Planet Descent
Community => Mess Hall => Topic started by: FonsVoffvob on May 18, 2010, 12:57:24 AM
-
User deleted, banned on ip, username, and e-mail. Changed topic title.
-
Time for a bot prevention system? :(
-
Oh my God! And I thought English speaking bots were annoying! Profile says that this bot is from Latvia. They don't speak Spanish in Latvia!
-
Shouldn't you, at the very least, remove those links zero?
-
Time for a bot prevention system? :(
Unfortunately, can't always be 100% sure. Various spam reporting websites produced no comments on this users ip, so I approved the registration. Most spammers get caught by the e-mail verification process. And can't assume it's a bot anymore, human spammers easily get through the captcha.
-
Trust me, it's a bot. It's always a bot.
CAPTCHA is ineffective but there are other ways. Specifically a "welcome" thread you need to post in in order to gain access.
IP addresses rarely return anything, they use the IP once for one post and that's it.
-
You are wrong on both accounts.
It may have been a bot, but often not. Captcha is reasonably effective against bots, which is why spammers are increasingly using human and human/bot combos to spam.
Most spammers that get by the registration are caught when I check the ip against a database set up specificly for that. There are probably half a dozen a week that I reject based on negative feedback on the Project Honeypot website. This particular ip had no negs so I checked a couple other sites, still no negs. So, I approved with e-mail verification required.
Ip addresses cost money, and spammers will get as much use out of them as they can.
-
Trust me willyP, I've seen a CATCHPA'd forum get nailed with plenty of bots, the IPs are never the same despite being the same message (on multiple accounts. Would a human really make more than one account to spam the same thing, from a different IP every time? Not likely.) Sure most get caught, but not all.
Trust me, I had a forum set up with CATCHPA that I eventually shut down because it was never used except for spambots and I didn't feel like setting up a bot-trap.
However I will admit I never bother with approved registration so I'm not sure what effect that has on bots. It may well be that not having immediate access breaks (most) bots entirely.
In my experience requiring a post in an otherwise invisible forum seems to catch the bots that get by CATCHPA. On forums where I use that system, I NEVER see any spammers. If they were indeed humans they would easily get by, leading me to believe they are all bots.
IP addresses do not cost money if your ISP has a dynamic IP. All you need to do is reconnect and get a new IP address.
This seems to have turned into a debate on spambots... I hope nobody minds. Perhaps it should be moved to site feedback or something?
-
Naw, no need. The subject's been discussed enough. We can all move on now.
-
I had human assisted bots spam my forum for months (you need to reply to some question when registering there, which is something a bot can't do), with several bot users per week. I don't really know why this has stopped, but I assume it could be because each and every such user and their posts got deleted within minutes of registering and/or posting. After I while I could tell which new user was a bot just from the name pattern and/or e-mail address, and often the account was gone before it could be used to post crap.
-
Holy cow, the spam spiders are coded to get past the Captcha now are they?
-
"Now"? Automated captcha analysis and circumvention has been solved quite some time ago. Today, computer crime is well organized, with "professional" software developers and a complete value added chain.
-
True... Like commercial software, spammers often pay for better software, and more automated features. At some point, it becomes cheaper to hire human spammers to sit in some squalid hovel in some third world country and bang out captcha solutions for 15 cents a day.
-
That's true WillyP, but if that was the case why would adding something as simple as "post here" throw off a human or human-assisted bot?
-
I don't know... ok, I'll bite... why would it?
-
I don't know... ok, I'll bite... why would it?
It wouldn't. Which means it's not a human.
-
Sorry, guess I'm not following your logic. You suggested a special thread as a solution to spam now you say it won't work?
-
Willy,
it rather looks like you cannot properly follow a few simple posts following each other. A bot wouldn't post in a special thread to prove it's not a bot. That way a bot intrusion prevention system would work.
-
Right, I got that. But what I am saying is that many of the bot's are human assisted. The bots do what they can and when they get stopped they send a flag to a que where a human may take over. Once the blockage is bypassed the human sends it to another que for the bot to take over again. If the spammers gave up so easily as posting in a specific forum there would be no spam. Not many forums still use the specific thread form of anti spam anymore. Bots can usualy capable of trying different boards to find which one they can post in.
ReCaptcha and Bad Behavior are out for SMF2, I'll install them once we convert. Bad Behavior works by analyzing the http request and other things before a bot script even has access. Then compares to a database of known spammers, scripts and various data. It determine whether a bot or human spammer is likely and may ban or flag a visitor based on that. I'm told there is a simple method for someone caught with a false positive to prove human but I haven't seen it yet. I do know since installing BB and ReCaptcha on my Nucleus powered sites I have had zero spam.
Anyway my comment to Matt was in regards his first recommending a posting trap, then a few posts later saying it would not work against human or human/bot spammers... which are the real problem.
-
No, I'm using the fact that it DOES work as evidence that they are NOT, as you assume, humans or human-assisted bots, but rather pure bots.
And I know they work as I have used incredibly simple bot traps to great effect before on even simple invisionfree forums running pitifully outdated software that doesn't even use CATCHPA.
-
Ah, I see. Obviously your post could easily be misunderstood. :)