vb.org Archive
Page 18 of 123 « First 81617 18 19202868118 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 3.6 Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=194)
-   -   Administrative and Maintenance Tools - vbStopForumSpam - known spammer lookup for new registrations (https://vborg.vbsupport.ru/showthread.php?t=176481)

pedigree 07-27-2008 08:49 AM
MAC address is very difficult as most webservers (I would guess in the high 99.9% here) dont have or allow access to p0f type tools to provide packet level inspection. MAC addresses arent all that unique as once youre removed the device manufacturer ID (which doesnt fill the full 24 bit), you only have a 24bit uniqie ID. There are a lot of network cards out there with the same MAC address and thats fine, just as long as there arent two with the same mac on the same subnet. Filtering on MAC therefore is a no-go area.

Th eonly way to stop automated bot register/post tools is to stop registration by means that the application doesnt know about, extra fields, simple questions, tick this box, click here serverside maps etc. Manual spammers is a different story, you just have to make it as hard as possible.

skippybosco 07-30-2008 02:14 AM
I agree, no solution will be 100% short of encroaching on impacting legitimate users.

For the record, I really like the notion of renaming register.php (obvious risks are third party mods which call that link directly(?!?!) and existing phrases that call it directly.. both manageable.

In that vein, modifying things in the page source like Generator Meta, etc. which specifically call out that you are running a VBulletin site.

That being said, hopefully you are:

1. Spending tons of time with the new child
2. Closing all feature adds for v7 (scope creep is addictive)
3. See #1

:-)

StepOnFrog 07-30-2008 02:21 AM
WOW !!! That was an unnecessarily defensive reply to my post, for which mine was just helping one user be aware of the IP dynamics of t'internet.

------- Please skip past this thread if you don't like long posts -------

Pedigree, where in my post do you think I've attacked your creation?

Apologies to any users, including yourself, Pedigree, should you believe this post is 'Threadwaste/Postwaste', but surely some of you will have got to a point with users misunderstanding the context, or entirety of the posts you make - this is one of those very moments; I am really *sick* to the back teeth of posts not being read correctly, and then someone taking their hat off at some poor user about it.

I really do not see why you have come to be so defensive from what I have written, and so, I feel I should make myself much more clearly understood...

Quote:
Originally Posted by pedigree (Post 1584634)
Like I said, this mod isnt a perfect method of stopping spam. Ive addressed the changing IP issues but if you look at spamhaus / spamcop, are you seriously trying to tell me that this systems are inherently flawed?

In fact, I do not *try* to *tell* you anything about flawed systems at other locations, and I certainly do not, at any point, comment on the level of quality your MOD provides.
Quote:
They stop billions of spams every day. Sure there is colateral damage.... Im guessing from the spambot registrations on my board, in the four figures now, there mightve been 1 false positive and thats what the Contact Us page is for.
I haven't complained about collateral damage. I haven't complained about any of my members not being able to register due to IP blocking. I did, however, directly inform a single user that IP blocking can be a problem for board registrations, other users will read the same post and understand the same. With regards the Conact Us page, should you happen to read any of the many quality articles that other experienced Bulletin Board Admins have written (not just vB), you may come to realise that when an internet user searches, and happens to come across a website, if the information they are seeking is not within the first several clicks, they are more likely to move onto another website; Contact Us, is no guarantee that you will keep a customer in your shop, so to speak. (this is not a criticism to your post, btw).
Quote:
Most of my spammers are caught on the email and username fields. If you look at the mod, you can disable checking on the IP number. As spambots dont register a new email address for every forum they try to register on, its a really good field for testing.

This mod gives you control of your forum, it doesnt push policy on anyone.
Now, that part of your post was, IMO, the only constructive part, in response to my post. Although, looking through your MOD listing description, at no point do you mention any switching of IP blocking facility, or any facilities, as I come to read the description again; only after looking at the second attached screenshot, do I spot a selection box showing ENABLE, and then one must logically assume there is a DISBLE selection too, though, unfortunately, this fact of logic may not be readily obvious to some (honestly, there are users that just don't know, we've all come across them, and we help them).
Quote:
If I want to stop an IP used for spamming within the 24 hours then *I* can.
And, this does seem quite an over-defensive response to something I haven't written; your use of "*I* can" is what pushed me to write this lengthy tome. It appears, judging from your sentence, that you believe I have somehow attempted to stop you from preventing spammers..? Sorry, I fail to see where I have restricted your use of your MOD.
Quote:
If you dont like the idea that you might block some poor innocent person who had the same IP as some spammer 6 hours after spammer changed IP, then dont test on IP number. From what Ive seen from my logs (and skippy, wired1 etc) is that it blocks a lot of persistent static/near static IP addresses. I think that youll be hard pushed to find a user of this mod complaining that its blocking innocent people on a mass scale but if you do, then why dont you code another mod?
I haven't said that I don't like the idea of blocking 'some poor innocent person'. And, why should I code a MOD? I had come to this MOD thread to examine your MOD, to check whether it was the product for me. I did suggest an addition, not only to your MOD, but to any MOD that attempts to prevent spamming registrations by using the points I had listed so many times before, and herein.
Quote:
Session cookies so change, restart your browser, its gone. You cant rely on session cookies as spambot engines do cookies.
You really have misunderstood the suggestions I have made....
You know, as well as I, that vB sets a cookie on your system (or spambot system) each and every visit to your vB board. So, if you record the cookie with each registration, then if that registration fails and another attempt is made with the same username/email, and the cookie is different the second time round, then your vB software will know that the registration MAY be a spambot. For this suggestion to work, you must assume that people are not THICK, and that they will try registering again within the same cookie session, should their first attempt 'balls up', somehow. Ergo, humans register and reregister in the same cookie session, whereas spambots go away and come back later to try again.
Quote:
Im working on the mod each day and new features will be added all the time. Maybe Ill take some more time to add your suggested cookie theory... Its adds more control, which is what this mod is about
Exactly! So, why be so defensive?
Quote:
IP address count is about (256^4) - (2^25 + 2^16 + 2^20) give or take some for subnet broadcast addresses. 10/8 192.168/16 172.16/12 and 224/8 multicast
It's nice to know some people care, and know perfectly well what they're on about...! :D

