httpBL

snoopy_virtual · June 19, 2011, 11:15:25 AM

@etbrown4

Mod httpBL on its own it's not enough to stop the spammers. Also (as Sea Mac was saying and we have confirmed in other forums) it looks like some bots have found already a way to pass the warning page, so the mod is not stopping these ones at all.

So you need to have something else to specifically stop them at registration time.

Apart from the mod Sea Mac was suggesting (Stop Spammer) I will suggest as well to activate the Anti-Spam Questions I also recommend in the tutorial Sea Mac was talking about. For me these Anti-Spam Questions are even more important than any other anti-spam mod.

@Sea Mac

We have already been talking about these new bots in other forums and we can confirm that those bots have already learned to pass the warning page.

I knew ages ago this time will come. In fact I thought they will need a lot less than the 2 years it took them to crack it. It doesn't matter how complicated any captcha system is: the people who create these bots always find a way to crack them, so I already said when I created that warning page that we will be using it until the bots find a way to crack it. We just need to change the warning page and use another system until they crack it again.

I already started a few days ago to create a brand new warning page that will stop them again for a while. (Hopefully a little more than 2 years).

Anyway we have a big problem here. The guys who create these bots can also read everything I say here and in all the tutorials I write, because they are all in public forums where everyone in the world have read access. And, with so many people asking always the same questions and asking me to explain again how this mod works, they have a lot of chances to see exactly how to crack the system.

In fact we are sure that one of the most dangerous guys there (the creator of the worst and more active spam-bots in the world) is following this thread every day with a lot of interest.

(Hi botmaster, how-ya-doin? Nice to see you here again

)

So I suppose you won't mind if this time I don't explain here what I am doing and how I plan to stop them. I know eventually they will find a way to crack it again, but I hope this time they will need to work a little harder.

In the mean time, while I finish that new warning page, there is a small trick you can do that will make their life a little harder.

Look into your warning page and find this line:

Code Select


	$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] : 0 ;

Replace it with:

Code Select


	$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 1 : 0 ;

Now look for this line:

Code Select


	$captcha = httpBL_captcha($last_answer);

Replace it with:

Code Select


	$captcha = httpBL_captcha($last_answer);
	$captcha['answer'] = $captcha['answer'] + 1;

Of course, as I said, they are reading this, so you need to do something different (or it will be too easy for them).

What I have done just now is to take away 1 in one line and add also 1 in another line. You need to choose a different number.

For example imagine you choose number 156. Then the first line will be:

Code Select


	$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 156 : 0 ;

And the second one:

Code Select


	$captcha = httpBL_captcha($last_answer);
	$captcha['answer'] = $captcha['answer'] + 156;

Now you need to choose a number that is not 1 and is not 156

but I hope you get the idea.

Try it and let me know if this stop them or not.

butchs · June 19, 2011, 12:31:50 PM

Quote from: snoopy_virtual on June 19, 2011, 11:15:25 AM
(Hi botmaster, how-ya-doin? Nice to see you here again )

He was arrested by the FBI in 2005. Once he was caught there is nothing he can do on the internet that the FBI does not know about. I am sure you mean someone else...

Sea Mac · June 19, 2011, 04:25:49 PM

Yes, I agree it should not be discussed at any length ...I'll let you know how the Captcha offset works when I try it.

Nosy · June 21, 2011, 08:29:31 AM

First of all: Thanks to Snoopy for the modification and the tutorial. Thought it was easy

But sorry, I need help to get the httpBl running.

I followed all steps of Snoopy's Tutorial

Registerd at the projecthoneypot.org [nofollow]
Get the script and the API
Load the module httpBL_v2_5_1.zip and follwed the instructions

and receive this:

Thought I can adjust here the rest, insert the API and so on.

Can't find a hint in this Thread or anywhere else.

Infos:
myhoneypot.php is in the root directory
honeypotlink is integrated in index.htm
SMF is 1.1.14
on the web-server is next the
directory /forum -> running forum
directory /.../Test_Forum_SMF/ -> installed to check out modifikations or settings before taken over in the real Forum
using the default-Theme
index.template.php looks fine

I have no further idea, hope, I can get here new ideas/hints

Greetings
Claudia

snoopy_virtual · June 21, 2011, 09:59:58 AM

Hi Claudia.

That's a language issue.

When you install the mod it only makes the necessary languages changes to the files Modifications.english.php and Modifications.spanish.php inside the folder /Themes/default/languages/ because that's the 2 languages I use in my forums.

