Page 1 of 9

[2.0.13] disable spambots

Posted: Tue Jul 13, 2004 5:39 pm
by Extensions Robot
MOD Name: disable spambots
Author: magenta
MOD Description: This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate
comment form (stopping simple random-submission bots), that
the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit). If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.

Since implementing this mod, my forum has only gotten two spams posted to it, and both were manually posted by a human. Countless thousands of spams were blocked.

For added security, you should change the "nana" and "foofoo" text inserted in the first "BEFORE, ADD" step so that spambots can't simply spoof the form values as well.



MOD Version: 1.1.4 (Updated 04/01/05)

Download File: disable-spambots-1.1.4.mod
mods overview page: View
File Size: 5279 Bytes

Security Score: 0

Posted: Fri Jul 23, 2004 2:09 am
by wGEric
MOD Validated/Released

Notes:
This MOD helps prevent spam bots from posting by checking an auth key and seeing how long it took to write the message. If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.

Posted: Sun Jul 25, 2004 7:42 pm
by safeTsurfa
If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.

So when/if that happens, what next? What are the mechanics for preview-state posting, is it seen as something by the board/database, or is it dropped harmlessly? This kind of reminds me of the "lost clusters" on a hard drive... they eventually add up to problems.

Posted: Sun Jul 25, 2004 10:10 pm
by magenta
The user then can resubmit from the preview. Basically, if a legitimate user manages to trigger the spambot protection (it's possible, but unlikely) then it acts as if they pressed "preview" instead.

The actual mechanism is it looks to make sure that the user agent, IP address, and forum/topic/comment (depending on the sort of post) are the same through all steps in the process. (Obviously there's a few cases where a legitimate user's IP address can change, which is why the request is turned into a preview so that they can try again, and in these cases the user will probably just think "Hm, I must have accidentally clicked preview. Oh well.")

It's still possible for a spambot to spoof the request, but it needs to actually scrape the page of the post it's replying to and wait 5 seconds before posting, which puts a severe damper on their operations. A spambot which doesn't do this won't realize that the submit didn't happen and so the spambot authors will take a while to catch up to this (unlike an IP address banlist which just tells the spambot to switch to a different open proxy or whatever).

If it becomes necessary in the future, there's a few other things which can be added in order to trip them up a bit more. Unfortunately, spam protection is always a losing battle. :( But, ever since I wrote this mod I haven't gotten a single comment spam, while my forum was being spammed pretty heavily before.

Posted: Fri Aug 27, 2004 11:09 am
by clarkfromrainbow
Small remark; this is made unecesary if you disallow anonymous users from posting.

In posting.php

Search for :

$userdata = session_pagestart($user_ip, PAGE_POSTING);
init_userprefs($userdata);

---add after ---

if ($userdata['user_id'] == ANONYMOUS)
{
redirect(append_sid('login.'.$phpEx));
}

Posted: Fri Aug 27, 2004 1:44 pm
by magenta
Uh, you can disable anonymous users from posting by just setting the forum permissions to require login.

Also, the entire point to this mod was that I <em>didn't</em> want to disable anon posts - that's the easiest way to drive away potential commenters.

Posted: Mon Oct 25, 2004 1:48 am
by akslee
I don't understand the part where the author said :

For added security, you should change the "nana" and "foofoo"
text inserted in the first "BEFORE, ADD" step so that
spambots can't simply spoof the form values as well.

So what should I write instead?

When I deployed this code, I get an DEBUG error message.

Posted: Mon Oct 25, 2004 1:54 am
by magenta
Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?

Posted: Mon Oct 25, 2004 1:57 am
by akslee
strange, it is now disappeared. :roll:

I think my p2p upload was at max, and it interfered with the forum posting when I submitted.

Now that I turned the p2p off, it is working fine. Oh well. Thanks for such a quick reponse. This is my fastest experience from a mod author to respond that quick. :D

Posted: Mon Oct 25, 2004 2:03 am
by magenta
No problem. :)

Posted: Tue Oct 26, 2004 12:32 am
by Dochas
Forgive the newbie question - is this EasyMOD compatible?

Thanks,
Dochas
magenta wrote: Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?

Posted: Tue Oct 26, 2004 12:54 am
by akslee
No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.

Posted: Tue Oct 26, 2004 1:01 am
by Dochas
Thanks akslee.

Dochas
akslee wrote: No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.

Issue with the mod

Posted: Fri Dec 03, 2004 11:34 pm
by The Founder
I had this mod running perfectly (so I thought) for a day.. and I noticed the amount of posting went down.. I found out that many of the users were getting that "preview page" it was actually pretty dramatic... a full 30% or so of the users were getting it...

The idea is great.... because if I get one more "http://www.INSERT WHATEVER PORN SITE HERE.com" registration I would go crazy...

but it was a full 30% of the forum.... the funny thing is I never got an error.. not even once...

Posted: Sat Dec 04, 2004 1:29 am
by magenta
Hm, odd. The only time that it should kick in for a legitimate user is if their IP address changes between loading the post page and pressing "submit."

Try changing

Code: Select all

$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);  
to

Code: Select all

$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $authkey);  
and see if that helps; that'll take the user's IP address out of the equation.