[2.0.13] disable spambots

The cleanup is complete. This forum is now read only.

Rating:

Excellent!
17
47%
Very Good
3
8%
Good
8
22%
Fair
2
6%
Poor
6
17%
 
Total votes : 36

[2.0.13] disable spambots

Postby MOD Robot » Tue Jul 13, 2004 5:39 pm

MOD Name: disable spambots
Author: magenta
MOD Description: This mod uses cryptographic signing techniques to ensure that any comment submissions have occurred from an appropriate
comment form (stopping simple random-submission bots), that
the form was actually generated for the user who is submitting (stopping clusters of page-scraping spiders), and that at least 5 seconds have passed between the form generation and the submission (stopping bots which fully scrape the page and then immediately submit). If one of these conditions is not met, the submit operation is turned into a preview, giving human posters another chance to submit.

Since implementing this mod, my forum has only gotten two spams posted to it, and both were manually posted by a human. Countless thousands of spams were blocked.

For added security, you should change the "nana" and "foofoo" text inserted in the first "BEFORE, ADD" step so that spambots can't simply spoof the form values as well.



MOD Version: 1.1.4 (Updated 04/01/05)

Download File: disable-spambots-1.1.4.mod
mods overview page: View
File Size: 5279 Bytes

Security Score: 0
Last edited by MOD Robot on Mon Apr 30, 2007 12:30 am, edited 1 time in total.
(this is a non-active account manager for the phpBB MOD Team)
MOD Robot
MOD Queue Bot
MOD Queue Bot
 
Posts: 24703
Joined: Sat Aug 16, 2003 7:36 am

Postby wGEric » Fri Jul 23, 2004 2:09 am

MOD Validated/Released

Notes:
This MOD helps prevent spam bots from posting by checking an auth key and seeing how long it took to write the message. If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.
User avatar
wGEric
Former Team Member
 
Posts: 8803
Joined: Sun Oct 13, 2002 3:01 am
Location: Friday
Name: Eric Faerber

Postby safeTsurfa » Sun Jul 25, 2004 7:42 pm

If it is less than five seconds, it turns the submit into a preview of the post so the bot will never be able to submit the post.

So when/if that happens, what next? What are the mechanics for preview-state posting, is it seen as something by the board/database, or is it dropped harmlessly? This kind of reminds me of the "lost clusters" on a hard drive... they eventually add up to problems.
User avatar
safeTsurfa
I've Been Banned!
 
Posts: 1959
Joined: Sat May 08, 2004 10:21 am
Location: United Kingdom

Postby magenta » Sun Jul 25, 2004 10:10 pm

The user then can resubmit from the preview. Basically, if a legitimate user manages to trigger the spambot protection (it's possible, but unlikely) then it acts as if they pressed "preview" instead.

The actual mechanism is it looks to make sure that the user agent, IP address, and forum/topic/comment (depending on the sort of post) are the same through all steps in the process. (Obviously there's a few cases where a legitimate user's IP address can change, which is why the request is turned into a preview so that they can try again, and in these cases the user will probably just think "Hm, I must have accidentally clicked preview. Oh well.")

It's still possible for a spambot to spoof the request, but it needs to actually scrape the page of the post it's replying to and wait 5 seconds before posting, which puts a severe damper on their operations. A spambot which doesn't do this won't realize that the submit didn't happen and so the spambot authors will take a while to catch up to this (unlike an IP address banlist which just tells the spambot to switch to a different open proxy or whatever).

If it becomes necessary in the future, there's a few other things which can be added in order to trip them up a bit more. Unfortunately, spam protection is always a losing battle. :( But, ever since I wrote this mod I haven't gotten a single comment spam, while my forum was being spammed pretty heavily before.
User avatar
magenta
Registered User
 
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle

Postby clarkfromrainbow » Fri Aug 27, 2004 11:09 am

Small remark; this is made unecesary if you disallow anonymous users from posting.

