Go Back   3D Gladiators Forums > DISCUSSION AND SUPPORT > General Discussions
Notices
General Discussions Need to talk about anything not covered in the other discussion forums? Pop here! NO FLAMING ALLOWED!

Reply

 
Thread Tools
Old December 18th, 2006, 09:37 PM   #1
Kai
Victorian Engineer
 
Kai's Avatar
 
Join Date: Mar 2000
Location: Onboard the Myriad
Posts: 794
Default AntiSpambot Measures - Spread the Word

Reposted with full permissions - spread the word.

Okay, I wrote this for another forum, and it covers a few things I said earlier, but it's more comprehensive. So I'll post it......




I've been doing some reading on the phpBB spambots, and here are some of the more interesting bits that I've picked up.

All the spambots seem to driven from a single software title, though exactly what it is a pretty well guarded secret. It's not available for download anywhere for inspection.

But the software has a certain degree of AI to it. It monitors a site and assesses what is being done to combat it and adapts. It's a real stinker, and this is why many of the solutions are only temporary. It will find the most popular forums and post to them. It can even hide key URL's behind the smilies. It's very smart.

However, it does have some weaknesses that will allow it to be defeated. But first, let me define a few of the things that it does, to help explain why some things won't work.

Spambots operate on proxies. This allows the bots to get around IP blocking. If it can't reach a forum with a given proxy, it will attempt access with another. So forget phpBB IP blocking, it's useless.

Spambots have their own registration procedure overrides that are designed to defeat the built in and mod defined countermeasures (CAPTCHA, etc.), and if blocked, they will figure out how to override the measure and return shortly afer the blocks are installed, remembering them in the future. So forget the image reader code and other things like that.

They are pretty smart programs, and they are persistent. Until you cut off the things they need to find your forum, you've got them forever......

The key is getting rid of what they need to find you. So here is how you defeat them. It seems to be the only way to wipe them off your server.

If you are familiar with blocking open proxies using .htaccess and port blocking, then do so. (Apache servers) This doesn't stop them all, but it greatly reduces the number. This will be bypassed by the bots AI, but it buys you a little time so that you don't have to shut down the forum to perform the erradication.

The real key to defeating the spambots lies in the referral URL's. These are the links that are filled out in registration and appear in user WWW buttons and in the user list. The bots plant sleeper members, or they are done by a person who scouts the forum to plant the seeds for the bot. If you notice, every bit of spam has a URL listed for a website. The WWW button is always active on every spam post. Each bot can have a list of URL's for which to search.

The bots Google for these URL's listed to find their target forums. Once the seed URL is planted, the bot has a means for honing in on you. If you want to get rid of the spambots, you have to deny it the ability to plant these URL's in your forum.

These URL's exist in the forum pages and in the memberlist. When Google scans the forum, it records every URL that has been planted, active and sleeper. Until the next scan, the bots have your number.

So, to deny them access, you have to disable the www buttons, remove all spam posts, and kill the memberlist (except for admin access, which Google can not scan, since it doesn't have admin permissions). Then you have to keep them off so that that they don't replant the seed URL's until the next Google scan.

How do you keep them off until the next scan? Well, they have a weakness here too. Since they need the URL to plant the seed, they will overwrite a disabled URL field in the registration page. If you disable the URL field, only the bots will show a URL in their registration. Admin approval is used to axe any new members with URL's.

There are also other tests that can be custom added to registration configuration to help spot bots. Simple obvious yes or no questions like: Are you a bot? Are you your mother's child? Were you born in the city of your birth? Where did you hear about this site? and so forth, with instructions not to answer the question ("Do not answer this." etc.), will confuse the bots, and they will usually reply with the user name, location, or some other preset data.

That is the one solution that the bot's AI can not overcome. It takes a little work to disable the URL feature, and in the absence of the WWW button, it means that all members who want to post their websites will have to do so in their signatures.

The one weak point in this solution is that a human can return and plant another seed manually in a post. So for the solution to remain permanent, the URL blocking in registration must remain in effect, and admin approval or culling must remain in place to kill any URL posting registrations.

With this in mind, it is possible to use only the URL registration review, and not go through the cleansing of the site. This will allow existing members to keep their URL buttons. However, the cleansing will remove the need for constant admin attention. The clensing will allow for email registration activation, with admin checking the list daily for URL bearing registration, since the bots seldom post spam on the day they register. Without the cleaning, admin approval must remain the rule, as the registration attempts will be much more numerous.


So, that's pretty much it in a nutshell. Because so many phpBB forums have varying versions and registration configurations, I'm not posting any suggestions for the actual mechanics for carrying out these procedures. What may work for one forum might not work for another. Consult the phpBB forum or a php coder if you need specific advise for your specific forum.

I hope this helps provide a solution for the spambots. Feel free to post this article in all the spam infested forums in which you're a member. (You don't have to credit me if you mention that you found it elsewhere.)

Best of luck in the fight against the bots.
_________________
__________________
It is by Caffiene alone I set my mind in Motion
It is by the juice of the Bean that thoughts acquire speed
The hands acquire shakes
The shakes become a warning
It is by Caffiene alone I set my mind in Motion
Kai is offline   Reply With Quote
Old December 18th, 2006, 11:06 PM   #2
Dawg
Great Wise Guru
 
Dawg's Avatar
 
Join Date: Mar 2003
Location: Pacific Northwest, USA
Posts: 130
Default

Many thanks, Kai!

I am
Dawg
:warrior:
__________________
"Do you think that rattling was the dohickeys in his hair? It's two loose thoughts in an otherwise empty container."
(Buntec in "Hellspark" by Janet Kagan)

Visit:
LauretteSpang.com

Dirk Benedict Central

Tombs of Kobol

I no longer fight my inner demons. We're on the same side now.
Dawg is offline   Reply With Quote
Old February 12th, 2007, 06:20 PM   #3
hawkeye98
Guest
 
hawkeye98's Avatar
 
Posts: n/a
Default

ever see two automated spam bots have a "conversation" in a thread? Funny thing if you ask me.
  Reply With Quote

Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Word Association dfalconet General Discussions 2300 February 4th, 2008 10:40 PM
My word as a Warrior… Senmut General Discussions 11 August 13th, 2007 03:31 AM






For Fans Of CGI/Digital Art


All times are GMT -7. The time now is 12:02 AM. Contact Us - 3D Gladiators - Archive - Privacy Statement - Top
Powered by: vBulletin Version 3.8.11 Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content and Graphics ©1999-2010 3DGladiators
The 3D Gladiators Forums are run by CGI/Digital Art fans, paid for by CGI/Digital Art fans, for the enjoyment of fellow CGI/Digital Art fans.



©1999-2005 3D Gladiators