Author |
Message |
Ares
Joined: 28 Mar 2007 Posts: 24
|
Posted: Fri May 25, 2007 11:38 am Post subject: |
|
|
Centurion, where did you get that log from? is it from the sniffer thingy? |
|
|
Centurion
Joined: 25 May 2007 Posts: 5 Location: Poland
|
Posted: Fri May 25, 2007 12:27 pm Post subject: |
|
|
Ares wrote: | Centurion, where did you get that log from? is it from the sniffer thingy? |
yes it's a sniffer from this topic, but a little bit modified by me eg: for adding the entries not override |
|
|
Andres Guest
|
Posted: Sun May 27, 2007 7:30 am Post subject: |
|
|
I've sent Oleg sniffer data from the past few days from 2 of my sites.
Hopefully we'll get to the bottom of this soon, figure out what the problem is, and have it fixed ASAP.
Thanks guys,
Andres |
|
|
Ares
Joined: 28 Mar 2007 Posts: 24
|
Posted: Sun May 27, 2007 7:36 am Post subject: |
|
|
i'll restate my guess, only 'cuz we're on a new page here:
I think the bots can solve simple problems now, the sky/grass/type "this"/human yesno problems, and perhaps the simple arithmetic - automating the finding of numbers and doing simple operations on them has to be pretty easy.
Centurion's post leads me to believe they may have humans working behind the scenes as well - unless cent's question was "type paris", of course. the next stage for TC, is for us admins to start using image captchas within TC?
Is this chick hot, yes/no:
...you get the idea |
|
|
Centurion
Joined: 25 May 2007 Posts: 5 Location: Poland
|
Posted: Sun May 27, 2007 11:00 am Post subject: |
|
|
Hello
My question was "The name of the city with Eiffel Tower"
now I have 10 questions and I modified TC to add 10-minutes ban after typing wrong answer - no bot registration for last 2 days
I think I had discouraged the man who was upgrading his spambot
also, there were no bots' registrations on the forum where the questions are in Polish |
|
|
Ares
Joined: 28 Mar 2007 Posts: 24
|
Posted: Sun May 27, 2007 11:48 am Post subject: |
|
|
these guys might be trying to do individual, hard-coded attacks on our forums - they manually figure out what some of the correct answers are, then their bots do the rest.
it is theoretically possible to put all your TC questions in polish - but then the only person who would understand them would be Larry the Cucumber |
|
|
Centurion
Joined: 25 May 2007 Posts: 5 Location: Poland
|
Posted: Sun May 27, 2007 2:23 pm Post subject: |
|
|
Ares wrote: | it is theoretically possible to put all your TC questions in polish - but then the only person who would understand them would be Larry the Cucumber |
well I use polish questions on polish forums only
but my main forum is in english, so I have to fight spam attackers
however with 10 TC questions and 10-minutes bans I feel more safe ;] |
|
|
admin Site Admin
Joined: 18 Apr 2006 Posts: 805 Location: Saint-Petersburg, Russia
|
Posted: Mon May 28, 2007 4:50 am Post subject: |
|
|
I think I know the answer.
There is a small hole in Textual Confirmation. For spammer, it is enough to know only one correct question/answer pair. When registering, he can pretend that he answers this compromised question. In other words, getting the registration form and parsing it in search for the question isn't required!
For 99% of forums, it's not a problem due to economical reasons. But high-rated forums (for example, AAcomplaints.com has pagerank 5, unitedcomplaints.com -- 4) are another thing. For such forum, spammers are ready to hire real people to spam.
All we can do is to make spamming as hard as possible. In particular, this easy way of passing TC should be stopped.
At the moment, the solution is Advanced Textual Confirmation (ATC), which uses dynamic identifiers and makes strict checks. Soon, I'll backport these techniques to Textual Confirmation.
By the way, I really like ATC and recommend to install it. You see it in action on this forum. _________________ Oleg Parashchenko, bbAntiSpam
Do you love our tools? Please sponsor further development! |
|
|
Centurion
Joined: 25 May 2007 Posts: 5 Location: Poland
|
Posted: Mon May 28, 2007 8:38 am Post subject: |
|
|
admin wrote: | I think I know the answer.
There is a small hole in Textual Confirmation. For spammer, it is enough to know only one correct question/answer pair. When registering, he can pretend that he answers this compromised question. In other words, getting the registration form and parsing it in search for the question isn't required!
For 99% of forums, it's not a problem due to economical reasons. But high-rated forums (for example, AAcomplaints.com has pagerank 5, unitedcomplaints.com -- 4) are another thing. For such forum, spammers are ready to hire real people to spam.