In posting.php

Search for :

$userdata = session_pagestart($user_ip, PAGE_POSTING);
init_userprefs($userdata);

---add after ---

if ($userdata['user_id'] == ANONYMOUS)
{
redirect(append_sid('login.'.$phpEx));
}
clarkfromrainbow
Registered User
 
Posts: 2
Joined: Fri Aug 27, 2004 11:03 am

Postby magenta » Fri Aug 27, 2004 1:44 pm

Uh, you can disable anonymous users from posting by just setting the forum permissions to require login.

Also, the entire point to this mod was that I <em>didn't</em> want to disable anon posts - that's the easiest way to drive away potential commenters.
User avatar
magenta
Registered User
 
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle

Postby akslee » Mon Oct 25, 2004 1:48 am

I don't understand the part where the author said :

For added security, you should change the "nana" and "foofoo"
text inserted in the first "BEFORE, ADD" step so that
spambots can't simply spoof the form values as well.

So what should I write instead?

When I deployed this code, I get an DEBUG error message.
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
akslee
Registered User
 
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver

Postby magenta » Mon Oct 25, 2004 1:54 am

Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?
User avatar
magenta
Registered User
 
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle

Postby akslee » Mon Oct 25, 2004 1:57 am

strange, it is now disappeared. :roll:

I think my p2p upload was at max, and it interfered with the forum posting when I submitted.

Now that I turned the p2p off, it is working fine. Oh well. Thanks for such a quick reponse. This is my fastest experience from a mod author to respond that quick. :D
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
akslee
Registered User
 
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver

Postby magenta » Mon Oct 25, 2004 2:03 am

No problem. :)
User avatar
magenta
Registered User
 
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle

Postby Dochas » Tue Oct 26, 2004 12:32 am

Forgive the newbie question - is this EasyMOD compatible?

Thanks,
Dochas

magenta wrote:Anything you want. It's just to add entropy to the hash.

What's the debug message that you get?
Dochas
Registered User
 
Posts: 10
Joined: Thu Oct 21, 2004 11:38 pm

Postby akslee » Tue Oct 26, 2004 12:54 am

No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.
"If you have a great time teaching your child, and your child has a great time, there simply isn't anyway you can lose."

www.ChildBrain.org
akslee
Registered User
 
Posts: 82
Joined: Sat Aug 02, 2003 6:54 pm
Location: Vancouver

Postby Dochas » Tue Oct 26, 2004 1:01 am

Thanks akslee.

Dochas
akslee wrote:No, it is not, but it is really easy. Just copy and paste several lines in one file. IMHO, it doesn't get any simplier than that.
Dochas
Registered User
 
Posts: 10
Joined: Thu Oct 21, 2004 11:38 pm

Issue with the mod

Postby The Founder » Fri Dec 03, 2004 11:34 pm

I had this mod running perfectly (so I thought) for a day.. and I noticed the amount of posting went down.. I found out that many of the users were getting that "preview page" it was actually pretty dramatic... a full 30% or so of the users were getting it...

The idea is great.... because if I get one more "http://www.INSERT WHATEVER PORN SITE HERE.com" registration I would go crazy...

but it was a full 30% of the forum.... the funny thing is I never got an error.. not even once...
The Founder
Registered User
 
Posts: 24
Joined: Thu May 06, 2004 6:46 pm

Postby magenta » Sat Dec 04, 2004 1:29 am

Hm, odd. The only time that it should kick in for a legitimate user is if their IP address changes between loading the post page and pressing "submit."

Try changing

Code: Select all
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']); 


to

Code: Select all
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $authkey); 


and see if that helps; that'll take the user's IP address out of the equation.
User avatar
magenta
Registered User
 
Posts: 80
Joined: Thu Jun 05, 2003 12:16 am
Location: Seattle

Next

Return to [2.0.x] MOD Database Cleanup

Who is online

Users browsing this forum: No registered users and 0 guests