Joined: 28 Mar 2007
Posts: 24
| Posted: Fri May 25, 2007 11:38 am Post subject: | |
| Centurion, where did you get that log from? is it from the sniffer thingy? | |
Joined: 25 May 2007
Posts: 5
Location: Poland
| Posted: Fri May 25, 2007 12:27 pm Post subject: | |||
yes it's a sniffer from this topic, but a little bit modified by me eg: for adding the entries not override  |
|||
Guest
| Posted: Sun May 27, 2007 7:30 am Post subject: | |
| I've sent Oleg sniffer data from the past few days from 2 of my sites.
Hopefully we'll get to the bottom of this soon, figure out what the problem is, and have it fixed ASAP. Thanks guys, Andres |
|
Joined: 28 Mar 2007
Posts: 24
| Posted: Sun May 27, 2007 7:36 am Post subject: | |
| i'll restate my guess, only 'cuz we're on a new page here:
I think the bots can solve simple problems now, the sky/grass/type "this"/human yesno problems, and perhaps the simple arithmetic - automating the finding of numbers and doing simple operations on them has to be pretty easy. Centurion's post leads me to believe they may have humans working behind the scenes as well - unless cent's question was "type paris", of course. the next stage for TC, is for us admins to start using image captchas within TC? Is this chick hot, yes/no: 
...you get the idea |
|
Joined: 25 May 2007
Posts: 5
Location: Poland
| Posted: Sun May 27, 2007 11:00 am Post subject: | |
| Hello
My question was "The name of the city with Eiffel Tower"
now I have 10 questions and I modified TC to add 10-minutes ban after typing wrong answer - no bot registration for last 2 days I think I had discouraged the man who was upgrading his spambot also, there were no bots' registrations on the forum where the questions are in Polish |
|
Joined: 28 Mar 2007
Posts: 24
| Posted: Sun May 27, 2007 11:48 am Post subject: | |
| these guys might be trying to do individual, hard-coded attacks on our forums - they manually figure out what some of the correct answers are, then their bots do the rest.
it is theoretically possible to put all your TC questions in polish - but then the only person who would understand them would be Larry the Cucumber  |
|
Joined: 25 May 2007
Posts: 5
Location: Poland
| Posted: Sun May 27, 2007 2:23 pm Post subject: | |||
well I use polish questions on polish forums only
but my main forum is in english, so I have to fight spam attackers however with 10 TC questions and 10-minutes bans I feel more safe ;] |
|||
Site Admin
Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia
| Posted: Mon May 28, 2007 4:50 am Post subject: | |
| I think I know the answer.
There is a small hole in Textual Confirmation. For spammer, it is enough to know only one correct question/answer pair. When registering, he can pretend that he answers this compromised question. In other words, getting the registration form and parsing it in search for the question isn't required! For 99% of forums, it's not a problem due to economical reasons. But high-rated forums (for example, AAcomplaints.com has pagerank 5, unitedcomplaints.com -- 4) are another thing. For such forum, spammers are ready to hire real people to spam. All we can do is to make spamming as hard as possible. In particular, this easy way of passing TC should be stopped. At the moment, the solution is Advanced Textual Confirmation (ATC), which uses dynamic identifiers and makes strict checks. Soon, I'll backport these techniques to Textual Confirmation. By the way, I really like ATC and recommend to install it. You see it in action on this forum. _________________ Oleg Parashchenko, bbAntiSpam Do you love our tools? Please sponsor further development! |
|
Joined: 25 May 2007
Posts: 5
Location: Poland
| Posted: Mon May 28, 2007 8:38 am Post subject: | |||
There is a simple way to stop them - creating at least 10-15 different questions - adding temporary bans to TC script after typing wrong answer (insert IP to ban table, expiring current session) this works really fine for me |
|||
Joined: 28 Mar 2007
Posts: 24
| Posted: Wed May 30, 2007 3:12 pm Post subject: Re: penis enlargement | |||
all for one, and none for manual spam entries! lol |
|||
| Posted: Tue Jun 05, 2007 2:12 am Post subject: | |
| Just wanted to report back that since I changed my TC question to one less obvous (an animal question), I've had 0 spambots get through (it's been over a week now).
