[2.0.20] ConfusaBOT ACP

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
Post Reply

Rating:

Excellent!
9
56%
Very Good
1
6%
Good
3
19%
Fair
1
6%
Poor
2
13%
 
Total votes: 16

Extensions Robot
Extensions Robot
Extensions Robot
Posts: 27603
Joined: Sat Aug 16, 2003 7:36 am

[2.0.20] ConfusaBOT ACP

Post by Extensions Robot » Fri May 12, 2006 6:25 am

MOD Name: ConfusaBOT ACP
Author: espicom
MOD Description: Change "agreed" and "coppa" variables to confuse bots, with an Admin Control Panel interface


MOD Version: 1.0.0

Download File: ConfusaBOT_ACP_v100a.zip
mods overview page: View
File Size: 11303 Bytes

Support for this MOD needs to be asked within this topic. The phpBB Teams are not responsible or required to give anyone support for this MOD. By installing this MOD, the phpBB Support Team or phpBB MODifications Team may not be able to provide support.

This MOD has only been tested by the phpBB MOD Team with the phpBB version in the topic title. It may not work in any other versions of phpBB.
Last edited by Extensions Robot on Mon Apr 30, 2007 12:29 am, edited 1 time in total.
(this is a non-active account manager for the phpBB Extension Customisations Team)

User avatar
webmacster87
Former Team Member
Posts: 3758
Joined: Fri Jun 11, 2004 2:30 am
Location: San Mateo, CA
Name: Douglas Bell
Contact:

Post by webmacster87 » Sun Jun 04, 2006 7:29 pm

MOD Validated/Released

Notes:
Changes the names of a few variables on the registration to confuse register bots.
Image

User avatar
kber
Registered User
Posts: 986
Joined: Sun May 07, 2006 9:22 am
Location: Egypt
Contact:

Post by kber » Sun Jun 04, 2006 8:17 pm

hello , thanks
demo?

chris3471
Registered User
Posts: 157
Joined: Wed Dec 07, 2005 8:32 pm

Post by chris3471 » Mon Jun 05, 2006 12:13 am

Demo would be nice. So what does this do? Does it just change the names to some other names but still in plain text or does it encode the names?

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Mon Jun 05, 2006 3:08 pm

Note: The effectiveness of this MOD for blocking spam registrations has fallen drastically since it was created. Spam bots now routinely scan the registration page for changed variables, and even fill in MOD-related ones found (usually with nonsense values). I do not recommend installing this MOD anymore.

However, it does make a good example of how to add things to your templates, and to the admin control panel, if I do say so myself....

PHPBB uses a standard set of variable names for registration. Among them are "agreed" and "coppa", to signify that you've read and agree to the board's terms of use, AND that you're 13 or older. Since these variables are all known to BOT writers, they can construct an HTTP POST request that appears identical to a user-created one.

This MOD changes two of these variables, so that such pre-constructed registrations will not work. What they are changed to is controlled through your admin control panel (ACP) so that you can change them regularly:

Image

It does not "encode" anything. The HTML variables are always going to be readable from the source. It is not a 100% wall against spam registrations, because some of the BOTs are smart enough to fetch your registration agreement page to get these variables and use them, although most (so far) do not bother, or do not completely utilize this capability. The result does not affect regular users, since their browsers will use the correct variables. It only affects attempts to bypass the normal registration process.

When combined with other MODs, such as the "Instant Ban" MOD, more attempts to register are blocked than without it. My systems log what BOTs send for registrations; over the past 18 months, about 80% of these attempts would have been blocked by this MOD on its own, but its success has been tapering off. Over the past two months, it would only be about 60%.
Last edited by espicom on Thu Apr 26, 2007 6:06 am, edited 1 time in total.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

User avatar
RATT
Registered User
Posts: 734
Joined: Fri Aug 19, 2005 6:27 am

Post by RATT » Tue Jun 06, 2006 8:07 am

wondered how long it would be before you finally made a mod for this..Nice one Jeff..Tx.

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Tue Jun 06, 2006 1:04 pm

Thanks, Ratt. It was more a motivational thing... and the realization that support for doing this change didn't belong over in the support forum. Making a formal MOD seem to be the only honorable way out... :wink:
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

imrich
Registered User
Posts: 237
Joined: Tue Nov 09, 2004 9:52 pm

Post by imrich » Wed Jun 07, 2006 12:59 pm

I have two questions:

1) Why doesn't the 'visual confirmation' stop the bots? I thought the whole point of the visual confirmation was to keep the bots from doing things like this. Are they getting smart enough to read the bitmap images now?

