[BETA]Q&A Registration Counter Measures Generator Software

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment!
Get Involved
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

Add LaSt or lAST or lasT, or FirSt, or fiRst as well

Version 1.0.0.2

Change the way last and first are written in every generation.

Also put a randomized 5-10 question then way it's asked

Version 1.0.0.3

Lol
Cheers All, Have A Good One
StormerSoft.Com
User avatar
T0ny
Registered User
Posts: 1383
Joined: Sun Jan 29, 2006 8:42 pm
Location: Lancashire
Name: Tony

Re: Q&A Registration Counter Measures Generator

Post by T0ny »

Edward572 wrote:Now bot has to figure out in XXXXtwoXXXX, we're the number is
/x*([^x]*)/i
Slackervaara
Registered User
Posts: 195
Joined: Thu Feb 28, 2008 7:46 am

Re: Q&A Registration Counter Measures Generator

Post by Slackervaara »

For those living in countries that has an alphabet with extra letters like Scandinavia and Germany, it can be good to include such letters in the answer. You can have the question: Copy the swedish word for snow snö as answer.
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

T0ny wrote:
Edward572 wrote:Now bot has to figure out in XXXXtwoXXXX, we're the number is
/x*([^x]*)/i
/x*([^x]*)/i[/c]
What is meant by the above code??

Sorry don't understand what that means :?:
Cheers All, Have A Good One
StormerSoft.Com
User avatar
Lumpy Burgertushie
Registered User
Posts: 69228
Joined: Mon May 02, 2005 3:11 am

Re: Q&A Registration Counter Measures Generator

Post by Lumpy Burgertushie »

Slackervaara wrote:For those living in countries that has an alphabet with extra letters like Scandinavia and Germany, it can be good to include such letters in the answer. You can have the question: Copy the swedish word for snow snö as answer.
put this in google:
the swedish word for snow

see what comes up first result.


robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Slackervaara
Registered User
Posts: 195
Joined: Thu Feb 28, 2008 7:46 am

Re: Q&A Registration Counter Measures Generator

Post by Slackervaara »

But if you don't have a Swedish keyboard is it difficult to write snö.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69228
Joined: Mon May 02, 2005 3:11 am

Re: Q&A Registration Counter Measures Generator

Post by Lumpy Burgertushie »

Slackervaara wrote:But if you don't have a Swedish keyboard is it difficult to write snö.
do you think the spam bots have keyboards?

robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

Will release the newest version with everyone's ideas, reverse the code to be what's the Last then First, that should bugger them up for a bit, also add XXXXlAsTXXX, XXXtwOXXX.

As. One commented the random characters are being use by brute force attack on the random data, until the string is broken. It my experience that the more string there is the harder it is to break, so maybe a 30 character code with 5-6 from front back and the reverse order on some questions maybe what last two characters then the first two etc. have both types of questions.
12 characters is almost impossible to crack, unless they leave the attack on for weeks, Click "PURGE ALL SESSIONS" that should knock the bots off the board if there are tons of Guest visits. I assume the bots will have to start over with the brute force attack on the answer.
Hopefully easy for humans and harder for bots.

My one board that got attacked Friday is visited by a lot of guest today like 214 guests in one hour, I am assuming this is a bunch of busy bots trying to login to accounts that no longer exist. Also trying to pass the new questions, I've added 15-20 new questions, as one other board had that many and it was not defeated.

Changed all questions on that forum, just in case.

Just trying to make it to complicated for bots, and easy for humans... I will let everyone know if they get past the latest round of questions from version 1.0.0.0.

24 hours for the next version which will be a much more complicated random questions.

PS: Just F&$king sick of these AH's....
Cheers All, Have A Good One
StormerSoft.Com
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

First post in this thread has the latest updates and suggested improvements.
New version 1.0.0.3
1. Added Reverse Question
2. Use 28 Characters for the string
3. Use at least 4 characters for answer, up to 12 characters.
I have added reverse questions to my forum with forward questions as well. I realize some don't think this will work, but the larger the string the harder it is to break. If you try the software please comment for improvements and any suggestions to make it even tougher to break through. Still working on multiple question written differently, maybe put string first then the question and then reverse order as well.

Again this is simple and easy to use, just generate Q&A then copy & paste into Spam Countermeasures in Q&A section of your forum, try to use fwd and backward questions to make it harder, change out questions monthly for best results. It takes about 2minutes to add 10 questions...

Cheers,
ED
ODD's Assuming the bot can't read the question and decipher the combination and just the string of 28 characters are attacked. If you just say had 12 character to decipher the amount of combinations of the alphabet the Odds would be below:

12 Characters - 4.35 E+22 Combinations (that's 4.35 with 22 zeros)
11 Characters - 5.64 E+20 Combinations
4 Characters - 35,153,041 Combinations


So reversing and forwarding and adding different types of questions should make it almost imposable to break, so if the string is the only thing it can figures out you would most likely need a distributed DOS of like 3,000-4,000 computers running 24/7 for a few years to break the 12 Characters. Maybe a super computer a few days, but I doubt these cats have there hands on BIG BLUE...

