• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XRumer discussion

tenants

Well-known member
#21
That's old school, user_agent is just a header (easily spoofed), they use quite a variation of user agents now... most come through faking there self as Mozilla:

http://www.projecthoneypot.org/harvester_useragents.php?dt=7

Out of the 5,000 bots I just checked via my access logs, none used the user_agent xpymep.exe

Most bots I detected have user agents like:
"Mozilla/5.0 (Windows NT 5.2; rv:12.0) Gecko/20100101 Firefox/12.0"
"Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0"
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
(these were confirmed bots ... making their selves appear as browsers)

<< Obviously don't ban these, you might find it reduces your bots... but you exclude quite a few humans too

but it cant do any harm to give the other ones ago.
 
V

vVv

Guest
#22
lol true though, but knocked wind from the sails at same time :p haha. i figured there was downfall to it, too good/easy to be true lol. :ROFLMAO: would be awesome to really know who and how they're accessing the site though and stop them that way.. >_<
 

tenants

Well-known member
#23
user_agent isn't the route to go, it was once thought as a good route to block bots (foolishly, as lists of IP address currently are), but by blocking this route, you just ask them to spoof something that is easy to spoof.

Anything that can be spoofed to avoid detection, will be spoofed (especially if it is commonly used for prevention)... there lies in the eventual downfall of IP based detection too (it is becoming common)
 
V

vVv

Guest
#24
:( yeah, kinda like.. trying to block Proxy IP addresses, you can try blocking millions of them, but pointless because there will always be new proxies made anyway.. it's endless fight, and we're losing the battles.
 

Brent W

Well-known member
#27
Ya'll all seem to be coming up with some really wild things. KeyCaptcha has killed all the spam across my 21 forums. One plugin, one captcha. No one seems to be having a problem using it to register and KeyCaptcha is aware of xrumer and they stay on top of it.
 

tenants

Well-known member
#28
The Q&A questions on my forums are all related to Soulcalibur... yet bots still get through them like crazy.
Welcome to the XRumer discussions, QA has been targeted so if you have a QA in place, it's only a matter of time until some one decides to add it to the TextCAPTCHA file (this could be seconds or weeks)

see here
It's now very easy for bot users to record your QA and share with everyone (they even held a competition recording over 70K QAs recently)

I know at least one mod that kept mentioning their QA hadn't been broken... but unfortunately now it has

You can keep changing your QA, but how frequently you do this is like playing a game of Russia roulette (you never know when some one has finished their round of automation and are about to start a new one)

You can use a common CAPTCHA (rather like google ReCaptcha), but if it is common, it too is only a matter of time until it is solved (Google too are very aware of XRumer and seem to have a fair amount of funding)... these sorts of CAPTCHA will work and break in waves (ReCaptcha will work again one day)

... I do suggest, if you use CAPTCHA, use custom images (take a picture of something in your bedroom and add a question to it) ... this is always unique and hard to solve. CustomImgCaptcha is there for that (this method is not easy to targeted and very hard to solve with automation)

But there are plenty of other CAPTCHA that are still working (since they are uncommon so not yet targeted, or have not been targeted/have only just started to be targeted)

Other CAPTCHA:

Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
XF QapTcha (very human friendly, and uncommon)
Are you Human(sp) (eng)
KeyCaptcha
Funny Img Catpcha (uses CustomImgCaptcha)
WE FIGHT SPAM (can use CustomImgCaptcha)
Solve Media
 

HWS

Well-known member
#30
No one seems to be having a problem using it to register and KeyCaptcha is aware of xrumer and they stay on top of it.
In our forum KeyCaptcha reduced the daily registrations by 20-25% and raised support tickets by 100%.
People are simply not used to that kind of protection. We would have to add a large instruction block to it and even then many wouldn't read it. So we decided to install FoolBotHoneyPot. ;)
 

Brent W

Well-known member
#31
In our forum KeyCaptcha reduced the daily registrations by 20-25% and raised support tickets by 100%.
People are simply not used to that kind of protection. We would have to add a large instruction block to it and even then many wouldn't read it. So we decided to install FoolBotHoneyPot. ;)
I guess if you can't work a puzzle I don't want you posting on my forum lol
 

MattW

Well-known member
#32
In our forum KeyCaptcha reduced the daily registrations by 20-25% and raised support tickets by 100%.
People are simply not used to that kind of protection. We would have to add a large instruction block to it and even then many wouldn't read it. So we decided to install FoolBotHoneyPot. ;)
KeyCaptcha hasn't affected our genuine user registrations. I've rolled it out across all the forums I own (Xenforo and phpBB3), and also onto some Wordpress blogs I have. I've even just had them make it compatible with the shop software I use, OpenCart.
 

Carlos

Well-known member
#35

tenants

Well-known member
#37
He eventually mentioned this link and I edited my htaccess to block a few things.
http://www.javascriptkit.com/howto/htaccess13.shtml
You might be intrested, I now log user_agent for FoolBotHoneyPot (images on the bottom of this page):

http://xenforo.com/community/resources/foolbothoneypot-spam-combat.1085/

The XRumer bots are just about always faking this to look like a type of browser, I don't use it as a detection method since I've never seen a case where they don't fake this header.
 

Digital Doctor

Well-known member
#38
Hello all
XRumer 7.0.12 become too old now
This version of program not effective at the moment

Where I can download latest, actual version of XRumer?
Thank you!

P.S By the way, price of the XRumer after 5.01.2013 will grow up to $650...
Therefore, if anybody want to resell this, write me on PM or Skype Mr.MarcusSug54

===
saw this today. 7 must be a typo :)
 

tenants

Well-known member
#39
I dont think it is a typo, they're just saying that version is now old

XRumer 7.7.35 Elite (this is about 4 weeks old). There will probably be an update soon, but there is nothing on seobay / botmasterlabs about a new release yet.

I suspect they will now be targeting the most common CATPCHA mechanism (that they aren't currently getting through) or just bug fixing
The ability to make use of the StopFourmSpam public look up in core will possibly be used , so spammers can change ip/name/email on the fly, as they are detected (not just xblack.txt... which allows users to avoid contributors)
Xrumer plugins worry me (updates all of the time) << Making this easier to do, could be an update?

These are just guesses, but my "targeting QA" guess last time was correct. It's quite possible that the next release will just be bug fixes though

I suspect next release is very soon, so we'll find out