2)
Is it just me, or another of my mods? I have user email account activation/confirmation on. If someone starts the registration process, they do everthing EXCEPT the final step of clicking on the account activation step in the email. But then try to log in using the new account which they created, They get a blank screen! This is the html code which they are sent:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML>

They receive this no matter if they use their password or not.

Shouldn't they recieve some sort of error message?
Rich

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Wed Jun 07, 2006 1:06 pm

These are issues unrelated to this MOD, but...

Visual Confirmation does block about 80% or more of the bot attempts. I have no way of giving you data for anything except my boards, but fewer than 1 in 10 attempts to register even bother with sending the confirmation code, and the onese that do have a history that suggests that a person is involved in at least part of the registration process.

Blank pages for unconfirmed people is a bug in v2.0.20 of PHPBB, and there is a fix for it in the Support Forum.
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

imrich
Registered User
Posts: 237
Joined: Tue Nov 09, 2004 9:52 pm

Post by imrich » Wed Jun 07, 2006 1:11 pm

espicom wrote: These are issues unrelated to this MOD, but...

Visual Confirmation does block about 80% or more of the bot attempts. I have no way of giving you data for anything except my boards, but fewer than 1 in 10 attempts to register even bother with sending the confirmation code, and the onese that do have a history that suggests that a person is involved in at least part of the registration process.

Hmm.. thanks! I didn't realize that people would sit and work with a bot. Amazing what people will do with their time!
espicom wrote: Blank pages for unconfirmed people is a bug in v2.0.20 of PHPBB, and there is a fix for it in the Support Forum.


Thanks, In testing your mod, I just found this bug and was just starting to look into it. I found the bug in login.php and will now search for the fix, this will save me a lot of time.

Thanks again and thanks for sharing your mod.
Rich

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Wed Jun 07, 2006 1:24 pm

There are several strategies for adding human power to bots. Some people are willing to solve these puzzles for USD$2/hour, because that's a lot of money where they are located.

Another strategy is to put up a site that is "desirable" for gullable people, such as a "free porn" site, and tell them they need to solve a CAPTCHA to get in. When they have a sucker on the line, they can have the bot "join" whatever service has the CAPTCHA, and then present the image to the sucker. They then forward the results back to where the CAPTCHA came from. Tell the sucker they "missed" a few times, and you can join multiple CAPTCHA-protected services in a session.

This is why some CAPTCHAs are moving to having the site domain encoded into them, as well, as a watermark, in the hope that some of the suckers realize that a CAPTCHA for "world-of-cheese-puff-houses.org" shouldn't be appearing on their screen for entry into "hotest-tarts.xxx"!
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

iNfLuX
Registered User
Posts: 108
Joined: Thu Jul 10, 2003 2:55 pm
Contact:

Post by iNfLuX » Thu Jun 08, 2006 3:34 am

i just installed 2.0.21 and tried to install this mod.... just got this error from EM...
Critical Error

FIND FAILED: In file [templates/subSilver/admin/board_config_body.tpl] could not find:

<td class="row1">{L_AUTOLOGIN_TIME}

MOD script line #246 :: FAQ :: Report


i searched my board_config_body.tpl and can find no reference to the {L_AUTOLOGIN_TIME} variable....

User avatar
RATT
Registered User
Posts: 734
Joined: Fri Aug 19, 2005 6:27 am

Post by RATT » Thu Jun 08, 2006 5:45 am

This is the full string

Code: Select all

	<tr>
		<td class="row1">{L_AUTOLOGIN_TIME} <br /><span class="gensmall">{L_AUTOLOGIN_TIME_EXPLAIN}</span></td>
		<td class="row2"><input class="post" type="text" size="3" maxlength="4" name="max_autologin_time" value="{AUTOLOGIN_TIME}" /></td>
	</tr>
Sometimes easymod wont find the string, you may have to do it manually which i find is the safest ;)

iNfLuX
Registered User
Posts: 108
Joined: Thu Jul 10, 2003 2:55 pm
Contact:

Post by iNfLuX » Thu Jun 08, 2006 1:09 pm

^^^ yeah, which is what i started doing... but i searched my board_config_body.tpl and can find no reference to the {L_AUTOLOGIN_TIME} variable....

iNfLuX
Registered User
Posts: 108
Joined: Thu Jul 10, 2003 2:55 pm
Contact:

Post by iNfLuX » Thu Jun 08, 2006 1:10 pm

edit.

Post Reply

Return to “[2.0.x] MOD Database Releases”

Who is online

Users browsing this forum: No registered users and 2 guests