(In fact it tries to modify a few more files, considering that English has also a english.british version, Spanish has 2 different versions spanish_es and spanish_latin and all those languages have 2 versions, normal and UTF-8, but I was trying to simplify it so you can understand it better).

I don't know enough German to be sure, but it looks to me that's the language you are using in your forum, so I will explain what you need to do for that language. If it's another language let me know.

This mod hasn't been translated to German yet, so every time the mod needs to use a language string, it looks into the file Modifications.german.php (inside the /default/languages/ folder) and, as it doesn't find it there, it uses the string inside Modifications.english.php (as English is the default language for SMF).

So I suppose, if you had tried the mod in your test forum using the default Theme it would have work properly.

But that picture you are showing there is not using the default Theme. I don't know the name of that Theme, but let's call it "yourtheme" so I can explain it.

That Theme you are using has a mistake that is very common to a lot of Themes. Look inside the folder /Themes/yourtheme/language/ and check if you have inside it the files Modifications.german.php and Modifications.english.php (I bet you have). That's a mistake. All the files like Modifications.whatever.php should be only inside the folder /Themes/default/languages/ and shouldn't be copied to any other folder, because all the mods do the language changes inside that folder only.

When you have a file Modifications.whatever.php inside the folder /Themes/yourtheme/language/ the mods look for the language strings inside that file. When they don't find it, they look inside the file Modifications.english.php but inside yourtheme folder (not the default one) and if those strings are not there either, they come back empty, and that's why all the language strings look blank.

The best solution (a little more complicated but more proper) is to compare the files Modifications.english.php inside both folders (/default/language/ and /yourtheme/language/) copying all the strings missing from the default one into yourtheme one and copying all the missing lines from yourtheme one into the default one until both files are exactly the same.

Do the same process with all the rest of the files Modifications.whatever.php you may have inside both folders until all of them are exactly the same.

Once you are sure there are no missing lines inside any of them and that all the files Modifications.whatever.php inside the folders /default/language/ and /yourtheme/language/ are exactly the same, delete all the files Modifications.whatever.php inside the folder /Themes/yourtheme/language/

This way, all the mods will look for the language files only inside the default folder and you won't have any more problems if you ever install, uninstall or upgrade any mod.

======

If you think all that process is too complicated for you, let me know and I will tell you an easier and quicker way to sort it, but that easy way will not be definitive, so if you do it you may have problems again in the future (either with this mod or with other mods) when you install, uninstall or upgrade any of them.

Nosy · June 21, 2011, 10:12:27 AM

I should have thought about this. Thank you for this hint.

Problem is: I'm not the one, who installed the SMF, and they have told me ... year ago, they have change/copy/paste /manipualte the language files ... I have to declutter it

Maybe they have renamed the Themes/yourtheme/language in Themes/default/language

snoopy_virtual · June 21, 2011, 10:52:51 AM

Let me know if you get it sorted or if you find any problems trying to sort it, but definitely the problem is inside those files.

Nosy · June 22, 2011, 03:19:23 AM

Mod httpBL is ON, it is up-to-date and the connection with HoneyPot is perfect.

It was /Themes/default/languages/
but in Test-Forum the default language wasn't english - that have been all

Activated httpBL just a few minutes ago.

Next step will be the Mod Stop Spammer, a few more Honeypots ....

Thanks for the immediately help

Greetings
Claudia

capitalw · June 22, 2011, 08:06:31 PM

Quote from: snoopy_virtual on June 19, 2011, 11:15:25 AM
@etbrown4

Mod httpBL on its own it's not enough to stop the spammers. Also (as Sea Mac was saying and we have confirmed in other forums) it looks like some bots have found already a way to pass the warning page, so the mod is not stopping these ones at all.

So you need to have something else to specifically stop them at registration time.

Apart from the mod Sea Mac was suggesting (Stop Spammer) I will suggest as well to activate the Anti-Spam Questions I also recommend in the tutorial Sea Mac was talking about. For me these Anti-Spam Questions are even more important than any other anti-spam mod.

@Sea Mac

We have already been talking about these new bots in other forums and we can confirm that those bots have already learned to pass the warning page.

I knew ages ago this time will come. In fact I thought they will need a lot less than the 2 years it took them to crack it. It doesn't matter how complicated any captcha system is: the people who create these bots always find a way to crack them, so I already said when I created that warning page that we will be using it until the bots find a way to crack it. We just need to change the warning page and use another system until they crack it again.

I already started a few days ago to create a brand new warning page that will stop them again for a while. (Hopefully a little more than 2 years).

