Are you implementing any new spambot protections?

Discussion about everything. New games, 3d math, development tips...
kazymjir
Posts: 727
Joined: Sat Feb 20, 2010 4:05 pm
Location: Munich, Bayern

Re: Are you implementing any new spambot protections?

Post by kazymjir »

I think it's artificial intelligence. It just read this post and spammed all boards!
hybrid
Admin
Posts: 14143
Joined: Wed Apr 19, 2006 9:20 pm
Location: Oldenburg(Oldb), Germany
Contact:

Re: Are you implementing any new spambot protections?

Post by hybrid »

CuteAlien wrote:Ok, there was also a settings for attempts per IP which we didn't see before. Maybe new, or the value got changed on forum update - but Yoran just reset that and now it seems to work again. And that would make sense as all users have the same IP here.
Ahh, that indeed explains a lot. And yes, works for me now again. Thanks alot.
kazymjir
Posts: 727
Joined: Sat Feb 20, 2010 4:05 pm
Location: Munich, Bayern

Re: Are you implementing any new spambot protections?

Post by kazymjir »

"Attemps per IP" settings will work as long as the spammer(s) will find this and start using more IP addresses. Nowadays obtaining new IP address is as easy as to sign to one of thousands of free hosting services and put PHP file which forwards all HTTP requests.

Ready solutions will not work in many cases, because... spammers knows about them. It's easy to break something if you can freely download it and test your algorithms. Custom solutions are the only solutions. I gave you some ideas with things like CRSF protections and you are still playing with such easy, old and dumb spam "protections" which most geekie 15 years old teenager can break :P

Instead of guessing, setup some "sniffer" which will be analyzing all traffic that goes through web server and find some common elements that all spammers have. Then, do research how to block them, implement new solution and continue monitoring.
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Are you implementing any new spambot protections?

Post by CuteAlien »

"Attempts per IP" fails here, because of the way SF servers work. And well, our "dumb" spam protections did work rather well over the last months, it's just a few weeks ago that the bots came back so much. And actuallly I still don't know how they break it exactly - customized random questions didn't sound so bad (the idea is to force spammers to have some work as well). Maybe they use wolframalpha to break them.

And complete customized solutions certainly are better. But also are most work - not just once on implementing but also on every forum update, so they are really the last solution you want to try out. There's several more ready spam-protection modules out there, but some of them simply won't work here because the server has some restrictions and some will cause even more work for the admins (like acknowledging each new user manually) or make the registration process for new users really annoying.
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
kazymjir
Posts: 727
Joined: Sat Feb 20, 2010 4:05 pm
Location: Munich, Bayern

Re: Are you implementing any new spambot protections?

Post by kazymjir »

What are SF servers limitations?

Maybe saying "dumb" is a bad word. These protections are just too much available for everyone. Imagine, that someone wrote super spam protection for PHPBB and releases it. Thousands of forums are starting installing it and it works, because it's something new. But spammers are not sleeping. They can download these protections too, break them and update their scripts. Such public plugin can use thousands of forums, so it's worth to work on breaking it. But if one single forum develops it's own, private protection, who will care about it? Why waste time on such thing, while they can break public plugin which will allow them to break into many sites?

Forum updates is rather no big problem, if you reduce amount of modified core code. For example, HTML can be totally manipulated by one line of code that includes JavaScript. On PHP side, only registration/login pages should be modified. I don't think that every PHPBB software comes with update of these files, so in most cases what will be needed is just to run diff between actual files and these from update.
hybrid
Admin
Posts: 14143
Joined: Wed Apr 19, 2006 9:20 pm
Location: Oldenburg(Oldb), Germany
Contact:

Re: Are you implementing any new spambot protections?

Post by hybrid »

SF uses a proxy cascade, which makes the access from outside appear to come from 127.0.0.1. So we don't have any real IP anymore.
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Are you implementing any new spambot protections?

Post by CuteAlien »

Actually just the recent update already broke a one-line modification ;-) (code is using tab-size 8 again, hendu probably is happy ^_^).
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
hendu
Posts: 2600
Joined: Sat Dec 18, 2010 12:53 pm

Re: Are you implementing any new spambot protections?

Post by hendu »

Ecstatic.
kazymjir
Posts: 727
Joined: Sat Feb 20, 2010 4:05 pm
Location: Munich, Bayern

Re: Are you implementing any new spambot protections?

Post by kazymjir »

hybrid wrote:SF uses a proxy cascade, which makes the access from outside appear to come from 127.0.0.1. So we don't have any real IP anymore.
Try this function:

Code: Select all

 
    function getVisitorIP() {
        if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
            return $_SERVER['HTTP_CLIENT_IP'];
        } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
            return $_SERVER['HTTP_X_FORWARDED_FOR'];
        } else {
            return $_SERVER['REMOTE_ADDR'];
        }
    }
 
CuteAlien wrote:Actually just the recent update already broke a one-line modification ;-)
So this one-liner was wrong! ;)
(code is using tab-size 8 again, hendu probably is happy ^_^)
lol!
Dareltibus
Posts: 115
Joined: Mon May 17, 2010 7:42 am

Re: Are you implementing any new spambot protections?

Post by Dareltibus »

Also appened that instead of opening a forum thread/section a totally uncorrelated link opened? (Last time i tried to access "Off-Topic" section I was redirected to a gambling website)
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Are you implementing any new spambot protections?

Post by CuteAlien »

@Dareltibus: No, that never happened to me so far (and I check the forum several times each day). In your case I would rather check your own system with a current virus scanner as redirecting links is pretty typical behaviour for some viruses.
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
Dareltibus
Posts: 115
Joined: Mon May 17, 2010 7:42 am

Re: Are you implementing any new spambot protections?

Post by Dareltibus »

humm, ok thanks :)
Post Reply