That seems to have solved the problem...for now. 
Oleg, is their anyway to have all my forums point to only 1 TC database so that I don't have to update the question for each individual forum? In other words, I would like to be able to update 1 TC database and have the changes reflected in all my forums (they're all in the same server under the same account). Please let me know if that's possible and what I would have to do. Thanks again, Andres |
|
Site Admin
Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia
| Posted: Tue Jun 05, 2007 2:47 am Post subject: | |||||||
Thanks, it's good news!
In case your forums use the same database (the value of the variable "$dbname" in the file "config.php" is the same for all forum installations), then it is possible. In the file "includes/constants.php", find
and replace the variable "$table_prefix" by a string with the table prefix of some of the installations. Sorry if the answer is a bit obscure, I can try to re-formulate it if required. _________________ Oleg Parashchenko, bbAntiSpam Do you love our tools? Please sponsor further development! |
|||||||
| Posted: Wed Jun 27, 2007 7:28 am Post subject: | |
| We're now getting several bots a day getting through - after having TC working brilliantly for months. I've changed the questions and some of the language file entries, but it doesn't seem to be having an effect.
One thing I have noticed is that in the entries from the bots that are getting through the order of the variables is different, TC_Answer is always at the bottom of the list. Is there any way this could be used to trap the bots? Example 1 - My test [username] => paul_testing [email] => paul_testing@paul_testing.co.uk [new_password] => paul_testing [password_confirm] => paul_testing [tc_answer] => deliberate wrong answer [icq] => [aim] => [msn] => [yim] => [website] => [location] => [occupation] => [interests] => [signature] => [viewemail] => 0 [hideonline] => 0 [notifyreply] => 0 [notifypm] => 1 [popup_pm] => 1 [attachsig] => 1 [allowbbcode] => 1 [allowhtml] => 1 [allowsmilies] => 1 [language] => english [style] => 1 [timezone] => 0 [dateformat] => D M d, Y g:i a [mode] => register [agreed] => true [coppa] => 0 [sid] => b375557a6614fc2a07719cfe7622f98b [tc_question_id] => 1 [submit] => Submit Example 2 - Bot [username] => ShellyFew [email] => shellyfe_vh1@xsecurity.org [new_password] => YhcOB7m962 [password_confirm] => YhcOB7m962 [icq] => 694315 [website] => REMOVED [location] => USA [occupation] => Executive managert on VH1 [interests] => Dancing [signature] => REMOVED [viewemail] => 0 [hideonline] => 0 [notifyreply] => 0 [notifypm] => 1 [popup_pm] => 1 [attachsig] => 1 [allowbbcode] => 1 [allowhtml] => 1 [allowsmilies] => 1 [language] => english [style] => 1 [timezone] => -12 [dateformat] => D M d, Y g:i a [mode] => register [agreed] => true [coppa] => 0 [sid] => 96a6ca7e6a2a8bd6af3854b116cbb144 [tc_question_id] => 8 [submit] => Submit [tc_answer] => green Paul. |
|
Site Admin
Joined: 18 Apr 2006
Posts: 805
Location: Saint-Petersburg, Russia
| Posted: Thu Jun 28, 2007 1:32 am Post subject: | |
| Unfortunately, this feature is too fragile to rely upon.
I wonder which questions do you use. Probably I can suggest which ones are weak. For example, the names of colours seem better not to be used. Also, as the last resort, I recommend to upgrade to Advanced Textual Confirmation. It has more layers of protection and under active development of new layers. _________________ Oleg Parashchenko, bbAntiSpam Do you love our tools? Please sponsor further development! |
|