Wednesday, January 12, 2011

Re: [BLUG] signup bots

Thanks, yeah I already installed Captcha and ReCaptcha, hopefully
those will help.

On Wed, Jan 12, 2011 at 05:21:42PM GMT, Lord Drachenblut [lord.drachenblut@gmail.com] said the following:
> try looking at the mollom and recaptcha modules for drupal. they seem to
> have helped indianalinux.org alot
>
> cheers
>
> On Wed, Jan 12, 2011 at 7:53 AM, Mark Krenz <mark@slugbug.org> wrote:
>
> >
> > It took exactly 3 hours 36 minutes for a signup bot to adjust to the
> > new Drupal based BLUG site. Sigh.
> >
> > ----- Forwarded message from info@bloomingtonlinux.org -----
> >
> > Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
> > X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
> > autolearn=unavailable version=3.3.1
> > From: info@bloomingtonlinux.org
> > To: info@bloomingtonlinux.org
> > Subject: Account details for Ioqusimux at Bloomington Linux Users Group
> > (pending admin approval)
> >
> >
> > Ioqusimux has applied for an account.
> >
> > http://www.bloomingtonlinux.org/user/7/edit
> >
> >
> > ----- End forwarded message -----
> >
> > --
> > Mark Krenz
> > Bloomington Linux Users Group
> > http://www.bloomingtonlinux.org/
> > _______________________________________________
> > BLUG mailing list
> > BLUG@linuxfan.com
> > http://mailman.cs.indiana.edu/mailman/listinfo/blug
> >
>
>
>
> --
> Mettle not in the Ways of dragons for thou art crunchy and taste good with
> ketchup

> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug


--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

Posted by at No comments:

Re: [BLUG] signup bots

try looking at the mollom and recaptcha modules for drupal.  they seem to have helped indianalinux.org alot

cheers

On Wed, Jan 12, 2011 at 7:53 AM, Mark Krenz <mark@slugbug.org> wrote:

 It took exactly 3 hours 36 minutes for a signup bot to adjust to the
new Drupal based BLUG site. Sigh.

----- Forwarded message from info@bloomingtonlinux.org -----

Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
       autolearn=unavailable version=3.3.1
From: info@bloomingtonlinux.org
To: info@bloomingtonlinux.org
Subject: Account details for Ioqusimux at Bloomington Linux Users Group (pending admin approval)


Ioqusimux has applied for an account.

http://www.bloomingtonlinux.org/user/7/edit


----- End forwarded message -----

--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug



--
Mettle not in the Ways of dragons for thou art crunchy and taste good with ketchup
Posted by at No comments:

Re: [BLUG] signup bots

For me, simply making the form submission require Javascript is enough to fool the bots. I usually attach an observer/event listener on my submit button/link and simply submit the form via Javascript (you'll have to also cancel the current event in the case of a submit button that is an href). I've done this with both YUI and Prototype, if you'd like examples using either.

dosman
January 12, 2011 12:13 PM

The only anti-spam measures I've ever found to work on boards and
cms's was a login required to comment AND adding a custom form
question like "Are you a bot?" to the signup. Some boards like
Invision are sophisticated enough that you can create that in the
signup form and filter out signups that don't answer correctly by
using their admin interface, not hand-coding. That has obvious
benefits like not getting broken with each upgrade. By the time I
added a CAPTCHA to my PHPBB install years ago it was already busted by
a most spambots anyway, it barely put a dent in the spam.

I would think it to be possible to have a part of the package install
ask you to enter a unique question which a human could answer. The
admin would have to write the question, or questions so it's not
canned. But, if it's a wide-spread module or package in use, I guess
it basically comes down to randomness. A bot could just watch for form
questions in the signup which it doesn't recognize, that would
identify most anti-bot questions. Then it could attempt a login for
each choice to that question until it gets a success. Even if you
randomized which answer was a human reply, the bot could get away with
retrying the submission until the random question happened to use the
answer the bot was sending.

Gah, this is a difficult problem after all.

-Nathan



_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

Mark Krenz
January 12, 2011 7:53 AM

It took exactly 3 hours 36 minutes for a signup bot to adjust to the
new Drupal based BLUG site. Sigh.

----- Forwarded message from info@bloomingtonlinux.org -----

Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
autolearn=unavailable version=3.3.1
From: info@bloomingtonlinux.org
To: info@bloomingtonlinux.org
Subject: Account details for Ioqusimux at Bloomington Linux Users Group (pending admin approval)


Ioqusimux has applied for an account.

http://www.bloomingtonlinux.org/user/7/edit


----- End forwarded message -----



--
Joe Auty, NetMusician
NetMusician helps musicians, bands and artists create beautiful, professional, custom designed, career-essential websites that are easy to maintain and to integrate with popular social networks.
www.netmusician.org
joe@netmusician.org

Posted by at No comments:

Re: [BLUG] signup bots

The only anti-spam measures I've ever found to work on boards and
cms's was a login required to comment AND adding a custom form
question like "Are you a bot?" to the signup. Some boards like
Invision are sophisticated enough that you can create that in the
signup form and filter out signups that don't answer correctly by
using their admin interface, not hand-coding. That has obvious
benefits like not getting broken with each upgrade. By the time I
added a CAPTCHA to my PHPBB install years ago it was already busted by
a most spambots anyway, it barely put a dent in the spam.

I would think it to be possible to have a part of the package install
ask you to enter a unique question which a human could answer. The
admin would have to write the question, or questions so it's not
canned. But, if it's a wide-spread module or package in use, I guess
it basically comes down to randomness. A bot could just watch for form
questions in the signup which it doesn't recognize, that would
identify most anti-bot questions. Then it could attempt a login for
each choice to that question until it gets a success. Even if you
randomized which answer was a human reply, the bot could get away with
retrying the submission until the random question happened to use the
answer the bot was sending.

Gah, this is a difficult problem after all.

-Nathan


On Jan 12, 2011, at 7:53 AM, Mark Krenz wrote:

>
> It took exactly 3 hours 36 minutes for a signup bot to adjust to the
> new Drupal based BLUG site. Sigh.
>
> ----- Forwarded message from info@bloomingtonlinux.org -----
>
> Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
> X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
> autolearn=unavailable version=3.3.1
> From: info@bloomingtonlinux.org
> To: info@bloomingtonlinux.org
> Subject: Account details for Ioqusimux at Bloomington Linux Users
> Group (pending admin approval)
>
>
> Ioqusimux has applied for an account.
>
> http://www.bloomingtonlinux.org/user/7/edit
>
>
> ----- End forwarded message -----
>
> --
> Mark Krenz
> Bloomington Linux Users Group
> http://www.bloomingtonlinux.org/
> _______________________________________________
> BLUG mailing list
> BLUG@linuxfan.com
> http://mailman.cs.indiana.edu/mailman/listinfo/blug

_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

Posted by at No comments:

[BLUG] signup bots

It took exactly 3 hours 36 minutes for a signup bot to adjust to the
new Drupal based BLUG site. Sigh.

----- Forwarded message from info@bloomingtonlinux.org -----

Date: Wed, 12 Jan 2011 07:25:16 +0000 (GMT)
X-Spam-Status: No, score=-0.0 required=4.9 tests=NO_RELAYS
autolearn=unavailable version=3.3.1
From: info@bloomingtonlinux.org
To: info@bloomingtonlinux.org
Subject: Account details for Ioqusimux at Bloomington Linux Users Group (pending admin approval)


Ioqusimux has applied for an account.

http://www.bloomingtonlinux.org/user/7/edit


----- End forwarded message -----

--
Mark Krenz
Bloomington Linux Users Group
http://www.bloomingtonlinux.org/
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug

Posted by at No comments:
Subscribe to: Posts (Atom)