["effac31928258f312e0789377d9aa68b"] => string(0) ""
["15729d3cd06bc284137b6fcc14d9becf"] => string(0) ""
["fb647da071c6450aa66e46c19311d8cd"] => string(0) ""
["c0a48b4951642b690b6b4dd52a339664"] => string(4) "male"
["dob_month"] => string(2) "11"
["dob_day"] => string(2) "07"
["dob_year"] => string(4) "1994"
["8d3ae7799c47cd074747a01b48465de8"] => string(16) "America/New_York"
["g-recaptcha-response"] => string(356) "03AOPBWq85TnNzaWcJznkEKn4qAJvwY8zwACRaYmR8nKxd9qxfAeLJ9Xm3h_9Hm2bRpTH0Rho-EUvK6JzGkvTEl0Ji0zgWpHNFY0Oos5PhshzHbYpM9B0wwrYWhbpA4xpykSZzZmkgYmf8N6c5hrkWVQPmKcdXyiYUMrqRBG7mW_LmWxeFcOVGqCMMrom22rgZY25_162GfNGzotCUUt3IetiKOUEqyeAmwvmcrbxdc4T163L0ZWh5-bS8l6etFeBRXY-7lBInh3KMGe0FOzBpxXgH19B1nVRpTRZC1iH_FzwovdF4XWmvaBk21yIX0UrdYft2crSHkpz0J2Fs0af4_7JyIobjhTimGw"
["agree"] => string(1) "1"
["_xfToken"] => string(8) "********"
["browser_events"] => string(856) "12,0,46,773,51,1908,964,Win32,Mozilla,true,46,8,Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393,1936,1056,1, , on screen scroll ga jQuery111008156313646922089 $WowheadPower $WH wowhead_tooltips torc_tooltips i g_itemScalCallbacks downloadJSAtOnload bm_website_code ad adWidth google_ad_size adsbygoogle google_t12n_vars obal_correlator clearManagerFields matched request_params ___grecaptcha_cfg __google_recaptcha_client recaptcha grecaptcha closure_lm_439561 initTooltips torctipCreate getTooltipEmbed thisPageUsingOtherJSLibrary getScript tipsToRestyle,0"
["reg_key"] => string(32) "71fbbc89314a394ad898bc78471114a0"
["73581a29e74cf8bab944ab13b51577dc"] => string(4) "test"
["fdf9652412a00acdc29babf847a1b241"] => string(4) "test"
}
}
Click to expand...
 
Hmm, looks like an AnyApi integration bug, I'll look into it tomorrow after work (bed time for me now)
 
My site loads a massive amount of bytes from SimpleCache for every page load. This causes thousands of errors a day. This is caused by a number of addons. FBHP & DeDos use the following:
["fbhp_bot_ips"]=> int(1857)
["dd_css"]=> int(2581)
["fbhpSuspiciousHosts"]=> int(1356)

Could you please see if this can be reduced?
 
Last edited:
Alfa1 said:
My site loads a massive amount of bytes from SimpleCache for every page load. This causes thousands of errors a day. This is caused by a number of addons. FBHP & DeDos use the following:
["fbhp_bot_ips"]=> int(1857)
["dd_css"]=> int(2581)
["fbhpSuspiciousHosts"]=> int(1356)

Could you please see if this can be reduced?
Click to expand...
You can turn off the option to cache ips, or even reduce the time that they are cached in the acp
 
Cant this or some of this be moved out of simplecache to preLoadData so that it doesnt have to be loaded with every page load for any user?
 
As mentioned, turn off the cache, or reduce the cache time. It is added to every page since every page can be hit by bots, but, you dont have to do it that way.
The amount that it stores is pretty much at a minimum, one IP address is this
s:13:"95.215.61.114"

You can explore the simple cache using dedos:
yoursite/admin.php?dedosglobalcache/

This will give you the size of the cache used by each plugin (not just dedos, but all plugins)

If you want to reduce the number of IPs stored in the cache, reduce the cache time
If you want to remove the IPs from the cache, turn off the cache (it is optional, but a global solution is useful at stopping scrappers).
 
Last edited:
This project works, it stops the new wave of bots, once again, I dont think I'm needed for a while, I cant see bots making another leap anytime soon, if they do I will poke my head in.

So, if some one want's to take over this entire project (own it, sell it, support it, improve it), let me know, I'm not asking anything for it, but would prefer to hand it over to someone with dev experience in the field of anti-spam (and that everyone is happy with)

As for me... I'm kind of out of here and working on my own projects, will keep my hand in this project until it's properly handed over.
 
You must log in or register to reply here.
Top Bottom