Spam bots

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
PoliFactsGlobal
Registered User
Posts: 9
Joined: Wed Jun 19, 2019 6:30 am
Name: K E
Contact:

Spam bots

Post by PoliFactsGlobal » Fri Jun 28, 2019 9:32 am

Anyone know what the most common method spam bots use to get past captcha ?

In other words, do they contain code that actually can decipher the captcha or or some sort of AI. Or do they just use brute force for the most part.

Any links out there that give a detailed method on how to make one?

I AM NOT TRYING TO MAKE ONE ! - But I want to know how they work so I can create counter measures against them.


TIA

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21156
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: Spam bots

Post by Mick » Fri Jun 28, 2019 10:12 am

If you’re talking about the squiggly letter type captchas, they were beaten years ago and shouldn’t be used, the bots sussed them, not sure how but they did. Have you got a particular issue?

phpBB has a built in Q&A that, properly set up along with the newly registered user group, will stop 99% of your spam attacks.

As for how to make one I just googled the question (how to make a captcha) and there is a ton of information available on all types of methods, different captchas and even YT videos. Knowing how one or two work may help you but don’t forget there are different types from many different sources.
"The more connected we get the more alone we become" - Kyle Broflovski

PoliFactsGlobal
Registered User
Posts: 9
Joined: Wed Jun 19, 2019 6:30 am
Name: K E
Contact:

Re: Spam bots

Post by PoliFactsGlobal » Fri Jun 28, 2019 11:59 am

Thx - yea was just looking for some generalized info on them and how they go about getting past them.

If one had access to the code that creates the default broken/noised - could prob reverse engineer the image and would make it alot easier to figure out what the captcha says

PoliFactsGlobal
Registered User
Posts: 9
Joined: Wed Jun 19, 2019 6:30 am
Name: K E
Contact:

Re: Spam bots

Post by PoliFactsGlobal » Fri Jun 28, 2019 12:32 pm

If you have email verify on - do they actually get the email and verify with the code that is sent ?

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69118
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: Spam bots

Post by KevC » Fri Jun 28, 2019 1:01 pm

I suspect the bots are largely sets of macros to run processes. Letter captchas are solved with optical character recognition software. The result is fed back to the script that fills out the answer. They have scripts to create email addresses and monitor them for replies and then follow the activation link. Q&A tends to be solved largely with tables of solved questions and answers. They can be easily beaten from our side by changing the wording or the exact question/answer and sometimes altering as little as one letter can stop them dead because they no longer have an exact hit for the question in the database.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

PoliFactsGlobal
Registered User
Posts: 9
Joined: Wed Jun 19, 2019 6:30 am
Name: K E
Contact:

Re: Spam bots

Post by PoliFactsGlobal » Fri Jun 28, 2019 1:10 pm

thx - that answers alot.

Amazing how much effort is used to post spam that everyone knows is just spam garbage and ignores it.

Was thinking of making a puzzle based captcha where they have to assemble an image based on 12 pieces - or something along those lines

User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 3223
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: Spam bots

Post by thecoalman » Wed Jul 03, 2019 10:50 pm

A larger part of the problem with image based text captacha's is everyone using the same captcha or similar captcha. They can detect it's phpBB forum or whatever and implement specific code for that type of text captcha. Once it's broken its broken for every site. As side note it would be interesting to see how successful bots would be against the original captcha, this may actually screw them up because they may not be programmed for it. The image based text captchas are difficult to solve for some humans and the bots at this point can solve them better than humans so that is no longer an option.

The Q&A solves this to some degree because it's somewhat unique however you have limited amount questions. They also employ humans and you only need one human to determine the answer to the question(s) which can then be used repeatedly until the question(s) are changed. Humans are also employed to simply break captcha's and then the login credentials are resold in bulk to spammers.

If really wanted to slow down bots you need to do something truly unique. The registration form on every phpBB site is nearly identical, if you create something that is truly unique in the form it throws a monkey wrench into the bots programming because they will only encounter that on your site.

This is a continual "war" and with human based captcha solving and AI on the rise there appears to be no end to it.

User avatar
John connor
Registered User
Posts: 2119
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: Spam bots

Post by John connor » Thu Jul 04, 2019 2:41 am

If you're having spam problems use a question captcha or the extension in my signature. If you use a question captcha it should be something difficult that a bot can't solve but easy for a human. Off the top of my head a question like: "what's the third letter in the site title?" might work. If you really want to get down to it use the script in my signature called CIDRAM. In CIDRAM is a Stop Forum Spam module that uses the Stop Forum Spam database to help prevent spam.

I would also hold all first time posts in moderation queue until approval that way spam can be contained and not see the light of day.

User avatar
david63
Registered User
Posts: 16197
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Spam bots

Post by david63 » Thu Jul 04, 2019 7:56 am

John connor wrote:
Thu Jul 04, 2019 2:41 am
Off the top of my head a question like: "what's the third letter in the site title?" might work
No it wouldn't - maximum of 26 attempts and it is broken
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

Post Reply

Return to “phpBB Discussion”