News:

Wondering if this will always be free?  See why free is better.

Main Menu

Security Question Regarding Bots

Started by njtweb, September 24, 2018, 12:12:53 PM

Previous topic - Next topic

njtweb

I have no idea how they work so hopefully somebody with knowledge can explain.

Last week I reported one of my security measures was no longer working, (recaptcha) and I was inundated with bot registrations and posts for casino gaming. I quickly identified the issue and disabled recaptcha and replaced with the SMF build in solve security and I added an additional question. Worked perfectly, nothing since. But when I go to Who's online, it looks like an ant hill exploded with "Registering for an account and New Topics being created". They obviously aren't getting completed but I never had all of them before, I've only had this kind of bot activity since recaptcha failed.

Do bots have AI to remember where they had success and then keep trying to exploit the former success by continued attempts to gain access?

Thank you in advance.

Kindred

AI? no....    no intelligence at all.

they just report a success and try everythinfg that was ever recorded as a success.
That's why you have to regularly (one a year usually) change up your questions
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sir Osis of Liver

Interesting question, though.  Been running production forums at same urls for years, and have never seen any guest or bot activity.  I run my own verification tool, and no bot has ever registered successfully.  Some of my older, busier client forums are constantly hammered by bots.  If bots are reporting successful registrations, not too much of a reach that they target forums where successful registrations have occurred.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

njtweb

Quote from: Kindred on September 24, 2018, 12:30:52 PM
AI? no....    no intelligence at all.

they just report a success and try everythinfg that was ever recorded as a success.
That's why you have to regularly (one a year usually) change up your questions

Yes, artificial intelligence I guess? I don't know how these idiots design them I just figured the developers keep getting smarter as they learn and at some point modified to be intuitive enough to keep trying to exploit until something works and then they hammer away at it when it does.

njtweb

Quote from: Sir Osis of Liver on September 24, 2018, 12:42:41 PM
Interesting question, though.  Been running production forums at same urls for years, and have never seen any guest or bot activity.  I run my own verification tool, and no bot has ever registered successfully.  Some of my older, busier client forums are constantly hammered by bots.  If bots are reporting successful registrations, not too much of a reach that they target forums where successful registrations have occurred.

I allow guest posting Sir Osis, it's really the only way my traffic will get involved. I have 51 registered members and h.e.l.l. would have to freeze over before they post anything as themselves.

Sir Osis of Liver

Must be an interesting forum.  Allowing guests to post shouldn't have any effect on bot registrations, but will allow bots to post unless you have pretty good verification for guest posts.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

GigaWatt

Quote from: njtweb on September 24, 2018, 01:02:58 PM
I allow guest posting Sir Osis, it's really the only way my traffic will get involved. I have 51 registered members and h.e.l.l. would have to freeze over before they post anything as themselves.

Sounds like a 4chan site to me ::).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

njtweb

4chan? No not quite, my site isn't geared towards adults who act like 5 year olds. It's a youth ice hockey travel site. It's travel guides to every hockey rink, and the closest urgent care facilities, hotels, restaurants, bars and pubs and visitor attractions. It's for parents of players, coaches and team managers. Most of which have no interest in registering an account, they instead prefer to post whenever they want, however they want.


GigaWatt

And they can register a FB, Twitter, Instagram account, maintain it and share whatever on it ::)?

Just goes to show you how lazy people are. If it's for a few hours of nonsense a day "sure, where do I sign up", but if you have something meaningful to share, like the info you just wrote about... "meeeh... I dunno... looks like a hassle :S" ::).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

njtweb

Quote from: GigaWatt on September 25, 2018, 04:23:33 PM
And they can register a FB, Twitter, Instagram account, maintain it and share whatever on it ::)?

Just goes to show you how lazy people are. If it's for a few hours of nonsense a day "sure, where do I sign up", but if you have something meaningful to share, like the info you just wrote about... "meeeh... I dunno... looks like a hassle :S" ::).

Well, honestly I have no clue what you're talking about. You can't register on my site with social media accounts. I didn't invite you to respond here on this topic, you chose too. If you don't like it stop reading it. It seems you are a little angry, try coffee.

Arantor

No, it's more of a commentary on the type of people that you're talking about. You're saying you let them guest post because making an account is too much like effort, but I guarantee you these people will all have many other accounts on other services.

You might actually find letting people register with social media actually helps traffic in that respect. And no, there's no anger in that statement, just a sense of frustration at how users expect sites to cater to them and how sites should bend over backwards for users (rather than some useful compromise in the middle)

GigaWatt

Quote from: Arantor on September 26, 2018, 10:03:14 AM
No, it's more of a commentary on the type of people that you're talking about. You're saying you let them guest post because making an account is too much like effort, but I guarantee you these people will all have many other accounts on other services.

You might actually find letting people register with social media actually helps traffic in that respect. And no, there's no anger in that statement, just a sense of frustration at how users expect sites to cater to them and how sites should bend over backwards for users (rather than some useful compromise in the middle)

That's what I was trying to say, thank you ;).

And yes, it was only a commentary, I'm not the angry type, I don't get angry, just less interested.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Arantor

Ah, see, I *am* the angry type which is how I could tell it wasn't angry ;)

njtweb

Quote from: Arantor on September 26, 2018, 10:03:14 AM
No, it's more of a commentary on the type of people that you're talking about. You're saying you let them guest post because making an account is too much like effort, but I guarantee you these people will all have many other accounts on other services.

You might actually find letting people register with social media actually helps traffic in that respect. And no, there's no anger in that statement, just a sense of frustration at how users expect sites to cater to them and how sites should bend over backwards for users (rather than some useful compromise in the middle)

Ok, fair enough, but for my audience of over 45 adults who do not choose to register at every site they browse to I just offer as a convenience since many did contact me on fan page asking why they had to register to be able to post comments. I understand your points but instead of me telling them no, register, I instead make guest posting available so they come back. As far as effort, for them yes apparently it is too much to ask because they wouldn't post otherwise if they had to register. I guess they think the world is spying on them. I tried the social media login mods and experienced too many issues between the mods and the apps required for the mods to function normally. I don't have the experience or technical knowledge to fix or develop my own so my registration remains SMF built in only.

njtweb

Quote from: GigaWatt on September 26, 2018, 10:35:52 AM
Quote from: Arantor on September 26, 2018, 10:03:14 AM
No, it's more of a commentary on the type of people that you're talking about. You're saying you let them guest post because making an account is too much like effort, but I guarantee you these people will all have many other accounts on other services.

You might actually find letting people register with social media actually helps traffic in that respect. And no, there's no anger in that statement, just a sense of frustration at how users expect sites to cater to them and how sites should bend over backwards for users (rather than some useful compromise in the middle)

That's what I was trying to say, thank you ;).

And yes, it was only a commentary, I'm not the angry type, I don't get angry, just less interested.

I apologize, I meant no offense in any way. Thank you for clarifying.

GigaWatt

Quote from: njtweb on September 28, 2018, 09:56:24 AM
I apologize, I meant no offense in any way. Thank you for clarifying.

No offense taken ;). As I said, I don't get angry ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

delta5

Isn't there a setting for guests to do captcha before they can post? Also the stop forum spam.com mod will stop most spambots. I love it...

Sir Osis of Liver

Admin -> Security and Moderation -> Anti-Spam -> Guests must pass verification when reporting a post
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

delta5

If you are going to do a captcha on every guest post, why not just register?

Arantor

Because apparently the users don't want to register, on the basis that registering is too much effort.

Advertisement: