1 2
Posted: 6/23/2006 1:32 PM
Post subject: How to prevent spambots from registering here
Quote
Xkeeper
Banned User, Former player
Joined: 12/23/2004
Posts: 1850 
<div style='visibility: hidden;'><b>Homepage:</b><small> DO NOT FILL IN THIS FIELD. DOING SO WILL RESULT IN INSTANT IP-BAN.</small> - <INPUT TYPE=TEXT NAME=homepage SIZE=25 MAXLENGTH=255></div>
Problem is, spambots don't care about the fact it's invisible, and neither do they care that there's a huge warning. This works if it's placed on the registration page with nothing else (e.g. username/password/hidden field)... I use it at board.acmlm.org, and so far since implementation (12 hours ago) it's blocked 2 spambot attempts.
Perma-banned
Posted: 6/23/2006 2:20 PM
Quote
flagitious
Player (200)
Joined: 7/6/2004
Posts: 511
Haha good idea. Has there been problem with spam bots here?
g,o,p,i=1e4,a[10001];main(x){for(;p?g=g/x*p+a[p]*i+2*!o: 53^(printf("%.4d",o+g/i),p=i,o=g%i);a[p--]=g%x)x=p*2-1;}
Posted: 6/23/2006 3:56 PM
Quote
JXQ
Experienced player (750)
Joined: 5/6/2005
Posts: 3132
NES TAS of 2008 Speedy TAS of 2008 SNES TASer of 2007 TAS of 2007 SNES TAS of 2007 Funny TAS of 2007
Xkeeper, that's a really clever idea! I'm also surprised there were 2 attempts in 12 hours. Stupid internet. What won't the spammers spam? In other news, I'm actually a spambot in disguise.
<Swordless> Go hug a tree, you vegetarian (I bet you really are one)
Posted: 6/23/2006 4:44 PM
Quote
Bladegash
Former player
Joined: 3/9/2004
Posts: 484
Location: ­­
Spambots unite!
Posted: 6/23/2006 5:31 PM
Quote
Bag_of_Magic_Food
He/Him
Active player (277)
Joined: 5/29/2004
Posts: 5712
Spam, spam, wonderful spam!
put yourself in my rocketpack if that poochie is one outrageous dude
Posted: 6/24/2006 10:19 PM
Quote
Serj
Joined: 4/21/2006
Posts: 97
Good, then we wouldn't get any more spam messages about viagra and male enchancement.
Friendly neighborhood Christian: "Ah hell diddly ding dong crap!"
Posted: 6/25/2006 1:50 PM
Quote
JXQ
Experienced player (750)
Joined: 5/6/2005
Posts: 3132
NES TAS of 2008 Speedy TAS of 2008 SNES TASer of 2007 TAS of 2007 SNES TAS of 2007 Funny TAS of 2007
Hey guys do you need a home loan? I can reduce your home loan by reconsolidation down to 2.9%! The market is at a record low! Go here www.homeloanspam. com oops remove the space!!
<Swordless> Go hug a tree, you vegetarian (I bet you really are one)
Posted: 6/25/2006 2:04 PM
Quote
Brushy
Former player
Joined: 11/13/2005
Posts: 1587
Why do you think I TASed M.C. Kids? Just to advertise McDonalds of course, it's a new method among the spambots.
Posted: 6/25/2006 2:09 PM
(Edited: 6/27/2006 1:13 PM)
Post subject: How do I do it
Quote
Bisqwit
Editor, Active player (296)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Currently, I'm taking these measures to protect the forums from spambots: 1. Avoiding having the forums listed at Google and other search engines. 1a. Having the noindex,nofollow robots meta attributes at the forum pages. 1b. Having /forum on the forbid list in robots.txt. 2. Requiring manual account activation. This stops all automatic spambots. I believe that every single case when the account has been activated, has been done manually. Spammers do manual labour, believe it or not. They just lack the moral. (I believe that the fact that spammers often spam also custom-designed BBSes is a proof of this.) 3. Often viewing the MostActivePosters page. Besides that it helps me spot oversize avatars, it also lets me see new registrations, and if they have activated or not and whether they have an URL or not. If it hasn't been activated and it has an URL, it's marked "SPAM". 3a. I view the profiles of users who have registered recently and have an URL in their profile or look otherwise alarming. If they look spammy, I delete them without warning. 4. Having an active moderator base and effecient means of spotting new posts/topics (NesVideoAgent). 5. Once or twice in a year I run a script that purges nonactive users. --EDIT-- 6. A spammer trap link in the registration e-mail, and the mechanism altered from default. 7. Another spammer trap link in the user registration form, mechanism altered from default. 8. A custom-made captcha in the registration form. I heard that the one in phpBB has been compromised. I have made three different versions. Here are samples: sample 1, source sample 2, source sample 3, source (In case you wonder, the "号" symbol in captcha 3 is the Japanese symbol of a number.) The samples are randomly generated and cached for different lengths of time, so they may or may not change when you reload them. Each of them represents a puzzle where a 6-character code is the answer. The code consists of letters and/or numbers. Design goals: - Should not require better English knowledge than an average Japanese person has - Should not be overly difficult for a human - Should be quite difficult for a computer programmer, at least so that it discourages attempting to abuse it - Relatively simple to generate in PHP, without noticeable CPU time usage For reference, this is (an example of) the phpBB default captcha:
Posted: 6/26/2006 9:23 AM
Quote
xebra
Joined: 5/3/2004
Posts: 1203
7. Chuck Norris.
Posted: 6/26/2006 9:26 AM
Post subject: My hatred of BBcode rises with every post I make.
Quote
Xkeeper
Banned User, Former player
Joined: 12/23/2004
Posts: 1850
(Number of spambots IP banned using my method so far. Interesting how all of them appear to be from Asia/China, or at least using proxies from that region (sigh))
Perma-banned
Posted: 6/27/2006 6:31 PM
Post subject: Re: How do I do it
Quote
Bag_of_Magic_Food
He/Him
Active player (277)
Joined: 5/29/2004
Posts: 5712
Bisqwit wrote:
sample 1, source sample 2, source sample 3, source Should not be overly difficult for a human
Uh, I think those are on the verge of being overly difficult. I would rather have a few spammers once in a while than have such a tough time registering.
put yourself in my rocketpack if that poochie is one outrageous dude
Posted: 6/27/2006 10:29 PM
Quote
Warp
Banned User, Former player
Joined: 3/10/2004
Posts: 7698
Location: Finland
Is it really bad that very casual visitors who might have seen a couple of tases might get apalled by the captchas and not register to the forums? People who usually write here are dedicated fans/viewers/creators and they surely will try to register.
Posted: 6/27/2006 10:32 PM
Quote
Bag_of_Magic_Food
He/Him
Active player (277)
Joined: 5/29/2004
Posts: 5712
Yes it is! We need the casual people too.
put yourself in my rocketpack if that poochie is one outrageous dude
Posted: 6/27/2006 10:33 PM
Quote
Xkeeper
Banned User, Former player
Joined: 12/23/2004
Posts: 1850
Only #3 is overly difficult. Does the code numbers go... 
1 2 3 4 5 6
7 8 ...
or
1 5 9 ...
2 6 10 ...
3 7 11 ...
4 8 12 ...
?
Perma-banned
Posted: 6/27/2006 10:35 PM
(Edited: 6/27/2006 10:40 PM)
Quote
Bisqwit
Editor, Active player (296)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Xkeeper wrote:
Does the code numbers go...
The only prerequisite is the left-to-right direction, which is indicated by the arrow. Up-to-down is assumed to be obvious. But I wrote it so that it does not matter whether it's counted by rows or columns. Either way gives always the same result.
Posted: 6/27/2006 10:37 PM
Post subject: Re: How do I do it
Quote
upthorn
He/Him
Emulator Coder, Active player (388)
Joined: 3/24/2006
Posts: 1802
Sega TAS of 2011 Sega TAS of 2010 Sega TAS of 2008 Sega TASer of 2007
Bag of Magic Food wrote:
Bisqwit wrote:
sample 1, source sample 2, source sample 3, source Should not be overly difficult for a human
Uh, I think those are on the verge of being overly difficult. I would rather have a few spammers once in a while than have such a tough time registering.
I agree, especially when xkeeper has such an elegant solution. especially if you label the hidden one "username"
How fleeting are all human passions compared with the massive continuity of ducks.
Posted: 6/28/2006 12:12 AM
Quote
Bag_of_Magic_Food
He/Him
Active player (277)
Joined: 5/29/2004
Posts: 5712
I just realized I should start going to more porn sites so I can help out the captcha crackers.
put yourself in my rocketpack if that poochie is one outrageous dude
Posted: 7/7/2006 3:47 PM
Quote
Bisqwit
Editor, Active player (296)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
I suppose it's too early to say anything, but since those changes, we haven't had spam registrations on the forums anymore. While, we have had a couple of normal registrations. In the access log, I see there have been a couple of roboted registration attempts using obsolete URLs. Of course they don't work anymore.
Posted: 7/7/2006 5:00 PM
Quote
Boco
Former player
Joined: 3/30/2004
Posts: 1354
Location: Heather's imagination
The "fake homepage field" solution is also used at other boards I attend and it works pretty well there.
someone is out there who will like you. take off your mask so they can find you faster. I support the new Nekketsu Kouha Kunio-kun.
Posted: 7/7/2006 9:11 PM
Quote
Gorash
Joined: 4/16/2005
Posts: 251
Not that it matters Bisqwit, but there are people like me who have a weakness in colors. The third example is hard for me already. A truely colorblind person will have a lot of trouble there.
Posted: 7/18/2006 1:44 AM
Post subject: Re: How do I do it
Quote
OmnipotentEntity
He/Him
Player (36)
Joined: 9/11/2004
Posts: 2623
Bisqwit wrote:
sample 2, source
I've gone and used this one. Thanks.
Build a man a fire, warm him for a day, Set a man on fire, warm him for the rest of his life.
Posted: 7/18/2006 1:51 AM
Quote
Bisqwit
Editor, Active player (296)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
Gorash wrote:
Not that it matters Bisqwit, but there are people like me who have a weakness in colors. The third example is hard for me already. A truely colorblind person will have a lot of trouble there.
That's why there are the color examples on the left top corner of the screen. If you cannot distinguish, say green and blue, you can still probably see something different in them, such as brightness, and compare that. As a last resort, it can be reloaded to acquire a hopefully easier question.
Posted: 7/18/2006 2:46 AM
Quote
Tub
Joined: 6/25/2005
Posts: 1377
Those Captchas you made have an advantage, because they're not widespread enough to be of interest. Unfortunately, I doubt their security, as most of the challenge can be removed by applying a trivial YUV-conversion and Y-Filter. Computers are much better at that than humans. The remaining false letters can be identified by splitting the image into distinct areas (simple flood-fill-like algorithm), calculating their sizes along the way, and picking the 6 largest. Recognizing the characters after they were split from the image can be done by cheap OCR technology. The third one is a fresh idea, but once you got a basic OCR implementation, it's defeatable. Splitting the image into areas is quite easy, same goes for detecting their colors and text, and parsing a color name and a number from the instructions shouldn't be that difficult either. Spam can't be tolerated, but if you spend that much time on a personal captcha, that time could also be spent on non-standard registration and post-forms with traps, or a system that'll prevent new users from creating posts that contain the same URL they put into their profile. Last but not least, if the custom registration on this forum is bypassed, that probably was done by a human. An additional captcha wouldn't help there.
m00
Posted: 7/18/2006 2:46 PM
Quote
Bisqwit
Editor, Active player (296)
Joined: 3/8/2004
Posts: 7469
Location: Arzareth
All true.
1 2