News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Help insert custom field with code for bot control

Started by FinalBoss, July 01, 2015, 07:09:17 AM

Previous topic - Next topic

FinalBoss

Hello, again forgive me if this is in the wrong spot.

I recently had a few bots visit my forum and register - they stood out when they answered a few questions oddly but I cannot always rely on the stupidity of some bots.

I recently read an article at :

and it suggested inserting a field that humans cannot see but a bot could; the example was the red text below.

And also to protect against bots! Let's see how...

First, in your registration form, add a new input field and hide it using a CSS. Be sure to use "{display:none}" to not break the page design:

<style type="text/css">
div .AntiBot {display:none;}
</style>

<td><div class="AntiBot">
  <input name="AntiBot_RmBo9X20Yo" type="text">
</div></td>

Assign a unique name to your input field, this will make your life easier for detection and reporting. Then, create a ModSecurity rule which will block all POST requests with a value added to the hidden field:

SecRule ARGS:AntiBot_RmBo9X20Yo "(\S+)" \
        "auditlog,deny,log,msg:'Denied user creation by a bot'"


Could someone please help me by explaining this in a little more detail on how i can do this using my SMF Profile fields.

The full article is located at H T T P : / / blog.rootshell.be/2012/08/09/kicking-out-bots-with-modsecurity/ [nofollow]

I might also note that I was having issues with Mod_security and the 404 error? so I took someones advice by disabling the error, will this effect the proccess above. If i have to I can just deal with the first part of the code, but id prefer to do both.

Thank you for your time.


Illori

if you are trying to stop bots read http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do and take a look at http://custom.simplemachines.org/mods/index.php?mod=3685 linked from that article.

what you are trying to do is more complicated then it has to be.

FinalBoss


Advertisement: