• Welcome to Simple Machines Community Forum. Please login or sign up.

Anti Bot: Unrecognizable Form

Started by vbgamer45, May 08, 2009, 11:45:43 PM

Previous topic - Next topic

Tiribulus

Quote from: JBlaze™ on May 13, 2009, 12:23:29 AM
Quote from: Tiribulus on May 12, 2009, 11:34:05 PM
The short version is it detects spambots when they attempt to bypass the normal registration routine and returns an error saying registrations are disabled.

It doesn't detect spambots. Instead, it changes the XHTML formatting from the default SMF one so that bots don't recognize it and can't fill out the form correctly.

But doesn't it do that by recognizing when a non standard attempt at registration takes place. In other words, not by detecting spambots per se, but by sensing their activity? You would know better than I would and maybe I misunderstood him, but that's  what I thought he was saying anyway. No?

JBlaze

It randomly changes (or in his words, "morphs") the XHTML randomly on each page load.
Jason Clemons
Former Team Member 2009 - 2012

Tiribulus

Quote from: JBlaze™ on May 13, 2009, 01:13:10 AM
It randomly changes (or in his words, "morphs") the XHTML randomly on each page load.

I guess what it looks like I'm really missing from him and yourself is how it distinguishes between a legit and miscreant registration. I really am just trying to understand, please don't take me like I'm arguing with you. I thought he was saying when there is an attempt to place the variables for registration directly into the relevant files without following the routine it gave a fake form and threw up the error. I know you're busy and this isn't your mod so don't feel obligated to answer this, but now my curiosity is piqued again.

.LORD.

Quote from: Tiribulus on May 13, 2009, 10:38:29 AM
Quote from: JBlaze™ on May 13, 2009, 01:13:10 AM
It randomly changes (or in his words, "morphs") the XHTML randomly on each page load.

I guess what it looks like I'm really missing from him and yourself is how it distinguishes between a legit and miscreant registration. I really am just trying to understand, please don't take me like I'm arguing with you. I thought he was saying when there is an attempt to place the variables for registration directly into the relevant files without following the routine it gave a fake form and threw up the error. I know you're busy and this isn't your mod so don't feel obligated to answer this, but now my curiosity is piqued again.

The XHTML register form always will be mutated on each page load.

Bots "fill" the form (form 'static') that should have the register template of SMF.

The bots don't fill (to date) the Real form (the mutated form).

To the Forum, the "form static" now would be a "false form". If the "false form" is filled, only can be a bot.

Any question, you can do :)

Astra_200

I'm not sure I fully understand how this mod does what it does and I'm not sure I really need to?

All I need to know I guess - is this mod better at protecting a forum than any other anti bot mod?

Should this mod instal automatically just like any other? Sorry to appear thick but whats all this about?

...Open a registration form, fill it out, but don't submit it yet. Install the mod. Click submit for the registration begun in step 1. There will be an error. Register a new account as usual and everything is now invisible.

I did try and install package but got errors in ./Sources/Register.php

I have 2.0 RC1 and a custom theme, also 'are you human' mod installed already.

Can anyone help please?

Tiribulus

Quote from: .LORD. on May 17, 2009, 09:57:46 PM
The XHTML register form always will be mutated on each page load.
Is this before or after the mod and what page load do you mean? It loads once until you click register. I think you're saying after?

Please forgive my lack of expertise or plain boneheadedness with these question. I'm sure it's quite simple and I'm just missing it.

Quote from: .LORD. on May 17, 2009, 09:57:46 PM
Bots "fill" the form (form 'static') that should have the register template of SMF.

The bots don't fill (to date) the Real form (the mutated form).

To the Forum, the "form static" now would be a "false form". If the "false form" is filled, only can be a bot.

Any question, you can do :)

I must have rocks in my head or something :-[ I'm still not understanding how the actions of a bot are seen by the forum as different than the actions of a user. What does a bot do different than a real user that returns the static rather than morphed form? How does a bot not produce this page load that brings the new form? I do so appreciate your patience.

annikk.exe

Has anyone upgraded from 1.1.8 to 1.1.9 with this mod installed?  How did it go?


-Annikk

WindsorLive!

Quote from: annikk.exe on May 21, 2009, 04:48:45 AM
Has anyone upgraded from 1.1.8 to 1.1.9 with this mod installed?  How did it go?


-Annikk

Did 2 forums with no problems at all. Simple, short and sweet. Best one yet!


Ok now to this mod.
I was looking for 1 simple answer but the info provided is excellent!

My question and forgive me for being foggy,
To follow the steps I am assuming we need to open a different  browser as a guest, then proceed to the register form to "register" as a new user, correct? :-\

Basically, do I need to have 2 separate browsers, one logged in to admin and one as a guest. ???

Personal Endevour:
Local Community Resources and Web Accessibility Portal
http://windsorlive.com and http://forum.windsorlive.com

Alter ego's site: Local Adult Entertainment Guide
http://xxxwindsor.com and http://fanzone.xxxwindsor.com

Powered by SMF
(my alter ego say's SMF stands for Sick Mother F..., well you know
btw: that's a good thing!

annikk.exe

QuoteDid 2 forums with no problems at all. Simple, short and sweet. Best one yet!

Sweet - thanks!  :>


-Annikk

Tiribulus

That's a good question. Just tested it and no problems for me either.

DistantJ

This is a great idea, and works, but there's a problem...

Upon installing this, the password fields are no longer masked - the passwords are completely visible when being typed in in both of the fields, so anybody around while somebody is registering will be able to see their password.

Tiribulus

I didn't notice this, but if it's the case, the trade is well worth it in my opinion.

DistantJ

I can probably fix this myself now that I think about it... If I can sort it I'll paste the code in here.

sevacycles

Yeah i noticed that as well. If anyone has a fix let us know. thanks

.LORD.

Quote from: Astral2000 on May 20, 2009, 08:57:21 AM
I'm not sure I fully understand how this mod does what it does and I'm not sure I really need to?

All I need to know I guess - is this mod better at protecting a forum than any other anti bot mod?

No MOD is better than other MOD. This MOD is other option.

This quote is very good:

Quote from: Tiribulus on May 18, 2009, 12:06:20 PM
No forum package, or any other package for that matter, will ever be entirely impervious to every possible attack no matter how well written.

Also:

Quote from: Karl BensonIt is a cat and mouse game between forum software and bot-creators to secure forums against spam bots.
Using generic/centralised anti-spam measures makes it viable for bot-creators to try to get past them.
If every forum employs completely different anti-bot measures it makes it almost impossible to create bots for mass-automated registration.




Quote from: Astral2000 on May 20, 2009, 08:57:21 AM
Should this mod instal automatically just like any other? Sorry to appear thick but whats all this about?

...Open a registration form, fill it out, but don't submit it yet. Install the mod. Click submit for the registration begun in step 1. There will be an error. Register a new account as usual (*)and everything is now invisible.

...(*) and now registration is successful.

These steps are just to "simulate" what would happen if a bot try register.

The bot will use the Form was before you install the MOD, the normal Form of SMF.

Quote from: Astral2000 on May 20, 2009, 08:57:21 AM
I did try and install package but got errors in ./Sources/Register.php

I have 2.0 RC1 and a custom theme, also 'are you human' mod installed already.

Can anyone help please?

Ok, you can attach this file.

I have install this MOD in order, and not have problem.




Quote from: Tiribulus on May 20, 2009, 11:42:08 AM
Is this before or after the mod and what page load do you mean? It loads once until you click register. I think you're saying after?

After. And every time that you click in register, or refresh the page.

Quote from: Tiribulus on May 20, 2009, 11:42:08 AM
I must have rocks in my head or something :-[ I'm still not understanding how the actions of a bot are seen by the forum as different than the actions of a user. What does a bot do different than a real user that returns the static rather than morphed form? How does a bot not produce this page load that brings the new form? I do so appreciate your patience.

No problem. This concept is difficult. I even had trouble explaining to people/somebody that they know programming and speaks my language. :P

The bot will use the Form was before you install the MOD, the normal Form of SMF.

Why? because the bot was programmed; because the bot don't know that the form is morphing.

If the "normal Form" is sent, then only will can be a bot.

The user always will send the mutated Form. Why? because the users wrote their data in the inputs texts and send, and the bots send variable with the data.




Quote from: WindsorLive! on May 21, 2009, 11:04:21 AM
Quote from: annikk.exe on May 21, 2009, 04:48:45 AM
Has anyone upgraded from 1.1.8 to 1.1.9 with this mod installed?  How did it go?

-Annikk

Did 2 forums with no problems at all. Simple, short and sweet. Best one yet!

Ok now to this mod.
I was looking for 1 simple answer but the info provided is excellent!

My question and forgive me for being foggy,
To follow the steps I am assuming we need to open a different  browser as a guest, then proceed to the register form to "register" as a new user, correct? :-\

Basically, do I need to have 2 separate browsers, one logged in to admin and one as a guest. ???

Thanks for help and for your comment :D

About your question. mmm, yes, you can use two browsers, or two computers, or the same computer and the same browser but: open the form in a tab, login in other tab, install the mod, logout, change tab, send the form (and fail), reload this page and retry register.

But, only if you like test the mod.




Quote from: DistantJ on May 25, 2009, 12:51:36 PM
This is a great idea, and works, but there's a problem...

Upon installing this, the password fields are no longer masked - the passwords are completely visible when being typed in in both of the fields, so anybody around while somebody is registering will be able to see their password.

opps, yes, this bug only happens in 1.1.x, i have fixed this. Thanks for report :)




Quote from: sevacycles on May 29, 2009, 10:29:46 AM
Yeah i noticed that as well. If anyone has a fix let us know. thanks

Update :)

taysys

Just a quick question... I am getting the message below in my error log for some registration attempts. Others I am seeing a Registration denied.  Is this the action of your mod in blocking a bot?

Error message '8: Undefined index: u56524953099662d77467eda8f8b1296e
File: /home/wwwroot/humboldttuna/smf/Sources/Register.php
Line: 188'

Thank you..

Bob Taylor
Bob
Taysys Software Owner/Developer
Humboldt Tuna Club Web Admin

Tiribulus

Quote from: .LORD. on May 30, 2009, 12:39:31 AM


Quote from: Tiribulus on May 20, 2009, 11:42:08 AM
I must have rocks in my head or something :-[ I'm still not understanding how the actions of a bot are seen by the forum as different than the actions of a user. What does a bot do different than a real user that returns the static rather than morphed form? How does a bot not produce this page load that brings the new form? I do so appreciate your patience.

No problem. This concept is difficult. I even had trouble explaining to people/somebody that they know programming and speaks my language. :P

The bot will use the Form was before you install the MOD, the normal Form of SMF.

Why? because the bot was programmed; because the bot don't know that the form is morphing.

If the "normal Form" is sent, then only will can be a bot.

The user always will send the mutated Form. Why? because the users wrote their data in the inputs texts and send, and the bots send variable with the data. >>>

AHA!!!

I do believe I have it now.

Bot = what is expected normally and is fooled because of it.

User = morphed form which is now the actual form which is triggered by the user actions of inputting into the fields and clicking send. The bots don't do this.

EDIT: I just saw this or would have replied sooner, thanks

.LORD.

Quote from: taysys on June 13, 2009, 01:29:31 PM
Just a quick question... I am getting the message below in my error log for some registration attempts. Others I am seeing a Registration denied.  Is this the action of your mod in blocking a bot?

Error message '8: Undefined index: u56524953099662d77467eda8f8b1296e
File: /home/wwwroot/humboldttuna/smf/Sources/Register.php
Line: 188'

Thank you..

Bob Taylor

Yes, was a bot :D



Quote from: Tiribulus on June 13, 2009, 05:53:10 PM
AHA!!!

I do believe I have it now.

Bot = what is expected normally and is fooled because of it.

User = morphed form which is now the actual form which is triggered by the user actions of inputting into the fields and clicking send. The bots don't do this.

EDIT: I just saw this or would have replied sooner, thanks

No problem :D

ls1dreams

Hi OP,

Thanks for this mod.  It has really cut down on the # of bots registering for my site.

One question:  I currently have my registration set to manually authorize every member.  Because of this, the system automatically emails me whenever someone signs up.

However, it seems your anti-spam form, while keeping bots from getting through the registration process, still causes the "registration email" to be sent.

Would you consider changing the code a bit to make this email not be sent if it is a bot?

Doyne

I stalled with my custom theme on 1.1.9  and I got the registration is down message.  byt now my reg registration doesnt work at all. it wont let me send it when I click send. ???

Do you have codes to modify in the custom style mods???

Advertisement: