New Recaptcha for vB3.8

[Zachery]

Just pointing this out ozzy, once your current "stop spam" methods get popular enough, xrummer, and other bots will build defenses around them, and then they'll be useless too.

[ozzy47]

Not if you stay on top of it, and update it as things are defeated. Once they defeat one layer, change it and add a different layer.

[Zachery]

Quote:

Originally Posted by ozzy47

Not if you stay on top of it, and update it as things are defeated. Once they defeat one layer, change it and add a different layer.

So, you mean the same arms race that recapcha/etc is all under?

[ozzy47]

Nope, there in no captcha In anything I use, as it has been defeated for years.

[Max Taxable]

Quote:

Originally Posted by Zachery

Just pointing this out ozzy, once your current "stop spam" methods get popular enough, xrummer, and other bots will build defenses around them, and then they'll be useless too.

Actually there is no way a defense against the registration timer will ever be done. Because first, you can't guess the timer setting, so you make the delay 60 seconds at least for your botnet. This greatly cuts into the production. Secondly, false fields exist in the timer mod. Bots always put gibberish in odd fields. Third, there's also a maximum time setting you gotta figure on.

XRumer currently has nothing in it that even allows for time delays. I'm a paid license holder and get all the updates.

And this is just the timer mod. The other mods we recommend involve targeted blocking of known spammer hostnames, user agent strings, and spammy emails that use dots and other punctuation in the username of the email addresses.

And none of them give any hint whatsoever that any human verification is being used, and don't give "gotcha" messages when a spammer fails the checks. And as a package, they provide alot of bullets in the anti-spam gun.

[Zachery]

Keywords "currently".

Bots never had the ability to defeat recapcha, then it got popular, then it got defeated.

Honeypots are stupidly old, and became unpopular, because bots were programmed to defeat them.

Timers are also old, and once again they can be user annoyers. Because I don't know anyone who can't fill out a registration in less than 60 seconds. Chrome auto fills these for me, I can register in under 5 seconds. If the minimum is 60, guess I can never register another account again.

Your silver bullets will eventually corrode and be useless.

Edit: Hostnames, and user agents can easily be countered to be valid user agents too. These people have more incentive to break down your walls than you currently have to build them. Your walls take months/weeks to build, and they can break them down in hours.

[Max Taxable]

Quote:

Originally Posted by Zachery

Your silver bullets will eventually corrode and be useless.

Defeatism.

Tell me how they're going to defeat all the checks.

Botnets rely on speed and high volume. Programming even a short delay means potentially a million fewer stabs a week. Delay can't really be programmed, because you have to make it long enough to defeat minimum time, short enough to pass the check for maximum time. No way to know the settings site to site.

False fields - botnets are programmed to put SOMETHING here. And they do.

Dots, dashes and other punctuation in email usernames - this mod has settings too. How many dots are allowed? Commas? Semicolons, underscores? There is no way to know these settings.

The targeted lists - these are not honeypots. These are lists of guaranteed known bad user agent strings and hostnames. Not IP addresses.

This "new" reCaptcha - the "new" thing about it is a checkbox. Defeated years ago, the bots check the "I have read the rules" box already. They will quickly adapt to this "new" one that is at least 5 years behind the times.

These games, puzzles, captchas, Q&A and such, are just GADGETS that annoy legitimate people and have been long defeated.

We believe we are smarter, more creative, better looking, and just overall superior to any botnet admin, spammer supervisor, or spammer alive. This is why they are bottom feeders to start with. The era of Big Spam is over.

[Zachery]

I said back on the first page, you should use the tools that do the job today. You just can't claim they'll always work.

Once they're popular, they're targeted. Once they're targeted they can be defeated.

Edit:I've got a lot more to write i'm just in the middle of something else atm.

[Max Taxable]

Quote:

Originally Posted by Zachery

Timers are also old, and once again they can be user annoyers. Because I don't know anyone who can't fill out a registration in less than 60 seconds. Chrome auto fills these for me, I can register in under 5 seconds. If the minimum is 60, guess I can never register another account again.

Haven't seen these problems yet. Have you personally? Or is this just a theory?

Quote:

Edit: Hostnames, and user agents can easily be countered to be valid user agents too. These people have more incentive to break down your walls than you currently have to build them. Your walls take months/weeks to build, and they can break them down in hours.

The hostnames and UA strings CAN be spoofed. Question is, will they ever be in wide use basis.

[ozzy47]

I'll tell you what Zachary, if this new capcha is the way to go, as everything else is defeated as you say, code up the mod, and make it so it can only run if the re is no other form of spam protection on the sites. Not any other mod, Q&A or anything.

Then we will see if sites stop getting spam.