Advertisement:

Author Topic: Anti Bot: Unrecognizable Form  (Read 50163 times)

Offline SSimple Team

  • Jr. Member
  • **
  • Posts: 391
  • SMFSimple.com
    • SMFSimple.Com
Anti Bot: Unrecognizable Form
« on: May 08, 2009, 11:45:43 PM »
Link to Mod

Anti Bot: Unrecognizable Form v1.1


Compatible With:SMF 1.1.X - SMF 2 Beta & RC1
Created By:.LORD.
Version:1.1
Initial Release:2nd May 2009
Languages:All

This MOD make a fake Form and make unrecognizable (for bots) the real Form.

The bots will use the "fake Form" and the humans the "real Form".

Your users will not notice the difference, and the bots receive a error message for sidetrack.

How to test this MOD?
1.- Open the form to register a new user (not send).
2.- Installing the MOD.
3.- Send the form opened in the step 1. (and see the "error message")
4.- Now send a form opened after installing the MOD. (and register without problem)

Why? The bots will continue using the "old form", the form SMF's by default.

Extra: How it works?
Post 1
Post 2
Post 3

Quote from: Karl Benson
It is a cat and mouse game between forum software and bot-creators to secure forums against spam bots.
Using generic/centralised anti-spam measures makes it viable for bot-creators to try to get past them.
If every forum employs completely different anti-bot measures it makes it almost impossible to create bots for mass-automated registration.

Code: (CHANGELOG) [Select]
1.1 - 29th May 2009
o Now the register page isn't cacheabled. It is useful against "Send Form" and "Go Back"
o Fix a bug in Register.template and password visible. Thanks DistantJ for report
1.0 - 2nd May 2009
o Initial release
o Adds Mutation in the Form Register

« Last Edit: September 02, 2009, 09:17:29 PM by .LORD. »




Mi Web: SMFSimple.com -

Online zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,093
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: Anti Bot: Unrecognizable Form
« Reply #1 on: May 08, 2009, 11:49:45 PM »
Very nice .LORD.!

This is interesting! Installing on my forum as we speak.
zilladotexe
Formerly known as "JBlaze"
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline brelwit

  • Semi-Newbie
  • *
  • Posts: 46
Re: Anti Bot: Unrecognizable Form
« Reply #2 on: May 09, 2009, 12:54:17 AM »
Doesn't work for me.  After doing a test registration, it produces an error "Registration is disabled" or something like that.

Offline A.SK

  • Sophist Member
  • *****
  • Posts: 1,191
  • Gender: Male
  • SMF is the best forum tool
    • IT Acumens - A Edu Community
Re: Anti Bot: Unrecognizable Form
« Reply #3 on: May 09, 2009, 02:58:52 PM »
Good concept .LORD.

It would be really good if there is an screenshot.
Working on New Mods & Themes for SMF... Will update soon... My Blog page
My Smf forum : Discuss ITAcumens  -  Demo Smf forum : Chat ITAcumens

Offline blondeamon

  • Jr. Member
  • **
  • Posts: 242
    • Kamenos Gaming Community
Re: Anti Bot: Unrecognizable Form
« Reply #4 on: May 09, 2009, 05:23:31 PM »
cool mod, thanks
Always looking for the best

www.kamenos.gr  Greek Gaming Community

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #5 on: May 09, 2009, 05:59:15 PM »
Lemme see if I got this.

Open a registration form, fill it out, but don't submit it yet.

Install the mod.

Click submit for the registration begun in step 1. There will be an error.

Register a new account as usual and everything is now invisible.

A couple things first.

JBlaze has no hesitation about this and I know he knows what he's doing (not that you don't) so that's a plus.

However, I can't help asking, how are future registrations determined to be either fake or real? Also is this testing deal some sort of "activation" or something? I'm not grilling you, it's just that my over active mind gets the best of me sometimes when I don't understand something.

Offline .LORD.

  • Jr. Member
  • **
  • Posts: 131
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #6 on: May 09, 2009, 07:28:24 PM »
Very nice .LORD.!

This is interesting! Installing on my forum as we speak.

Thanks for comment :D

Doesn't work for me.  After doing a test registration, it produces an error "Registration is disabled" or something like that.

This error is showed (for sidetrack) if you even use the "old form.

If you reload a new page to register shouldn't leave that message.

Good concept .LORD.

It would be really good if there is an screenshot.

Ok, but... screenshot of code XHTML XD

The MOD visually there is no difference. The change is in the XHTML.

The bots are still using the "normal XHTML" of the register template, but now this template is mutating randomly.

cool mod, thanks

Thanks for comment :D

Offline .LORD.

  • Jr. Member
  • **
  • Posts: 131
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #7 on: May 09, 2009, 07:40:52 PM »
Lemme see if I got this.

Open a registration form, fill it out, but don't submit it yet.

Install the mod.

Click submit for the registration begun in step 1. There will be an error.

Register a new account as usual and everything is now invisible.

A couple things first.

JBlaze has no hesitation about this and I know he knows what he's doing (not that you don't) so that's a plus.

However, I can't help asking, how are future registrations determined to be either fake or real? Also is this testing deal some sort of "activation" or something? I'm not grilling you, it's just that my over active mind gets the best of me sometimes when I don't understand something.

Excuse me if I have not understood.

The MOD makes this. But first we must understand how bots operate.

The users do click on the link Register. Fill the boxes and then click on the button Register.

The bots don't make that. The bots sent the variables with his registration.

What variables? What are the names of the variables?

The Spammers will study who to break the software. In the case of a forum (in this case SMF), the registers variable is always the same name (user, email, passwrd1, passwrd2). So no problem in sending these variables filled with his information.

This MOD makeup, random mutations in the register template form, and (eg) the changes to (a3423ads234234asdasd, sdf34a56234234asdasd, blah, blah).

Spammers don't know this, then they will send the variables (user, email, passwrd1, passwrd2) as always.

Moreover, if their registration fails, the spammers they can see the error message. Then make a page re study, and will modify their bot. The "message of error/distraction" will think the spammers the registration failed because your forum have the register disable.

Sorry for my bad English. :)

Offline imno007

  • Jr. Member
  • **
  • Posts: 170
Re: Anti Bot: Unrecognizable Form
« Reply #8 on: May 09, 2009, 08:30:45 PM »
Are there options for this in the admin?

Online zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,093
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: Anti Bot: Unrecognizable Form
« Reply #9 on: May 09, 2009, 08:31:13 PM »
Are there options for this in the admin?

No.
zilladotexe
Formerly known as "JBlaze"
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #10 on: May 09, 2009, 10:07:56 PM »


Excuse me if I have not understood.

The MOD makes this. But first we must understand how bots operate.

The users do click on the link Register. Fill the boxes and then click on the button Register.

The bots don't make that. The bots sent the variables with his registration.

What variables? What are the names of the variables?

The Spammers will study who to break the software. In the case of a forum (in this case SMF), the registers variable is always the same name (user, email, passwrd1, passwrd2). So no problem in sending these variables filled with his information.

This MOD makeup, random mutations in the register template form, and (eg) the changes to (a3423ads234234asdasd, sdf34a56234234asdasd, blah, blah).

Spammers don't know this, then they will send the variables (user, email, passwrd1, passwrd2) as always.

Moreover, if their registration fails, the spammers they can see the error message. Then make a page re study, and will modify their bot. The "message of error/distraction" will think the spammers the registration failed because your forum have the register disable.

Sorry for my bad English. :)

That is a perfectly splendid explanation and answers my questions. I did not know any of that and it's very interesting. Spambots bypass the form and try to inject the registration variables directly. So this mod makes it so whenever that operation takes place it returns the error, but when the regular registration form is used by a real new user it just works like normal. If I understood correctly. Very very good indeed!

Don't be sorry about your English buddy. You're doin better than I ever would with Spanish :)

EDIT: I had to manually edit the register.php file, but this looks like it's working for me just like you say.

Luckily I have a few machines on a KVM switch so I started a registration on a different computer and after installing/editing it returned the "registrations are disabled" error. A new registration after that worked perfectly. Pretty SPIFFY there amigo!! You even get a demonstration of my muy bueno Spanish :D
« Last Edit: May 09, 2009, 10:46:57 PM by Tiribulus »

Offline dr.wills

  • Jr. Member
  • **
  • Posts: 137
Re: Anti Bot: Unrecognizable Form
« Reply #11 on: May 09, 2009, 11:16:49 PM »
you have a screen shot?  ;) I really want to see how it looks before put it on my forum
http://movies-on-mediafire.com

Never dying collection of high definition mediafire movies link

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #12 on: May 09, 2009, 11:24:36 PM »
you have a screen shot?  ;) I really want to see how it looks before put it on my forum

It doesn't look like anything. See the explanation from .LORD above.

Offline webline

  • Semi-Newbie
  • *
  • Posts: 13
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #13 on: May 11, 2009, 06:31:29 AM »
@.LORD.

thx, it works perfectly

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #14 on: May 12, 2009, 12:07:49 PM »
How bout a real life example? At least I think it is.

 This guy caught my attention in the referrer file because the ip address was from a .RU domain, but was referred from my site itself which shouldn't happen if the standard button clicking method was used to access those links. The following is from my Apache log at about 10 after 10 this morning.

89.223.116.128 - - [12/May/2009:10:10:48 -0400] "POST /index.php?action=login2 HTTP/1.0" 200 13105 "http://gregnmary.gotdns.com/index.php?action=login" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
::1 - - [12/May/2009:10:10:59 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"

He (it?) didn't get in and I assume got the error message about registrations being disabled.

Good work chief. This should be a must have for SMF users.
« Last Edit: May 12, 2009, 12:42:37 PM by Tiribulus »

Offline ThePro

  • Jr. Member
  • **
  • Posts: 143
Re: Anti Bot: Unrecognizable Form
« Reply #15 on: May 12, 2009, 02:05:43 PM »
what exactly does this mod do, does it change the url of the register form?

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #16 on: May 12, 2009, 02:58:52 PM »
what exactly does this mod do, does it change the url of the register form?

See the explanation from .LORD above.

Offline goodman854

  • Jr. Member
  • **
  • Posts: 155
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #17 on: May 12, 2009, 11:14:30 PM »
Actualy its not very well explaned.

Offline Tiribulus

  • Sr. Member
  • ****
  • Posts: 976
  • Gender: Male
Re: Anti Bot: Unrecognizable Form
« Reply #18 on: May 12, 2009, 11:34:05 PM »
The short version is it detects spambots when they attempt to bypass the normal registration routine and returns an error saying registrations are disabled.

Online zilladotexe

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 11,093
  • Gender: Male
    • zilladotexe on GitHub
    • @zilladotexe on Twitter
    • XboxLeaders.com
Re: Anti Bot: Unrecognizable Form
« Reply #19 on: May 13, 2009, 12:23:29 AM »
The short version is it detects spambots when they attempt to bypass the normal registration routine and returns an error saying registrations are disabled.

It doesn't detect spambots. Instead, it changes the XHTML formatting from the default SMF one so that bots don't recognize it and can't fill out the form correctly.
zilladotexe
Formerly known as "JBlaze"
Former Support & Customization     
Professional Bug Creator
Current Projects     
Xbox LIVE API
SM Classifieds
SimpleXBL
Important Links
Please, no PMs for support.
Unmanaged VPS Starting at $20/mo