Anti Bot: Unrecognizable Form

Started by vbgamer45, May 08, 2009, 11:45:43 PM

Previous topic - Next topic

vbgamer45

Link to the mod

Anti Bot: Unrecognizable Form v1.1

Compatible With:SMF 1.1.X - SMF 2 Beta & RC1
Created By:.LORD.
Version:1.1
Initial Release:2nd May 2009
Languages:All
This MOD make a fake Form and make unrecognizable (for bots) the real Form.

The bots will use the "fake Form" and the humans the "real Form".

Your users will not notice the difference, and the bots receive a error message for sidetrack.

How to test this MOD?
1.- Open the form to register a new user (not send).
2.- Installing the MOD.
3.- Send the form opened in the step 1. (and see the "error message")
4.- Now send a form opened after installing the MOD. (and register without problem)

Why? The bots will continue using the "old form", the form SMF's by default.

Extra: How it works?
Post 1
Post 2
Post 3

Quote from: Karl BensonIt is a cat and mouse game between forum software and bot-creators to secure forums against spam bots.
Using generic/centralised anti-spam measures makes it viable for bot-creators to try to get past them.
If every forum employs completely different anti-bot measures it makes it almost impossible to create bots for mass-automated registration.

Code (CHANGELOG) Select
1.1 - 29th May 2009
   o Now the register page isn't cacheabled. It is useful against "Send Form" and "Go Back"
   o Fix a bug in Register.template and password visible. Thanks DistantJ for report
1.0 - 2nd May 2009
   o Initial release
   o Adds Mutation in the Form Register
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

JBlaze

Very nice .LORD.!

This is interesting! Installing on my forum as we speak.
Jason Clemons
Former Team Member 2009 - 2012

brelwit

Doesn't work for me.  After doing a test registration, it produces an error "Registration is disabled" or something like that.

Sudhakar Arjunan

Good concept .LORD.

It would be really good if there is an screenshot.
Working on New Mods & Themes for SMF... Will update soon... My Blog page
My Smf forum : Discuss ITAcumens :: My SMF Forum

blondeamon

Always looking for the best

www.kamenos.gr  Greek Gaming Community

Tiribulus

Lemme see if I got this.

Open a registration form, fill it out, but don't submit it yet.

Install the mod.

Click submit for the registration begun in step 1. There will be an error.

Register a new account as usual and everything is now invisible.

A couple things first.

JBlaze has no hesitation about this and I know he knows what he's doing (not that you don't) so that's a plus.

However, I can't help asking, how are future registrations determined to be either fake or real? Also is this testing deal some sort of "activation" or something? I'm not grilling you, it's just that my over active mind gets the best of me sometimes when I don't understand something.

.LORD.

Quote from: JBlaze™ on May 08, 2009, 11:49:45 PM
Very nice .LORD.!

This is interesting! Installing on my forum as we speak.

Thanks for comment :D

Quote from: brelwit on May 09, 2009, 12:54:17 AM
Doesn't work for me.  After doing a test registration, it produces an error "Registration is disabled" or something like that.

This error is showed (for sidetrack) if you even use the "old form.

If you reload a new page to register shouldn't leave that message.

Quote from: A.SK on May 09, 2009, 02:58:52 PM
Good concept .LORD.

It would be really good if there is an screenshot.

Ok, but... screenshot of code XHTML XD

The MOD visually there is no difference. The change is in the XHTML.

The bots are still using the "normal XHTML" of the register template, but now this template is mutating randomly.

Quote from: blondeamon on May 09, 2009, 05:23:31 PM
cool mod, thanks

Thanks for comment :D

.LORD.

Quote from: Tiribulus on May 09, 2009, 05:59:15 PM
Lemme see if I got this.

Open a registration form, fill it out, but don't submit it yet.

Install the mod.

Click submit for the registration begun in step 1. There will be an error.

Register a new account as usual and everything is now invisible.

A couple things first.

JBlaze has no hesitation about this and I know he knows what he's doing (not that you don't) so that's a plus.

However, I can't help asking, how are future registrations determined to be either fake or real? Also is this testing deal some sort of "activation" or something? I'm not grilling you, it's just that my over active mind gets the best of me sometimes when I don't understand something.

Excuse me if I have not understood.

The MOD makes this. But first we must understand how bots operate.

The users do click on the link Register. Fill the boxes and then click on the button Register.

The bots don't make that. The bots sent the variables with his registration.