Just Saying...
Cheers All, Have A Good One
StormerSoft.Com
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52797
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: Q&A Registration Counter Measures Generator

Post by stevemaury »

I doesn't matter how many permutations there are of the questions or possible answers. Each BOT only has to deal with one question and it can be solved because the instructions tell the bot whether the first and or last characters are needed and how many, and what final or initial character may be disregarded.

There are an infinite number of, for example, addition problems. That does not mean that any one addition problem is infinitely hard to solve.
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

stevemaury wrote:I doesn't matter how many permutations there are of the questions or possible answers. Each BOT only has to deal with one question and it can be solved because the instructions tell the bot whether the first and or last characters are needed and how many, and what final or initial character may be disregarded.

There are an infinite number of, for example, addition problems. That does not mean that any one addition problem is infinitely hard to solve.
I agree to some extent and you seem well versed on this subject, all I know when I used the forms of counter measures they are weak and hard to see at least for me, and also easily defeated.

I got jacked like a lot of people last week on 3 of my board with only 2 or three questions, but my main board made it though the attacks with 12 questions, all I did was change the boards questions and flush sessions.

Personal I think Q&A is the best of them all, maybe not perfect but the best way to stop or slow them down. Who ever codes the bots have to code all the different variations and type of questions...

I understand the three pigs and yourself may equal 14, but it can be simply broken by an actual human registering and then later using that account to spam board, so if they are determined to take down any board no matter the security.

If Q&A are changed regularly I think it tougher than leaving the same question there for months.

I guess I will see if it stops or slows attacks, all I know is there a lot of smart people out there that know how to crack the safe no matter what you have.
Just curious do you use Q&A or the other stuff? Assume you used the pigs and questions like that, and did your board get smoked too? Or where you spared the BS with your solution?
Anyhow Thanks for your comments and your incite... Cheers Man...
Cheers All, Have A Good One
StormerSoft.Com
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve

Re: Q&A Registration Counter Measures Generator

Post by Pony99CA »

stevemaury wrote:I am going to try once more to give an example of a Q&A that will not be easily solved. I have done this before, and am reluctant for obvious reasons to give too many more, but maybe this will give you the idea.

Q: You have all the little pigs, all the musketeers, and all of snow whites dwarves in a room with you. The total
number of critters in the room is?

A: 14
That answer is ambiguous. There are three little pigs, three musketeers (four if you count d'Artagnan), seven dwarves and you (if you call yourself a "critter"). You should really accept 13, 14 and 15.

It's also bad because it assumes a lot of cultural awareness. (Do people in other countries know about the three little pigs, or Snow White and the Seven Dwarves?)

For all the talk of bots "knowing" stuff, remember that they're just software; they don't "know" anything. Bots are programmed to solve problems, but if they haven't been programmed to correctly parse the problem, they won't be able to solve the question.

That's probably why I haven't gotten any spam using my question (at least not since I changed it on 11/21):
Spammers should be (pick one): Married, murdered, beloved.
Sure a bot could solve it, but maybe they aren't programmed to yet. My previous question used exactly the same form, but apparently some human got my question and added it to the spambot's database around 11/21, which is why I got lots of spam on that day.

If they had actually been programmed to solve that type of question, I would still be getting spam today. I'm not, so they haven't been.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 52797
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve

Re: Q&A Registration Counter Measures Generator

Post by stevemaury »

Pony99CA wrote: That answer is ambiguous. There are three little pigs, three musketeers (four if you count d'Artagnan), seven dwarves and you (if you call yourself a "critter"). You should really accept 13, 14 and 15.
It's not ambiguous. Dumas did not entitle the book "The Three Musketeers and Four if you count D'Artagnan". 13 is only correct if somehow you assume yourself to not be a critter, whereas dwarves and Musketeers are.
Pony99CA wrote:It's also bad because it assumes a lot of cultural awareness. (Do people in other countries know about the three little pigs, or Snow White and the Seven Dwarves?)
So, if I had the question "Who is Walt Disney"? you would never be able to register at my board?
I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
Edward572
Registered User
Posts: 192
Joined: Wed Aug 03, 2005 12:37 am
Location: Calgary, Alberta, Canada
Name: Edward

Re: Q&A Registration Counter Measures Generator

Post by Edward572 »

Hey...

There has been about 10 downloads, well a few were mine with tests, but if you have tried the software then please comment so others no it is good and safe software...

Looked into software signing digital signature the want like $499 / year for software signing and the host wants $49.00 / year to sign on website. I now see why most coders don't have this, spend $680 for VB2013, and then need $600 / year to sign the software a person code.


Anyhow for those who tried it please comment...
Cheers All, Have A Good One
StormerSoft.Com
User avatar
T0ny
Registered User
Posts: 1383
Joined: Sun Jan 29, 2006 8:42 pm
Location: Lancashire
Name: Tony

Re: Q&A Registration Counter Measures Generator

Post by T0ny »

The problem isn't whether the software is safe or good, but rather that the idea behind it is fundamentally flawed.

The questions and answers are created based on a set of rules that the software has been programmed with. These same rules can be used by a bot to extract the correct answer.

The system may work while the number of people using it is very small. As soon as the userbase becomes large enough to make any difference to the spammers, it will only take them minutes to work around it. In other words it won't scale.

Return to “[3.0.x] MODs in Development”