spambot defense experiment - rename ucp.php

voidopolis · Post by **voidopolis** » Thu Apr 23, 2009 7:43 pm

Well, I've been getting attacked by spambots on a few of my sites and I've done something that seems to be working pretty well and thought I'd share. I didn't see any other posts talking about this, so...

I decided to rename ucp.php file across the whole site since it seems to be getting called directly by the bots that are attacking.

so, I renamed the file and then did a search/replace on "ucp." with the new filename. There were like 25 entries or something to fix, but no big deal.

The bots should just fail with a 404. I'm seeing a lbig increase in UCP.PHP 404 errors in the logs - which was expected, and no spambot accounts getting created. However, I did do the additional step of adding some custom registration fields just in case.

I thought I'd have problems on some pages after doing this, but I have not found a page that wont load yet. Obviously, when I go to upgrade to the next rev, I'll have to either re-do the mod or reverse it. but the change over was easy. It will only take 2 minutes to reverse it.

Dog Cow · Post by **Dog Cow** » Thu Apr 23, 2009 8:13 pm

Renaming files is certainly a good tactic. I myself have gotten 4,915 hits on forums/posting.php this month, a file which does not exist since I redid my forums a few months ago.

Overall, it's a good technique for individual use, but if you try to suggest that it become standardized, then you will find that the phpBB Group will decline: the bots will simply take note of this new URL and look for it instead.

tiby · Post by **tiby** » Fri Apr 24, 2009 12:54 pm

go to ACP -> users and groups --> custom profile field, edit what you want, then it works well, and the spambot didnt register

tank71 · Post by **tank71** » Fri Apr 24, 2009 4:12 pm

Thanks for the suggestions. I think i am going to do the same thing. Pretty simple but it should be pretty effective...

EXreaction · Post by **EXreaction** » Fri Apr 24, 2009 5:35 pm

voidopolis wrote:The bots should just fail with a 404. I'm seeing a lbig increase in UCP.PHP 404 errors in the logs - which was expected, and no spambot accounts getting created. However, I did do the additional step of adding some custom registration fields just in case.

It seems you just made a thread about a completely invalid experiment then since you have added other variables to it.

dsavi · Post by **dsavi** » Fri Apr 24, 2009 6:20 pm

^ The 404 errors, though. Those certainly weren't caused by custom profile fields if he changed the links in the template.

It's an interesting idea.

Lumpy Burgertushie · Post by **Lumpy Burgertushie** » Sat Apr 25, 2009 10:02 pm

and not a new one.

people have been trying this since way back in the early days of phpbb2 ( maybe even phpbb1 ).

sure, it will work, however, the same problems still arise. updates become a nightmare, installing MODs is much harder, etc. etc.

and, like anything else, if one person posts and tells us how they changed the filename to abc.php, then millions of users would do the same and the spammers would just adjust their scripts to suit.

not to mention that the file name is not the only way to find the code they are looking for.

robert

voidopolis · Post by **voidopolis** » Mon Apr 27, 2009 8:04 pm

Lumpy Burgertushie wrote:and not a new one.

people have been trying this since way back in the early days of phpbb2 ( maybe even phpbb1 ).

sure, it will work, however, the same problems still arise. updates become a nightmare, installing MODs is much harder, etc. etc.

and, like anything else, if one person posts and tells us how they changed the filename to abc.php, then millions of users would do the same and the spammers would just adjust their scripts to suit.

not to mention that the file name is not the only way to find the code they are looking for.

robert

Nope. not perfect in anyway. just looking at the main page for a link for "register" will give you the right name of UCP... but it is working for now on my site. I disabled all the other protections from the site and I have not seen a return of any bots. just a climbing 404 rate on UCP.php. So, it does work, but yes, limitations included.

there seems to also be a hole in the "pick the fifth number in this number sequence" as well as the drop down list... you just submit one incorrect page, the error page that phpbb returns tells you the correct answers to the questions. Not to difficult for the BOT to write around. It would be nice to get those error strings to be less friendly. Right now, if my "correct" number was "4" it says "please pick a number between 4 and 4" and the other picklist gives you the correct answer as well.

but this stuff is mainly about staying one step ahead of what the current threat is from the bots writers of the world. a layered security model - its just about all we have.

Post by **stevemaury** » Mon Apr 27, 2009 10:06 pm

You have to edit the language file to get rid of that tip off.

advertisements