Wednesday, January 12, 2011

Re: [BLUG] signup bots

The only anti-spam measures I've ever found to work on boards and
cms's was a login required to comment AND adding a custom form
question like "Are you a bot?" to the signup. Some boards like
Invision are sophisticated enough that you can create that in the
signup form and filter out signups that don't answer correctly by
using their admin interface, not hand-coding. That has obvious
benefits like not getting broken with each upgrade. By the time I
added a CAPTCHA to my PHPBB install years ago it was already busted by
a most spambots anyway, it barely put a dent in the spam.

I would think it to be possible to have a part of the package install
ask you to enter a unique question which a human could answer. The
admin would have to write the question, or questions so it's not
canned. But, if it's a wide-spread module or package in use, I guess
it basically comes down to randomness. A bot could just watch for form
questions in the signup which it doesn't recognize, that would
identify most anti-bot questions. Then it could attempt a login for
each choice to that question until it gets a success. Even if you
randomized which answer was a human reply, the bot could get away with
retrying the submission until the random question happened to use the
answer the bot was sending.

Gah, this is a difficult problem after all.

-Nathan


On Jan 12, 2011, at 7:53 AM, Mark Krenz wrote:

>
> It took exactly 3 hours 36 minutes for a signup bot to adjust to the
> new Drupal based BLUG site. Sigh.
>
> ----- Forwarded message from info@bloomingtonlinux.org -----
>
> Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
> X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
> autolearn=unavailable version=3.3.1
> From: info@bloomingtonlinux.org
> To: info@bloomingtonlinux.org
> Subject: Account details for Ioqusimux at Bloomington Linux Users
> Group (pending admin approval)
>
>
> Ioqusimux has applied for an account.
>
> http://www.bloomingtonlinux.org/user/7/edit
>
>
> ----- End forwarded message -----
>
> --
> Mark Krenz
> Bloomington Linux Users Group
> http://www.bloomingtonlinux.org/
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug

_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)