Anyway we have a big problem here. The guys who create these bots can also read everything I say here and in all the tutorials I write, because they are all in public forums where everyone in the world have read access. And, with so many people asking always the same questions and asking me to explain again how this mod works, they have a lot of chances to see exactly how to crack the system.

In fact we are sure that one of the most dangerous guys there (the creator of the worst and more active spam-bots in the world) is following this thread every day with a lot of interest.

(Hi botmaster, how-ya-doin? Nice to see you here again )

So I suppose you won't mind if this time I don't explain here what I am doing and how I plan to stop them. I know eventually they will find a way to crack it again, but I hope this time they will need to work a little harder.

In the mean time, while I finish that new warning page, there is a small trick you can do that will make their life a little harder.

Look into your warning page and find this line:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] : 0 ;

Replace it with:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 1 : 0 ;

Now look for this line:
Code Select Expand
$captcha = httpBL_captcha($last_answer);

Replace it with:
Code Select Expand
$captcha = httpBL_captcha($last_answer); $captcha['answer'] = $captcha['answer'] + 1;

Of course, as I said, they are reading this, so you need to do something different (or it will be too easy for them).

What I have done just now is to take away 1 in one line and add also 1 in another line. You need to choose a different number.

For example imagine you choose number 156. Then the first line will be:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 156 : 0 ;

And the second one:
Code Select Expand
$captcha = httpBL_captcha($last_answer); $captcha['answer'] = $captcha['answer'] + 156;

Now you need to choose a number that is not 1 and is not 156 but I hope you get the idea.

Try it and let me know if this stop them or not.

How about making the numbers random? I haven't been able to make my random idea work yet so I can't provide code...I know it is a simple error on my part and laziness for not looking it up.

snoopy_virtual · June 22, 2011, 10:46:16 PM

As I said I am working in a lot more permanent solution.

That's only a small tweak to stop them in the mean time.

BTW we have confirmed already in a lot of forums that this tweak works. They cannot pass it.

Dramber · June 23, 2011, 10:24:25 AM

I can confirm that. The tweak has stopped them cold on my forums.
Thanks for continuing to work on this mod Snoopy.

snoopy_virtual · June 23, 2011, 12:49:40 PM

No problem.

I hate spammers more than anything else in this world

capitalw · June 23, 2011, 07:01:30 PM

Quote from: snoopy_virtual on June 19, 2011, 11:15:25 AM
@etbrown4

Mod httpBL on its own it's not enough to stop the spammers. Also (as Sea Mac was saying and we have confirmed in other forums) it looks like some bots have found already a way to pass the warning page, so the mod is not stopping these ones at all.

So you need to have something else to specifically stop them at registration time.

Apart from the mod Sea Mac was suggesting (Stop Spammer) I will suggest as well to activate the Anti-Spam Questions I also recommend in the tutorial Sea Mac was talking about. For me these Anti-Spam Questions are even more important than any other anti-spam mod.

@Sea Mac

We have already been talking about these new bots in other forums and we can confirm that those bots have already learned to pass the warning page.

I knew ages ago this time will come. In fact I thought they will need a lot less than the 2 years it took them to crack it. It doesn't matter how complicated any captcha system is: the people who create these bots always find a way to crack them, so I already said when I created that warning page that we will be using it until the bots find a way to crack it. We just need to change the warning page and use another system until they crack it again.

I already started a few days ago to create a brand new warning page that will stop them again for a while. (Hopefully a little more than 2 years).

Anyway we have a big problem here. The guys who create these bots can also read everything I say here and in all the tutorials I write, because they are all in public forums where everyone in the world have read access. And, with so many people asking always the same questions and asking me to explain again how this mod works, they have a lot of chances to see exactly how to crack the system.

In fact we are sure that one of the most dangerous guys there (the creator of the worst and more active spam-bots in the world) is following this thread every day with a lot of interest.

(Hi botmaster, how-ya-doin? Nice to see you here again )

So I suppose you won't mind if this time I don't explain here what I am doing and how I plan to stop them. I know eventually they will find a way to crack it again, but I hope this time they will need to work a little harder.

In the mean time, while I finish that new warning page, there is a small trick you can do that will make their life a little harder.

Look into your warning page and find this line:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] : 0 ;

Replace it with:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 1 : 0 ;

Now look for this line:
Code Select Expand
$captcha = httpBL_captcha($last_answer);

Replace it with:
Code Select Expand
$captcha = httpBL_captcha($last_answer); $captcha['answer'] = $captcha['answer'] + 1;

Of course, as I said, they are reading this, so you need to do something different (or it will be too easy for them).

What I have done just now is to take away 1 in one line and add also 1 in another line. You need to choose a different number.

For example imagine you choose number 156. Then the first line will be:
Code Select Expand
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 156 : 0 ;

And the second one:
Code Select Expand
$captcha = httpBL_captcha($last_answer); $captcha['answer'] = $captcha['answer'] + 156;

Now you need to choose a number that is not 1 and is not 156 but I hope you get the idea.

Try it and let me know if this stop them or not.

I just noticed after trying this that httpBL will return this error: "errorNumber = 105 - No defined yet" on some, but not all entries for attempts lower than the do-not-show-captcha setting.

It seems to work fine when I test it and no errors show up in the error log. I have noticed that the IP addresses which cause that error are ones of known spammers that httpBL nails on a daily basis. I have tested both with good answers and bad ones.

I did a copy and paste of your code on the lines and changed the number to one of my choosing (the same one in both places). I did not leave the original lines (I do enough PHP and other languages to know better...I hope...), and see only that change from the original to the modification.

Thanks!

snoopy_virtual · June 23, 2011, 07:21:23 PM

Yes, I forgot to add the definition of the error number 105 inside the file.

It means:

"5 answers in the captcha. 0 Good, 5 Bad"

EL34 · June 24, 2011, 10:40:20 AM

QuoteFor example imagine you choose number 156. Then the first line will be:

Code: [Select]
   $answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - 156 : 0 ;

And the second one:

Code: [Select]
   $captcha = httpBL_captcha($last_answer);
   $captcha['answer'] = $captcha['answer'] + 156;

I suppose you could define a variable at the at top of the page and use it in the two lines shown below?
That way you can go to the warning page and change the number easily and in just one place?
How's the code below look?

Code Select

// top of page in common variables section
$MyNumber = '137';

// codes lines to be changed
$answer = isset($_POST['httpBL_answer']) ? (int)$_POST['httpBL_answer'] - $MyNumber : 0 ;

$captcha = httpBL_captcha($last_answer);
$captcha['answer'] = $captcha['answer'] + $MyNumber;

snoopy_virtual · June 24, 2011, 04:50:22 PM

It looks OK. It's a good idea if you want to change the number every now and then.

Storman™ · June 25, 2011, 02:24:36 PM

Re: 2.5.1

Hi there's a dinky css error in warning_css.css on line 30

Should be a semi-colon and it's a swigly bracket

busterone · June 25, 2011, 03:24:57 PM

Ahh, indeed. My copy is repaired. Never noticed it before.

capitalw · June 25, 2011, 03:54:54 PM

Quote from: snoopy_virtual on June 23, 2011, 07:21:23 PM
Yes, I forgot to add the definition of the error number 105 inside the file.

It means:

"5 answers in the captcha. 0 Good, 5 Bad"

Thanks for the answer to this...it only showed up after I made the changes you mentioned above, so I didn't know if it was related or not. I do not have any entries in the httpBL error log so I was doubly curious.

Could EL34's idea be used with random number generation?

snoopy_virtual · June 25, 2011, 04:12:56 PM

Quote from: Storman on June 25, 2011, 02:24:36 PM
Re: 2.5.1

Hi there's a dinky css error in warning_css.css on line 30

Should be a semi-colon and it's a swigly bracket

Yes, indeed. That's an stupid error. The kind of errors I do every now and then. (Did I told you about the time I was so concentrated trying to save a pawn that forgot to defend the Queen? I lost that game obviously.

)

Actually, when I went to add that to my TODO list to correct it in the next version I saw that it was already there. It was already reported by our friend Skhilled some time ago, together with a few more errors.

You can see the full list of those errors reported by Skhilled here:

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=410.0

Read also my answers to that, because one of the errors reported by him is not an error.

I really would like one day to have time to finish the new version and correct all those errors. (And all the rest I have in my TODO list).

Quote from: capitalw on June 25, 2011, 03:54:54 PM
Could EL34's idea be used with random number generation?

Not really.

The problem doing that randomly is you need to reload the page a few times, sending the form every time with those values and the page need to check every time if the answers are correct or not.

If you use a random number (different every time the page reload) you have no way of checking if the answer is correct or not.

There are a few ways to do this using random numbers, but all of them complicated and (as I said before) I am working in a more permanent solution using something completely different, so I don't see the point on losing any time with random numbers there when that small tweak works just now and hopefully it will be good enough untill I have time to finish the new version.

News:

httpBL