But, aside from clearing any misunderstandings, I would really like to hear your views on the suggestions I've provided, ie. the failed spambot registrations due to the image verification process.

I hope this has made things much clearer. However, please do not hesitate to contact me with regards any of the above.

Yours,

;-D

pedigree 07-30-2008 01:50 PM
Did what you said, skipped your rant.

No more feature creep, I dont have the time. Maybe in a couple of months when I do.... Who knows but Ill keep your cookie/captcha idea in mind.

pedigree 07-30-2008 01:59 PM
Quote:
Originally Posted by skippybosco (Post 1587123)
1. Spending tons of time with the new child
2. Closing all feature adds for v7 (scope creep is addictive)
3. See #1
:-)
1. Oh yes
2. No more feature creep. Nothing new is going in, Im working on the last stages, data submission to stop forums spam.
3. See #1

:)

Embroidables 07-31-2008 02:40 AM
First of all, let me compliment you on your mod. I really like what you’re doing here. Also, congratulations on the new baby! I know that you are trying to keep the scope of the project from getting out of hand and that you also want to spend time with your family (which, I completely agree with)… But here is a suggestion that would be easy to add and would be a really nice compliment to the mod you already have. When you get a chance, take a look at Project Honey Pot (www.projecthoneypot.org). They have a list of known automated spammer ip addresses similar to the http://www.stopforumspam.com list, except the list is bigger, and probably less vulnerable to list contamination because of the way that the ip addresses are collected. Since they have an established api and sample code it would be really simple to have your mod query their data base in addition to the stop forum spam database.

Here’s a link to some sample code as well as some information about their api:

http://www.projecthoneypot.org/board...10&i=179&t=179
http://www.projecthoneypot.org/httpbl_api

I hope that you like the idea. Let me know what you think.

Wired1 07-31-2008 02:48 AM
Quote:
Originally Posted by pedigree (Post 1585131)
Th eonly way to stop automated bot register/post tools is to stop registration by means that the application doesnt know about, extra fields
BINGO. You wouldn't believe how many spammers I've caught simply because they slapped URLs where it asks for their motherboard :)

pedigree 07-31-2008 07:53 AM
Quote:
Originally Posted by Embroidables (Post 1587965)
First of all, let me compliment you on your mod. I really like what you’re doing here. Also, congratulations on the new baby!
Thank you, its really nice to hear positive feedback

Quote:
I know that you are trying to keep the scope of the project from getting out of hand and that you also want to spend time with your family (which, I completely agree with)… But here is a suggestion that would be easy to add and would be a really nice compliment to the mod you already have. When you get a chance, take a look at Project Honey Pot (www.projecthoneypot.org). They have a list of known automated spammer ip addresses similar to the http://www.stopforumspam.com list, except the list is bigger, and probably less vulnerable to list contamination because of the way that the ip addresses are collected. Since they have an established api and sample code it would be really simple to have your mod query their data base in addition to the stop forum spam database.
Hmm, Im going to go look at this now and if the sample code can be added to the mod without too much trouble (which I hope is that case as I tried to make it flexible), then Ill most certainly add it.

Edit : Ive looked at this and it looks really really good. The code is small and can added very easily to my new code rewrite without too much trouble at all. As its DNS based, I dont have to worry about caching data ike I am with stopforumspam, its lightweight and should make the mod even more useful (to those that have actually installed it)

DangerousDale 07-31-2008 01:39 PM
Cheers for this m8, starting using it yesterday and for the first time in 24hrs I have not got a single spammer ;)

Well Done, have some wine! hehe

Embroidables 07-31-2008 04:49 PM
I'm glad that you liked the honey pot recommendation. By checking both databases the mod should be even that much better at blocking spam.


All times are GMT. The time now is 01:39 PM.
Page 18 of 123 « First 81617 18 19202868118 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01824 seconds
  • Memory Usage 1,792KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (12)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (4)pagenav_pagelinkrel
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete