| Author |
 Topic  |
|
Podge
Support Moderator
Ireland
3775 Posts |
 Posted - 12 March 2008 : 18:41:37
|
| Interesting log there no doubt but I'm with HuwR on this one. The bots I've seen in the past simply POST to register.asp to register and POST to post_info.asp to post a topic. There are other bots out there that crawl the web looking for contact forms (mainly) to submit. These bots scrape html pages looking for form tags and submit them with dynamic data in the hope that the form is a contact form and will be read by a website owner, etc. (there are worse things that can be done). I think its more plausible that this is the type of bot your log shows, and a rather intelligent one at that. There is a pattern to its movement as can be seen by the log. |
Podge.
The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)
My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board
Warning: The post above or below may contain nuts. |
Edited by - Podge on 12 March 2008 18:48:19 |
 |
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2008 : 02:02:54
|
so what about this then
2008-03-06 22:47:53 W3SVC5251 DEDHSTWE_TEMP *ip.add.re.ss* GET /forum/policy.asp - 80 - 82.135.148.179 HTTP/1.1 - - - my.url.example.com 302 0 0 445 60 218
2008-03-06 22:47:54 W3SVC5251 DEDHSTWE_TEMP *ip.add.re.ss* POST /forum/register.asp mode=DoIt 80
it helps if you post the relevant 2 lines rather than just the one |
|
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
|
phy1729
Average Member
USA
589 Posts |
Posted - 13 March 2008 : 06:06:52
|
| I'm not saying I disagree. If I made a bot it would do what you are saying. I just posted the log and said what I think it indicates. As to your question I don't have a clue. |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 13 March 2008 : 08:02:17
|
quote:
Originally posted by HuwR
images are a nono  for accesibility reasons, blind readers do not display images
Yep, I know, but that's no worse than what blind people have with current CAPTCHAs - hence having to add a 'manual approval' link for accessibility - it means blind people may have to wait for approval, but is that a cost worth paying for still having a useful forum?! |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 March 2008 : 09:13:48
|
| pdrg, While I'm tempted to agree with you, some areas/businesses may be required by law to be accessible - making the whole image thing moot. |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2008 : 09:22:31
|
in the UK the following code of practice should be followed
"The duty on an organisation with a web site that is not accessible to the disabled is to take "reasonable" steps to make that site accessible. In considering what is reasonable, the Code suggests that the financial resources of an organisation will be among the factors that should be taken into consideration.
Therefore, in simple terms, a large company will struggle to justify any failure to make its site accessible, while a small business or a charity may have a better defence, if it can show that it cannot afford the necessary development work." |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 March 2008 : 09:30:27
|
That's good to know. Just out of curiosity, what criteria is used to determine who that applies to? Sites that are hosted in the UK? Sites that have a physical presence in the UK? Some combination of the two?
I should be more familiar with the requirements here in the US... does anybody know off hand?
<sidebar>could we make the [scrollcode] the default here? this scrolling sideways bit is driving me nuts...</sidebar> |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 13 March 2008 : 09:49:50
|
quote:
<sidebar>could we make the [scrollcode] the default here? this scrolling sideways bit is driving me nuts...</sidebar>
I don't actually like the scrollcode tags, I would prefer to scroll the page rather than a tiny little window that is embedded in the post, besides, I have a wide screen monitor so it doesn't matter for me |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 13 March 2008 : 09:53:05
|
Here at work I end up scrolling more than at home as I don't have the kind of display I'd like... well, I don't have a 30" monitor at home either, but its closer. 
I guess its just down to personal preference. |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 14 March 2008 : 21:12:17
|
quote:
Originally posted by MarcelG
Captcha's are broken indeed: Russian serfs paid $3 a day to break CAPTCHAs
Perhaps it's worth $3/day to crack large websites.
But what about little po-dunk web forums like mine.
Especially when I can change the GateKeeper to something "industry specfic" that relates to the forum.
Essentially, the general opinion here is that a "broad brush" captcha that will work for everyone and be simple as a moron won't work.
I agree with the defeatists.
|
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 15 March 2008 : 10:38:00
|
Gee, all I said was trying to say was that CAPTCHAs - as they stand now - are less of an option than they were. I never liked them from the beginning, so I'm not exactly shedding a tear. Accessibility issues aside, all forms of authentication that put the burden of proof on people get to be rather annoying rather fast. I would rather find ways of tricking the bots into revealing they are bots instead of bothering my members.
As to the gatekeeper questions, as it stands, they look like the best option for the time being. As I've said, it won't take long to build up a library of questions that are likely to be used - and those unlikely questions are more likely to deter real people. Not just the wise asses like myself, HuwR, and Shaggy who look for the loopholes, but for those genuine over-analysts who read way too much into the question, and will wonder if you aren't trying to trick the bots by using Kentucky Blue Grass instead of meaning your garden variety green grass.
Call me a defeatist if you want, but at some point we've got to stop circling this same box in the same way. There has got to be a better way of doing this. Problem is, I'm just not smart enough to figure out what it is. |
|
|
|
HuwR
Forum Admin
United Kingdom
20584 Posts |
Posted - 15 March 2008 : 11:54:29
|
quote:
There has got to be a better way of doing this. Problem is, I'm just not smart enough to figure out what it is.
there is , it's called manual intervention and having admins/moderators that are dilligent, that is after all why forums have moderators |
|
|
|
Topic |
|
Topic Locked
