spambot defense experiment - rename ucp.php

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Post Reply
voidopolis
Registered User
Posts: 6
Joined: Fri Jul 26, 2002 7:33 pm

spambot defense experiment - rename ucp.php

Post by voidopolis » Thu Apr 23, 2009 7:43 pm

Well, I've been getting attacked by spambots on a few of my sites and I've done something that seems to be working pretty well and thought I'd share. I didn't see any other posts talking about this, so... ;)

I decided to rename ucp.php file across the whole site since it seems to be getting called directly by the bots that are attacking.

so, I renamed the file and then did a search/replace on "ucp." with the new filename. There were like 25 entries or something to fix, but no big deal.

The bots should just fail with a 404. I'm seeing a lbig increase in UCP.PHP 404 errors in the logs - which was expected, and no spambot accounts getting created. However, I did do the additional step of adding some custom registration fields just in case.

I thought I'd have problems on some pages after doing this, but I have not found a page that wont load yet. Obviously, when I go to upgrade to the next rev, I'll have to either re-do the mod or reverse it. but the change over was easy. It will only take 2 minutes to reverse it.

User avatar
Dog Cow
Registered User
Posts: 2495
Joined: Fri Jan 28, 2005 12:14 am
Contact:

Re: spambot defense experiment - rename ucp.php

Post by Dog Cow » Thu Apr 23, 2009 8:13 pm

Renaming files is certainly a good tactic. I myself have gotten 4,915 hits on forums/posting.php this month, a file which does not exist since I redid my forums a few months ago.

Overall, it's a good technique for individual use, but if you try to suggest that it become standardized, then you will find that the phpBB Group will decline: the bots will simply take note of this new URL and look for it instead.
Moof!
Mac GUI Vault: Retro Apple II & Macintosh computing archive.
Inside Allerton bookMac GUIMac 512K Blog

tiby
Registered User
Posts: 46
Joined: Mon Oct 20, 2008 6:11 am
Contact:

Re: spambot defense experiment - rename ucp.php

Post by tiby » Fri Apr 24, 2009 12:54 pm

go to ACP -> users and groups --> custom profile field, edit what you want, then it works well, and the spambot didnt register

tank71
Registered User
Posts: 23
Joined: Sun Apr 19, 2009 1:44 pm

Re: spambot defense experiment - rename ucp.php

Post by tank71 » Fri Apr 24, 2009 4:12 pm

Thanks for the suggestions. I think i am going to do the same thing. Pretty simple but it should be pretty effective...
TANK71 -- USAF Active Duty

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: spambot defense experiment - rename ucp.php

Post by EXreaction » Fri Apr 24, 2009 5:35 pm

voidopolis wrote:The bots should just fail with a 404. I'm seeing a lbig increase in UCP.PHP 404 errors in the logs - which was expected, and no spambot accounts getting created. However, I did do the additional step of adding some custom registration fields just in case.
It seems you just made a thread about a completely invalid experiment then since you have added other variables to it.

dsavi
Registered User
Posts: 31
Joined: Sun May 11, 2008 2:00 pm
Location: Finland

Re: spambot defense experiment - rename ucp.php

Post by dsavi » Fri Apr 24, 2009 6:20 pm

^ The 404 errors, though. Those certainly weren't caused by custom profile fields if he changed the links in the template.

It's an interesting idea.

User avatar
Lumpy Burgertushie
Registered User
Posts: 66897
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: spambot defense experiment - rename ucp.php

Post by Lumpy Burgertushie » Sat Apr 25, 2009 10:02 pm

and not a new one.

people have been trying this since way back in the early days of phpbb2 ( maybe even phpbb1 ).

sure, it will work, however, the same problems still arise. updates become a nightmare, installing MODs is much harder, etc. etc.

and, like anything else, if one person posts and tells us how they changed the filename to abc.php, then millions of users would do the same and the spammers would just adjust their scripts to suit.

not to mention that the file name is not the only way to find the code they are looking for.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

voidopolis
Registered User
Posts: 6
Joined: Fri Jul 26, 2002 7:33 pm

Re: spambot defense experiment - rename ucp.php

Post by voidopolis » Mon Apr 27, 2009 8:04 pm

Lumpy Burgertushie wrote:and not a new one.

people have been trying this since way back in the early days of phpbb2 ( maybe even phpbb1 ).

sure, it will work, however, the same problems still arise. updates become a nightmare, installing MODs is much harder, etc. etc.

and, like anything else, if one person posts and tells us how they changed the filename to abc.php, then millions of users would do the same and the spammers would just adjust their scripts to suit.

not to mention that the file name is not the only way to find the code they are looking for.


robert
Nope. not perfect in anyway. just looking at the main page for a link for "register" will give you the right name of UCP... but it is working for now on my site. I disabled all the other protections from the site and I have not seen a return of any bots. just a climbing 404 rate on UCP.php. So, it does work, but yes, limitations included.

there seems to also be a hole in the "pick the fifth number in this number sequence" as well as the drop down list... you just submit one incorrect page, the error page that phpbb returns tells you the correct answers to the questions. Not to difficult for the BOT to write around. It would be nice to get those error strings to be less friendly. Right now, if my "correct" number was "4" it says "please pick a number between 4 and 4" and the other picklist gives you the correct answer as well.

but this stuff is mainly about staying one step ahead of what the current threat is from the bots writers of the world. a layered security model - its just about all we have.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50916
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: spambot defense experiment - rename ucp.php

Post by stevemaury » Mon Apr 27, 2009 10:06 pm

You have to edit the language file to get rid of that tip off.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

Post Reply

Return to “phpBB Discussion”