Posted May 8, 2017 · Report post Small tip from someone that's had a flood of spambots for years. Make sure your questions can't be pasted into Google for an answer. It's like the first thing the bots do to try to fill in fields. (1, 2, 4, 8, 16 spits out 32 on search first answer to first suggested search option) Share this post Link to post Share on other sites
Posted May 8, 2017 · Report post Will do. It was just a simple question/answer I came up with to start off. I'll start looking for a more complex one. Good thing is that the captcha we are using is the updated one (as the old one that ID uses got hacked a little while back). I'm going to add this to the to-do list. Thanks for the suggestion and welcome to NG+! Share this post Link to post Share on other sites
Posted May 8, 2017 · Report post I always liked "What is the other square root of -1?" but almost nobody knows that it's j. Instructions are good - "Type qwertyuiop backward" isn't trivial for a spambot to parse. The fact that, as I recall, you've hooked it into Google's captcha helps a lot as well. Share this post Link to post Share on other sites
Posted May 8, 2017 (edited) · Report post The typical rule of thumb for the questions is to use a rotating list that is changed periodically with questions that are too vague or too specific for an engine to find the answer to. So, like for my site.. I ask "what is the main color of our logo?" or "What is the name of the third forum on this website?" etc and update them every few months or as I find bots getting through. It can be good to intentionally leave non-obvious typos in the questions. Quirky or clever questions can be programmed for as common answers like "Type {s} [backwards]" could be programmed to be parsed for key phrases and solved. I believe there is already a bot on the market that does that particular style of question. Captchas are definitely great it's just that they are heavily targeted by botting programs so they usually do not last long. The best bots that have bypassed them don't do the spam crap.. they datamine so you never even know there were here but that information then gets passed on to the script kiddies eventually. Edited May 8, 2017 by Hordequester Share this post Link to post Share on other sites
Posted May 8, 2017 · Report post Reading all of the stuff bots do just to ultimately spam people makes me rage really bad. The insight is appreciated from someone who knows nothing about it. Share this post Link to post Share on other sites
Posted May 8, 2017 · Report post See, if it was me, the question would be "if I was a spammer, I would..." and the correct answer would be "kill myself". Share this post Link to post Share on other sites
Posted May 8, 2017 (edited) · Report post It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots. FFH being related specifically to FFT, I added a few very simple questions, but I still added links to wiki articles just in case... such as Ramza's sister's name, What final fantasy rideable big birds are called and what's the name of the Princess who gets kidnapped. 3 minutes ago, BTB said: See, if it was me, the question would be "if I was a spammer, I would..." and the correct answer would be "kill myself". You really can't leave any room to interpretations though... I get that you're joking, but it's still something important to consider. Edited May 8, 2017 by Xifanie Share this post Link to post Share on other sites
Posted May 8, 2017 · Report post 7 minutes ago, Xifanie said: It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots. This sounds easy and effective. I just updated it. Thanks for the suggestions everyone. Share this post Link to post Share on other sites
Posted May 8, 2017 (edited) · Report post 20 minutes ago, Xifanie said: It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots. This one was solved by a spambot on my site (was one of the default questions that came with a question pack.. which the botters have access to as well). But, it would still slow down 90% of them..because they're not very bright generally and don't keep their crap up to date. Interpretation questions can be done if their answers are limited enough.. if your question plugin allows multiple answers. Though those can be easier to figure out. Edited May 8, 2017 by Hordequester Share this post Link to post Share on other sites
Posted May 8, 2017 (edited) · Report post 7 minutes ago, Hordequester said: This one was solved by a spambot on my site (was one of the default questions that came with a question pack.. which the botters have access to as well). But, it would still slow down 90% of them..because they're not very bright generally and don't keep their crap up to date. Interpretation questions can be done if their answers are limited enough.. if your question plugin allows multiple answers. Though those can be easier to figure out. I have no idea what this forum runs on, but I know SMF2 didn't allow multiple answers (which sucks). You're correct that this can be solved by some bots; I just assumed wrong, but it doesn't really surprise me either way. Basically, if you work hard enough on a bot, it can solve almost anything, but I just didn't think they were at this level yet. I was actually thinking of a question that could have "NG+" as the answer (since this would definitely block any spambot), but couldn't figure out a clear-cut question for it. IDEALLY the question should be "What is this website about", but I'm not really sure of this myself yet. Edited May 8, 2017 by Xifanie Share this post Link to post Share on other sites
Posted May 9, 2017 · Report post Maybe just a very simple question, but can you add hidden words to a question? E.g. the user sees "What is this website called?" but a bot that scans the code would see something like "What is (the favorite beer of) this website('s owner) called?" or some literally random trash string that gets generated new each time the site gets called Share this post Link to post Share on other sites
Posted May 10, 2017 (edited) · Report post On 5/9/2017 at 5:26 PM, praetarius5018 said: Maybe just a very simple question, but can you add hidden words to a question? E.g. the user sees "What is this website called?" but a bot that scans the code would see something like "What is (the favorite beer of) this website('s owner) called?" or some literally random trash string that gets generated new each time the site gets called I mean technically you could probably add a question that wasn't supposed to be answered and a dumb bot would then answer it but if it were marked hidden a bot would know to skip it.. they read web pages the same as people do. I guess you could try and match the background and misalign the answer box so that the user doesn't see it. But, it would be far more difficult to tweak and get right than just rotating custom questions every month or when a bot does bypass it. A better approach would be a simple question but with a condition on it that the bot wouldn't know what to do with.. like "What is the url of this website with the first two letters spelled out?" Bots are horrible at condition statements because they're all written different depending on the person writing it. Edited May 10, 2017 by Hordequester Share this post Link to post Share on other sites
Posted May 11, 2017 (edited) · Report post I ment in the same question field like with a html tag that has via css display set to none. That way a bot wouldn't know it has the wrong question because there is only one, but filled with humanly-not-visible garbage. It would still need rotating questions, else they'd just learn "on page ngplus.net ignore what the text field says and put answer xyz". Was just a silly idea. Edited May 11, 2017 by praetarius5018 Share this post Link to post Share on other sites
Posted May 11, 2017 · Report post That just made me think about a trick that I reaaaaally doubt any spambot would support: <style> .anti-spambot:before { content:"Type NG+"; } </style> <span class="anti-spambot"></span> Of course, this might not be an ideal solution given the forum engine, but it's pretty to look at, at least. Share this post Link to post Share on other sites