1
   

How do you kill a robot?

 
 
Reply Sun 14 May, 2006 03:18 am
A friend of mine has a PHPBB message board that keeps getting spammed by some automated process, I assume that it's a bot. What it's doing is, it keeps registering new user accounts, and then those accounts start posting messages in the forums that are advertisements to poker sites.

The question is, how can you go about protecting your site so that this doesn't happen, or even better, how do you get the bot shut down?

I was thinking that he could just rename his login page file name so that the URL would change than the bot wouldn't be able to find it. Unless it's looking for key words like "register" on the web pages.

Any help would be appreciated...
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 6,348 • Replies: 13
No top replies

 
DrewDad
 
  1  
Reply Sun 14 May, 2006 08:43 am
I've sent a PM to Sarah Conner. She should have some advice.
0 Replies
 
roverroad
 
  1  
Reply Sun 14 May, 2006 04:58 pm
DrewDad wrote:
I've sent a PM to Sarah Conner. She should have some advice.


Funny...
0 Replies
 
oldwolf
 
  1  
Reply Mon 25 Sep, 2006 08:01 am
How to kill a Robot
As far as I see it, you have a couple of options available to you:

● block by IP address, but I assume that the spammer will be using variable IP addresses
● introduce an image element in the sign-up form

The second option will prevent any further bots from encroaching on your forum, and this is probably your best solution.
You can pick one of these up from many places, or build one yourself, it's fairly simple in PHP with the GD capabilities.

Hope this helps?!

Ash
0 Replies
 
GMPCM
 
  1  
Reply Sun 18 Mar, 2007 10:53 pm
The real problem is simply that the web site allows bots to access the profile.php and posting.php, which should never be allowed on any site.
It is easy to rectify with 15 very simple lines added to the http.conf file. What amazes me is that no one has ever mentioned it before, and I really cannot believe that any real webmaster or hosted site manager would not know exactly how to go about it. Instead, you are left to inconvenience your potential new users with deciphering an image, which many will simply not be bothered with.
This particular board is so paranoid about bot posts and their subsequent spam links that they have disallowed posting of external links, and they also have filters that prevent me from actually posting the 15 http.conf lines that would essentially stop all bot activity if they were used universally on every site and hosting service. Does not say good things about their own confidence in the ability of image verification systems to prevent bot registration now, does it? Wink
The sad thing is that their paranoia prevents me from listing the lines required here, so if you desire this information you will just have to find a way to contact me other than this board.
0 Replies
 
roverroad
 
  1  
Reply Mon 19 Mar, 2007 05:31 am
Good idea GMPCM, but I'm not using PHPBB anymore. I'm using a forum that I wrote my self now and have eliminated this problem with a graphical pass key that users have to read and type pefore they can get to any place where they can post. Works great. Dealing with bots is a little beyond my skill, but I have the problem licked for now. Thanks for the reply.

By the way, you could always eMail that code to me. My website link is on the www button on this post, and it's admin before the @, and my website name after the @.

Don't think we can post email addresses, so you can figure it out.
0 Replies
 
GMPCM
 
  1  
Reply Mon 19 Mar, 2007 09:34 am
Sure, I would be happy to. Should be in your inbox now if my assumptions for your email address were correct.

What really concerns me is all the phpbb boards I have seen where the owner has simply given up on spam post removal. I guess they do not realize that if this becomes the norm, our search engines will be about as useful as a ranking page for porn sites. IOW, if a board has gotten so out of hand that the owner does not have time to either manage it or implement the simple configuration changes I mention, they really need to take it off line, as the presence of these forgotten boards will effect the usefulness of the internet for all of us sooner or later.
0 Replies
 
DrewDad
 
  1  
Reply Mon 19 Mar, 2007 09:54 am
roverroad wrote:
DrewDad wrote:
I've sent a PM to Sarah Conner. She should have some advice.


Funny...

Sarcasm does not become you, my friend.
0 Replies
 
roverroad
 
  1  
Reply Mon 19 Mar, 2007 10:04 am
DrewDad wrote:
Sarcasm does not become you, my friend.


Sure it does Very Happy But that was so long ago that I don't recall what my mood was. Probably frustrated by a robot. Rolling Eyes
0 Replies
 
suzyteach
 
  1  
Reply Sat 24 Mar, 2007 04:51 pm
try to find more people and make your forum community bigger so there will be moderators on-line 24 hours a day!

it's the only solution to protect yourself 100%

It hasn't appeared a safety automated system yet!
0 Replies
 
GMPCM
 
  1  
Reply Thu 29 Mar, 2007 10:33 pm
I use an automated system I developed that prevents spam posts from real users, and the lines of conf file additions I mentioned previously for the spam bots. Its 100% effective, never had even one spam post make it in as the registrations are deleted instantly even if they were to ever get lucky. Although the monitoring module will likely never make it into a distributed form, it uses an artificial intelligence engine that we also develop, which happens to be available to the public. The anti-spam aspects of the monitoring module are really insignificant compared to its other capabilities such as real-time access log display, AI predictive analysis, etc.

The simple conf file changes make bot registration and posts impossible and spam posts from a real user are extremely rare, so monitoring software is really not much of an issue.
I think the only real problem here is with those that use website hosting rather than operation of their own web server, where direct control of the apache configuration file is not possible. In those circumstances one could easily request that those additions be made to the hosting providers server config file.

Preventing bots from accessing sensitive areas of a site is quite an elementary task for any proficient web site operator. The fact is that if you are having bot registrations issues and you are running your own server, it is a direct indication that you have little or no security measures in place and probably lack sufficient understanding of site security implementation in general.
In such a case it's likely just a matter of time before a sql injection or other exploit manages to cross your path, so your site is pretty much temporary anyway. Just something to think about.
0 Replies
 
newsn
 
  1  
Reply Sun 15 Apr, 2007 08:38 am
try the robot.txt in the website root
0 Replies
 
GMPCM
 
  1  
Reply Mon 16 Apr, 2007 11:33 pm
ooo yea that should help a whole lot. Rolling Eyes
0 Replies
 
Craven de Kere
 
  1  
Reply Sat 19 May, 2007 10:00 am
Captcha is the biggest key to all such problems.

But you can also employ askimet heuristics for an even more comprehensive solution (but mod your app to queue matches for review in case of false-positives).
0 Replies
 
 

Related Topics

In How much time a website can be developed? - Question by aussiejumpingcastle
Webdevelopment and hosting - Question by harisit2005
Showing an Ico File - Discussion by Brandon9000
how to earn money in internet - Discussion by rizwanaraj
The version 10 bug. Worse then Y2K! - Discussion by Nick Ashley
CSS Border style colors - Question by meesa
There is no Wisdom in Crowds - Discussion by ebrown p
THANK YOU CRAVEN AND NICK!!! - Discussion by dagmaraka
I'm the developer - Discussion by Nick Ashley
 
  1. Forums
  2. » How do you kill a robot?
Copyright © 2019 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 06/24/2019 at 09:39:13