| T O P I C R E V I E W |
| gary b |
Posted - 19 December 2007 : 07:21:42
My forum has been getting hammered by 'registration bots' lately. For technical/logistical reasons, I cannot use captcha. I do use email validation, but there are probably a dozen or so "membership applications" (AKA 'registrations') per day. What's a guy to do???
I decided to try a novel (?) approach. I REVERSED the buttons on the policy page... you know, the ones that say 'Accept' and 'Cancel'. The first paragraph states that the Applicant *must* click the 'Cancel' button. Since my assumption is that bots don't read, I figured I would try this approach.
It is too soon to draw any conclusions, but ZERO bot registrations in past 24 hours!  I will keep you posted. Even if it works, it may be only a matter of time until my 'hook' is rendered useless... but I *am* enjoying no bogus 'applicants' for a while.
gary b
< |
| 15 L A T E S T R E P L I E S (Newest First) |
| gary b |
Posted - 15 June 2008 : 08:03:18
6-month report:
ZERO bogus bot registrations!! NADA! ZILCH!!
Number of Applicants that did NOT need registration assistance: 20
Number of Applicants that needed assistance to register: 1
< |
| JJenson |
Posted - 11 January 2008 : 11:17:26
I will try and implement something like this at some point I just made a switch in hosts and have more pressing needs than the forums. But I think I am doing a site for my HOA and I think I will implement this to and hope it has the same results.
< |
| pdrg |
Posted - 11 January 2008 : 11:15:46
That's great news gary b :-) Anything that stops/slows up these filth is good for us all!< |
| gary b |
Posted - 10 January 2008 : 06:22:44
Code changes implemented: Dec 18
Today's date: Jan 10
Number of days: 23
Number of bogus bot registrations: ZERO!
Anyone else try this? If so, with what results??
< |
| JJenson |
Posted - 28 December 2007 : 12:32:14
Very simple and nice. That would definantly screw me up the first couple times cause I usually don't read the policy on forums  < |
| gary b |
Posted - 28 December 2007 : 11:51:44
No problem, JJ...
RIGHT-click link below
'Save Target/Link As' to your desktop
Open in NOTEPAD with word wrap turned OFF
Actual code changes involve only about 4 or 5 lines. I did change narrative (my lines 57-63) to provide instructions about how to Register. Note spaces I used in my instructions to spell word:
c a n c e l
[Link not available]
Make backup copy of policy.asp BEFORE trying this change!
Questions?? Let me know...
gary b
[Edit: right-click instructions]< |
| JJenson |
Posted - 28 December 2007 : 10:06:34
Will you post the chunk of code so we can all see this and apply this to our forums? I think I understand what you are saying but would love to see it to make sure.< |
| gary b |
Posted - 26 December 2007 : 16:05:26
FWIW... the button positions and names have not changed. But the code that drives the functionality of each button has been swapped with the 'other' button. Can't get much simpler than that.
Four or five days now and no bots -- nada! zilch! squat!!
< |
| pdrg |
Posted - 26 December 2007 : 14:11:31
quote:
Originally posted by gary b
Sound like a bunch of arm-waving and mumble-jumble?? Well, it is. But that's the best explanation I can give for my logic.
Result! I have to be honest, I'm not sure why that would work, as the form submission is unlikely to involve the bot 'looking at' anything, just calling the URL's with paramaterised querystrings. If the only thing to have changed is the button position, that ought not affect it (although if the button has changed name, it might, and will depend page by page)
I'm not saying your solution can't work (I'm very happy that it does), just puzzled why it works!< |
| gary b |
Posted - 24 December 2007 : 10:05:21
Received today from forum owner...
quote:
Got first app since you killed the bots...
Steve
sherm@xxxx.com wrote:
This technique is working. Which leads me to imagine a variation that would be unique to each forum:
What If... the policy page was changed to use one specific word in the text (selected by each Admin for their forum) as the "Accept button". Displayed button would be a dummy -- AKA 'honey pot'. This sure would 'randomize' the population of Snitz forums.< |
| gary b |
Posted - 23 December 2007 : 12:40:16
quote:
- bots don't press a button on a screen normally, but just play out a rehearsed script, so if the submit and reset buttons just changed position, how would this stop the registration? The form submission is still a submission?!
Well... I don't want to give the appearance of knowing what I am doing! But this is my thinking... and it has worked so far! NO bot registrations for days!
The bots work off a script. That script 'looks for' a submit button on the page. (By looking at 'page source'??) Upon finding a button labeled 'Submit' or "Accept", it 'calls' that button's link or action. *My* "Accept" button is tied to redirect back to main forum page. [Insert giant raspberry sound for bots!] In order to defeat button reversal, the bot script would have to 'analyze' the link/actions tied to the buttons.
Sound like a bunch of arm-waving and mumble-jumble?? Well, it is. But that's the best explanation I can give for my logic.
Refer to first paragraph -- last sentence. < |
| pdrg |
Posted - 21 December 2007 : 17:38:11
I'm slightly puzzled - bots don't press a button on a screen normally, but just play out a rehearsed script, so if the submit and reset buttons just changed position, how would this stop the registration? The form submission is still a submission?!< |
| muzishun |
Posted - 20 December 2007 : 12:29:04
quote:
Originally posted by HuwR
gary_b,
we use some of the methods you suggest here, firstname is compared to lastname and rejected if the same, also in our register.asp there is a randomly created hidden form field which prevents bots using offsite forms from being able to post registrations. If you do a view source on the registration page and search for hidden, you will find something like this <input name="1KZQK2" type="hidden" value="1MDRM"> (obviously for security reasons I can't divulge exactly how this works  )
Why doesn't this get added to the base code? If it is something that is randomly generated, I don't see why putting it in the base code would help the spammers.< |
| HuwR |
Posted - 20 December 2007 : 11:49:52
gary_b,
we use some of the methods you suggest here, firstname is compared to lastname and rejected if the same, also in our register.asp there is a randomly created hidden form field which prevents bots using offsite forms from being able to post registrations. If you do a view source on the registration page and search for hidden, you will find something like this <input name="1KZQK2" type="hidden" value="1MDRM"> (obviously for security reasons I can't divulge exactly how this works )< |
| Podge |
Posted - 20 December 2007 : 11:13:49
Gatekeeper - http://www.snitzbitz.com/mods/details.asp?Version=All&mid=231
I hope to update it over the Holidays for the latest version of Snitz.< |