All we can do is to make spamming as hard as possible. In particular, this easy way of passing TC should be stopped. |
There is a simple way to stop them
- creating at least 10-15 different questions
- adding temporary bans to TC script after typing wrong answer
(insert IP to ban table, expiring current session)
this works really fine for me |
|
|
Ares
Joined: 28 Mar 2007 Posts: 24
|
Posted: Wed May 30, 2007 3:12 pm Post subject: Re: penis enlargement |
|
|
penis enlargement wrote: | http://www.medsherbal.net - <a href="http://www.medsherbal.net">penis enlargement</a>
penis enlargement
|
all for one, and none for manual spam entries! lol |
|
|
Guest
|
Posted: Tue Jun 05, 2007 2:12 am Post subject: |
|
|
Just wanted to report back that since I changed my TC question to one less obvous (an animal question), I've had 0 spambots get through (it's been over a week now).
That seems to have solved the problem...for now.
Oleg, is their anyway to have all my forums point to only 1 TC database so that I don't have to update the question for each individual forum? In other words, I would like to be able to update 1 TC database and have the changes reflected in all my forums (they're all in the same server under the same account).
Please let me know if that's possible and what I would have to do.
Thanks again,
Andres |
|
|
admin Site Admin
Joined: 18 Apr 2006 Posts: 805 Location: Saint-Petersburg, Russia
|
Posted: Tue Jun 05, 2007 2:47 am Post subject: |
|
|
Quote: | I've had 0 spambots get through |
Thanks, it's good news!
Quote: | is their anyway to have all my forums point to only 1 TC database so that I don't have to update the question for each individual forum? In other words, I would like to be able to update 1 TC database and have the changes reflected in all my forums (they're all in the same server under the same account). |
In case your forums use the same database (the value of the variable "$dbname" in the file "config.php" is the same for all forum installations), then it is possible. In the file "includes/constants.php", find
Code: | define('TEXTUAL_CONFIRMATION_TABLE', $table_prefix.'textual_confirmation'); |
and replace the variable "$table_prefix" by a string with the table prefix of some of the installations.
Sorry if the answer is a bit obscure, I can try to re-formulate it if required. _________________ Oleg Parashchenko, bbAntiSpam
Do you love our tools? Please sponsor further development! |
|
|
Guest
|
Posted: Wed Jun 27, 2007 7:28 am Post subject: |
|
|
We're now getting several bots a day getting through - after having TC working brilliantly for months. I've changed the questions and some of the language file entries, but it doesn't seem to be having an effect.
One thing I have noticed is that in the entries from the bots that are getting through the order of the variables is different, TC_Answer is always at the bottom of the list.
Is there any way this could be used to trap the bots?
Example 1 - My test
[username] => paul_testing
[email] => paul_testing@paul_testing.co.uk
[new_password] => paul_testing
[password_confirm] => paul_testing
[tc_answer] => deliberate wrong answer
[icq] =>
[aim] =>
[msn] =>
[yim] =>
[website] =>
[location] =>
[occupation] =>
[interests] =>
[signature] =>
[viewemail] => 0
[hideonline] => 0
[notifyreply] => 0
[notifypm] => 1
[popup_pm] => 1
[attachsig] => 1
[allowbbcode] => 1
[allowhtml] => 1
[allowsmilies] => 1
[language] => english
[style] => 1
[timezone] => 0
[dateformat] => D M d, Y g:i a
[mode] => register
[agreed] => true
[coppa] => 0
[sid] => b375557a6614fc2a07719cfe7622f98b
[tc_question_id] => 1
[submit] => Submit
Example 2 - Bot
[username] => ShellyFew
[email] => shellyfe_vh1@xsecurity.org
[new_password] => YhcOB7m962
[password_confirm] => YhcOB7m962
[icq] => 694315
[website] => REMOVED
[location] => USA
[occupation] => Executive managert on VH1
[interests] => Dancing
[signature] => REMOVED
[viewemail] => 0
[hideonline] => 0
[notifyreply] => 0
[notifypm] => 1
[popup_pm] => 1
[attachsig] => 1
[allowbbcode] => 1
[allowhtml] => 1
[allowsmilies] => 1
[language] => english
[style] => 1
[timezone] => -12
[dateformat] => D M d, Y g:i a
[mode] => register
[agreed] => true
[coppa] => 0
[sid] => 96a6ca7e6a2a8bd6af3854b116cbb144
[tc_question_id] => 8
[submit] => Submit
[tc_answer] => green
Paul. |
|
|
admin Site Admin
Joined: 18 Apr 2006 Posts: 805 Location: Saint-Petersburg, Russia
|
Posted: Thu Jun 28, 2007 1:32 am Post subject: |
|
|
Unfortunately, this feature is too fragile to rely upon.
I wonder which questions do you use. Probably I can suggest which ones are weak. For example, the names of colours seem better not to be used.
Also, as the last resort, I recommend to upgrade to Advanced Textual Confirmation. It has more layers of protection and under active development of new layers. _________________ Oleg Parashchenko, bbAntiSpam
Do you love our tools? Please sponsor further development! |
|
|
Ok.