Sign in to follow this  
Hordequester

Tip on registration

14 posts in this topic

Small tip from someone that's had a flood of spambots for years. Make sure your questions can't be pasted into Google for an answer. It's like the first thing the bots do to try to fill in fields. (1, 2, 4, 8, 16 spits out 32 on search first answer to first suggested search option)

Share this post


Link to post
Share on other sites

Will do.  It was just a simple question/answer I came up with to start off.  I'll start looking for a more complex one.  Good thing is that the captcha we are using is the updated one (as the old one that ID uses got hacked a little while back).  I'm going to add this to the to-do list.  Thanks for the suggestion and welcome to NG+!

Share this post


Link to post
Share on other sites

I always liked "What is the other square root of -1?" but almost nobody knows that it's j. Instructions are good - "Type qwertyuiop backward" isn't trivial for a spambot to parse. The fact that, as I recall, you've hooked it into Google's captcha helps a lot as well.

Share this post


Link to post
Share on other sites

The typical rule of thumb for the questions is to use a rotating list that is changed periodically with questions that are too vague or too specific for an engine to find the answer to. So, like for my site.. I ask "what is the main color of our logo?" or "What is the name of the third forum on this website?" etc and update them every few months or as I find bots getting through. It can be good to intentionally leave non-obvious typos in the questions. Quirky or clever questions can be programmed for as common answers like "Type {s} [backwards]" could be programmed to be parsed for key phrases and solved. I believe there is already a bot on the market that does that particular style of question. Captchas are definitely great it's just that they are heavily targeted by botting programs so they usually do not last long. The best bots that have bypassed them don't do the spam crap.. they datamine so you never even know there were here but that information then gets passed on to the script kiddies eventually.

Edited by Hordequester

Share this post


Link to post
Share on other sites

Reading all of the stuff bots do just to ultimately spam people makes me rage really bad. The insight is appreciated from someone who knows nothing about it.

Share this post


Link to post
Share on other sites

See, if it was me, the question would be "if I was a spammer, I would..." and the correct answer would be "kill myself".

Share this post


Link to post
Share on other sites

It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots.

FFH being related specifically to FFT, I added a few very simple questions, but I still added links to wiki articles just in case... such as Ramza's sister's name, What final fantasy rideable big birds are called and what's the name of the Princess who gets kidnapped.

3 minutes ago, BTB said:

See, if it was me, the question would be "if I was a spammer, I would..." and the correct answer would be "kill myself".

You really can't leave any room to interpretations though... I get that you're joking, but it's still something important to consider.

Edited by Xifanie

Share this post


Link to post
Share on other sites
7 minutes ago, Xifanie said:

It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots.

This sounds easy and effective.  I just updated it.

Thanks for the suggestions everyone.

Share this post


Link to post
Share on other sites
20 minutes ago, Xifanie said:

It can sometimes be extremely simple, like, "What's the name of this website". This will still block essentially all spambots.

This one was solved by a spambot on my site (was one of the default questions that came with a question pack.. which the botters have access to as well). But, it would still slow down 90% of them..because they're not very bright generally and don't keep their crap up to date.

Interpretation questions can be done if their answers are limited enough.. if your question plugin allows multiple answers. Though those can be easier to figure out.

Edited by Hordequester

Share this post


Link to post
Share on other sites
7 minutes ago, Hordequester said:

This one was solved by a spambot on my site (was one of the default questions that came with a question pack.. which the botters have access to as well). But, it would still slow down 90% of them..because they're not very bright generally and don't keep their crap up to date.

Interpretation questions can be done if their answers are limited enough.. if your question plugin allows multiple answers. Though those can be easier to figure out.

I have no idea what this forum runs on, but I know SMF2 didn't allow multiple answers (which sucks).

You're correct that this can be solved by some bots; I just assumed wrong, but it doesn't really surprise me either way. Basically, if you work hard enough on a bot, it can solve almost anything, but I just didn't think they were at this level yet. I was actually thinking of a question that could have "NG+" as the answer (since this would definitely block any spambot), but couldn't figure out a clear-cut question for it. IDEALLY the question should be "What is this website about", but I'm not really sure of this myself yet. :P

Edited by Xifanie

Share this post


Link to post
Share on other sites

Maybe just a very simple question, but can you add hidden words to a question?

E.g. the user sees "What is this website called?"

but a bot that scans the code would see something like "What is (the favorite beer of) this website('s owner) called?"

or some literally random trash string that gets generated new each time the site gets called

Share this post


Link to post
Share on other sites
On 5/9/2017 at 5:26 PM, praetarius5018 said:

Maybe just a very simple question, but can you add hidden words to a question?

E.g. the user sees "What is this website called?"

but a bot that scans the code would see something like "What is (the favorite beer of) this website('s owner) called?"

or some literally random trash string that gets generated new each time the site gets called

I mean technically you could probably add a question that wasn't supposed to be answered and a dumb bot would then answer it but if it were marked hidden a bot would know to skip it.. they read web pages the same as people do. I guess you could try and match the background and misalign the answer box so that the user doesn't see it. But, it would be far more difficult to tweak and get right than just rotating custom questions every month or when a bot does bypass it.

A better approach would be a simple question but with a condition on it that the bot wouldn't know what to do with.. like "What is the url of this website with the first two letters spelled out?" Bots are horrible at condition statements because they're all written different depending on the person writing it.

Edited by Hordequester

Share this post


Link to post
Share on other sites

I ment in the same question field like with a html tag that has via css display set to none.

That way a bot wouldn't know it has the wrong question because there is only one, but filled with humanly-not-visible garbage.

It would still need rotating questions, else they'd just learn "on page ngplus.net ignore what the text field says and put answer xyz".

 

Was just a silly idea.

Edited by praetarius5018

Share this post


Link to post
Share on other sites

That just made me think about a trick that I reaaaaally doubt any spambot would support:
 

<style>
.anti-spambot:before {
    content:"Type NG+";
}
</style>

<span class="anti-spambot"></span>

Of course, this might not be an ideal solution given the forum engine, but it's pretty to look at, at least.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this