What variables? What are the names of the variables?

The Spammers will study who to break the software. In the case of a forum (in this case SMF), the registers variable is always the same name (user, email, passwrd1, passwrd2). So no problem in sending these variables filled with his information.

This MOD makeup, random mutations in the register template form, and (eg) the changes to (a3423ads234234asdasd, sdf34a56234234asdasd, blah, blah).

Spammers don't know this, then they will send the variables (user, email, passwrd1, passwrd2) as always.

Moreover, if their registration fails, the spammers they can see the error message. Then make a page re study, and will modify their bot. The "message of error/distraction" will think the spammers the registration failed because your forum have the register disable.

Sorry for my bad English. :)

imno007

Are there options for this in the admin?

JBlaze

Jason Clemons
Former Team Member 2009 - 2012

Tiribulus

#10
Quote from: .LORD. on May 09, 2009, 07:40:52 PM


Excuse me if I have not understood.

The MOD makes this. But first we must understand how bots operate.

The users do click on the link Register. Fill the boxes and then click on the button Register.

The bots don't make that. The bots sent the variables with his registration.

What variables? What are the names of the variables?

The Spammers will study who to break the software. In the case of a forum (in this case SMF), the registers variable is always the same name (user, email, passwrd1, passwrd2). So no problem in sending these variables filled with his information.

This MOD makeup, random mutations in the register template form, and (eg) the changes to (a3423ads234234asdasd, sdf34a56234234asdasd, blah, blah).

Spammers don't know this, then they will send the variables (user, email, passwrd1, passwrd2) as always.

Moreover, if their registration fails, the spammers they can see the error message. Then make a page re study, and will modify their bot. The "message of error/distraction" will think the spammers the registration failed because your forum have the register disable.

Sorry for my bad English. :)

That is a perfectly splendid explanation and answers my questions. I did not know any of that and it's very interesting. Spambots bypass the form and try to inject the registration variables directly. So this mod makes it so whenever that operation takes place it returns the error, but when the regular registration form is used by a real new user it just works like normal. If I understood correctly. Very very good indeed!

Don't be sorry about your English buddy. You're doin better than I ever would with Spanish :)

EDIT: I had to manually edit the register.php file, but this looks like it's working for me just like you say.

Luckily I have a few machines on a KVM switch so I started a registration on a different computer and after installing/editing it returned the "registrations are disabled" error. A new registration after that worked perfectly. Pretty SPIFFY there amigo!! You even get a demonstration of my muy bueno Spanish :D

dr.wills

you have a screen shot?  ;) I really want to see how it looks before put it on my forum
http://movies-on-mediafire.com

Never dying collection of high definition mediafire movies link

Tiribulus

Quote from: akaiphan on May 09, 2009, 11:16:49 PM
you have a screen shot?  ;) I really want to see how it looks before put it on my forum

It doesn't look like anything. See the explanation from .LORD above.

webline


Tiribulus

#14
How bout a real life example? At least I think it is.

This guy caught my attention in the referrer file because the ip address was from a .RU domain, but was referred from my site itself which shouldn't happen if the standard button clicking method was used to access those links. The following is from my Apache log at about 10 after 10 this morning.

89.223.116.128 - - [12/May/2009:10:10:48 -0400] "POST /index.php?action=login2 HTTP/1.0" 200 13105 "http://gregnmary.gotdns.com/index.php?action=login" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
::1 - - [12/May/2009:10:10:59 -0400] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.2.8 (Linux/SUSE) (internal dummy connection)"

He (it?) didn't get in and I assume got the error message about registrations being disabled.

Good work chief. This should be a must have for SMF users.

ThePro

what exactly does this mod do, does it change the url of the register form?

Tiribulus

Quote from: ThePro on May 12, 2009, 02:05:43 PM
what exactly does this mod do, does it change the url of the register form?

See the explanation from .LORD above.

Goodman854

Actualy its not very well explaned.

Tiribulus

The short version is it detects spambots when they attempt to bypass the normal registration routine and returns an error saying registrations are disabled.

JBlaze

Quote from: Tiribulus on May 12, 2009, 11:34:05 PM
The short version is it detects spambots when they attempt to bypass the normal registration routine and returns an error saying registrations are disabled.

It doesn't detect spambots. Instead, it changes the XHTML formatting from the default SMF one so that bots don't recognize it and can't fill out the form correctly.
Jason Clemons
Former Team Member 2009 - 2012

Advertisement: