News:

SMF 2.1.3 has been released! Take it for a spin! Read more.

Main Menu

Stop Spam Dead

Started by booner, January 16, 2015, 11:55:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

booner

January 16, 2015, 11:55:04 PM
Having had a continued attack on our forum since the middle of December 2014 it occurred to me that identifying and dealing with spammer accounts is a never ending struggle and that a means is required to to break the bots that do the spamming. One approach, borrowing from the hashing of crypto currency which is our forum theme has been outlined is laid out below....

If one wants to create an account on a SimpleMachines Forum then they could go to the main page and click on the link to Register. Conversly one could just enter into their browser the following link:

coinzen.org?action=register

That is what the bot would do. If the bot coders did not know that the term "register" would be used in that link each time it would make things much more difficult to automate the process. Imagine if instead of using the static term "register" that a system was developed that used a hash instead based on some random occurances like the time of day that the request was being made and the ip that the request was coming from. Let's say that algorithm produced the following hash under that criteria:

9de4a97425678c5b1288aa70c1669a64

Then what the bot would have to enter is:

coinzen.org?action=9de4a97425678c5b1288aa70c1669a64

If they entered from another ip it may look like the following:

coinzen.org?action=5b72e328b5146478475b6d51911027ac

When the request was posted it would then be sent to a translator of that hash to reverse engineer the hash so that it would deduce that the request being made was for the script "register.php".

Arantor

#1
January 17, 2015, 06:17:22 AM
This has actually been tried in the past and doesn't work nearly as well as you might think. The bots authors are smarter than you give them credit for, and if you build it into the core, it is worth their time to reverse engineer.

Kindred

#2
January 17, 2015, 08:41:43 AM
yup... the best way for dealing with spammer and spambots is discussed here

http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

booner

#3
January 18, 2015, 02:19:52 PM
Quote from: Arantor on January 17, 2015, 06:17:22 AM
This has actually been tried in the past and doesn't work nearly as well as you might think. The bots authors are smarter than you give them credit for, and if you build it into the core, it is worth their time to reverse engineer.

Yet if a key could be updated occationally, surely, the effort would not be worth it to the bot coders. If it was a static key then it is understandable that it would simple be cracked/reverse engineered.

- Nova

Arantor

#4
January 18, 2015, 02:21:29 PM
Oh, it absolutely would be worth their time to investigate... say by looking for a link on the page whose text is 'register'...

Illori

#5
January 18, 2015, 02:58:41 PM
Quote from: Arantor on January 18, 2015, 02:21:29 PM
Oh, it absolutely would be worth their time to investigate... say by looking for a link on the page whose text is 'register'...

or sign up in 2.1, as the name and link have changed slightly.

Arantor

#6
January 18, 2015, 03:00:56 PM
Yes, I know this... I was encouraging this change to break the less updated bots for this reason - but the big name bots will still figure it out in a matter of days.
Print
Go Up Pages1
User actions
Advertisement: