Bot List

Members Only: This forum is restricted to votes and other formal discussions and is intentionally visible to all forum visitors.

PostPosted: Mon May 05, 2008 1:11 am

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Drat, I thought just maybe..... :)

I'll delete the account tomorrow morning, along with any others that have slipped through.

Edit - Done.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

PostPosted: Tue May 06, 2008 11:44 am

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
To note - I have had to remove our blanket ban on the 220.*.*.* IP, as it was blocking a legitimate member from getting to the forums. If we see an influx of new bots, I will attempt to tweak and re-apply the ban so that it doesn't affect said member. But hopefully our anti-bot measures will stop this from happening.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Mon May 17, 2010 7:00 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Whilst it's been a while since we've had issues on this front, there have been a few bots slipping through the cracks lately. To this end, I have changed the anti-bot question within our Registration page to the following:

"What is the name of our group, which is displayed in the banner (please use lower case)?"

If anyone thinks that should be amended, or can think of a better question, please feel free to suggest it. Our previous question asked what the word next to our name was in the banner (friendship), so at this time that question cannot be re-used.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Thu Oct 28, 2010 5:53 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Just as an fyi for everyone, as a trickle of bots has started up again in the past few weeks I'll be changing the Security Question once again over the weekend.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Sat Oct 30, 2010 1:10 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Updated the question to "What is the third word in the name of our group (displayed in banner)? Please use lower case."

Hopefully that'll put a stop to the bot intrusion again for a while.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Sun Oct 31, 2010 12:05 pm

User avatar
BlackDove
Posts: 3056
Joined: Wed Sep 01, 2004 3:22 am
Location: Denial
Shit, this one is too hard for me.

Is it... is it... is it star?

No?

DAMNIT!

Re: Bot List

PostPosted: Sun Oct 31, 2010 12:26 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
BlackDove wrote:Shit, this one is too hard for me.

Is it... is it... is it star?

No?

DAMNIT!

Guess I'll deactivate your account, since you have proved yourself to be a bot :p
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Wed Nov 03, 2010 2:21 pm

User avatar
Stracius
Posts: 1471
Joined: Wed Nov 17, 2004 4:02 pm
Location: under the starry night sky
Contact:
hoott19 wrote:There are many drinks that are drunk by the people.So, the mostly, person like to have beer. They like because of it's benifit. The benifiti is that it hepls to reduce fat from the body and make the mental calm.
[WoW] This type of games should be up dated as soon as possible. Because there are many people that ere very found of such games. As these are very help full for make the brain power full and strong. So, mentaly strongness is the need of this presant era.

Re: Bot List

PostPosted: Wed Nov 03, 2010 3:11 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:

Hmm. Can't really do much more unless I change the question to a completely different subject.

Give it a week or two to see what the bot numbers are like (since it's only been changed for a few days), and if they aren't positive then I'll look at the question again.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Sat Nov 06, 2010 11:39 am

BlueFlames
Posts: 448
Joined: Wed Sep 01, 2004 3:24 am
Location: SSX Vault 12

Re: Bot List

PostPosted: Sat Nov 06, 2010 11:41 am

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
This is worrying. I wonder if they are actually human, or are indeed bots.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Sat Nov 06, 2010 5:00 pm

User avatar
Stracius
Posts: 1471
Joined: Wed Nov 17, 2004 4:02 pm
Location: under the starry night sky
Contact:
Feels humanish to me. Flip on the new accounts require admin authorization for a while and see if it doesn't go away.
hoott19 wrote:There are many drinks that are drunk by the people.So, the mostly, person like to have beer. They like because of it's benifit. The benifiti is that it hepls to reduce fat from the body and make the mental calm.
[WoW] This type of games should be up dated as soon as possible. Because there are many people that ere very found of such games. As these are very help full for make the brain power full and strong. So, mentaly strongness is the need of this presant era.

Re: Bot List

PostPosted: Sat Nov 06, 2010 8:10 pm

BlueFlames
Posts: 448
Joined: Wed Sep 01, 2004 3:24 am
Location: SSX Vault 12
Anubis wrote:This is worrying. I wonder if they are actually human, or are indeed bots.


The security question currently has a four-character answer. Even with a timed lockout for a certain number of incorrect answers, a bot could crack it fairly quickly by throwing every combination of one to four letters at the security question. If the question was, "What is the full name of the organization? (Include spaces and capitalize properly,)" with a fifteen- to thirty-minute lockout on an incorrect answer, it would take a hell of a lot longer for the bots to start seeping through without the intervention of the bot's programmer/operator.

Of course, a static security question is like a password or combination lock, in that it can always be cracked. All you can do is delay the inevitable by including more characters and a wider variety of characters. Dynamic word verification image systems, have proven much more effective at keeping bots away, as they can't take the brute force approach of throwing random letters at the verification field over and over again, since the image/password changes each time it's loaded. I'm sure it's defeatable by some means, but those means seem to be well beyond your average script kiddy at present.

I've no doubt that this last one was a bot. What are the most popular indie and commercial titles right now? Minecraft, Modern Warfare 2, and World of Warcraft. Which places did the bot target straight away? The Minecraft and Modern Warfare 2 threads, and the World of Warcraft subforum. The content of its posts were so basic that I've little doubt the bot just has a selection of smilies and the advertising link to randomly pull from, when it makes a post.

Some bots are designed to produce pretty sophisticated deceptions, though. A few years back, the Subsim Radio Room was under siege by bots that actually managed to deceive the administrators into manually activating their accounts. The bots would then make lengthy posts introducing themselves (not as bots, obviously) and reply to a few threads without placing any adverising content in their posts. Some days later, they would then go back, replacing the content of their old replies with advertising content and spamming the hell out of the board with new advertising threads. The admins only found out that these were bots, when the duplicate account activation request messages started coming in, and they went back to the old bot replies to realize that they were so vague as to have nothing to do with the thread, without appearing out of place. (For example, the bots would hit a screenshot thread, quote something wrapped in image tags, and add text like, "Nice shot!" It's not difficult to find such a thread on gaming forums; there's high odds that anything wrapped in image tags in the thread is a screenshot, and enough real users are usually interested in the length of their e-penis to make a two-word post about a screenshot and move onto the next thread. In hindsight, it was obvious that the bots never mentioned submarines or U-boats in any of their posts, but that's the nature of hindsight.)

There's no reasonable way to stop every bot. All you can really do is get the rate of incursion down to a manageable level and then, well, manage it. To come full-circle, though, I think you could have a more robust security question/answer pairing, that would take a lot longer for a bot to crack, without asking an unreasonable effort on the part of new users.

Re: Bot List

PostPosted: Sat Nov 06, 2010 11:53 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
You make a fair point about the answer length, but we currently already employ image verification on top of the question. Similarly, we also have lockouts employed - a user gets five attempts before being locked out for that session. That is also something that could be reduced if necessary.

What is bugging me more though is the fact that in the past, simply changing the question has bought us at least 6 months before problems started occuring again. Now a shorter timespan before it being cracked I could buy due to a simpler 'answer', but not even a week? I can only conclude that either there is human intervention, or the method of security itself has been cracked at last within phpBB3 - an altogether more worrying prospect.

As I say though, you do make a good point about the question length and it would be pointless jumping to conclusions so quickly. I will change the question again to the one you suggest, prompting a lengthier answer, and we can again see how that goes. If the question is 'cracked' incredibly promptly once again, I'll have to have a think about what can be done. Account activation by admin would be a last resort only - I really do not want to go down that route unless we have no other option.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Sun Nov 07, 2010 12:03 am

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Actually, what am I thinking. We can't use that question as that was the last question that we are seeking to change from. Instead going to use "What is the name of the first forum in the listing on our Forum Index", unless anyone has other suggestions not involving our name or 'friendship'.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Tue Nov 16, 2010 6:15 am

BlueFlames
Posts: 448
Joined: Wed Sep 01, 2004 3:24 am
Location: SSX Vault 12
viewtopic.php?f=2&t=7060

That lasted all of ten days. My next proposal involves fewer questions and more murder.

Re: Bot List

PostPosted: Tue Nov 16, 2010 4:26 pm

User avatar
M.Steiner
Posts: 5642
Joined: Wed Sep 01, 2004 5:57 pm
Location: UK
Contact:
Not sure if this is possible to implement but is there a way to make the question & answer work like the extra layer of security you sometimes get with sites like online banking? - For instance. You give the system "Shattered Star Exiles" and every registration attempt will pick a random selection of letters from our name and ask you to type those in (or select them from a drop-down box). Register attempt no1 it would ask you to type in the 3rd, 9th, 13th and 19th letters of our gaming groups name (ADRS). If you fail that attempt the combination will change again like it does with those image verifications and next time ask you for the 2nd, 4th, 10th, 14th letters instead. Password is always a random selection of letters from our name and you could increase the number of letters it picks to make that more secure too I guess.
That's if it's even possible, but if it is I would think that'd be harder to crack than a word which always remains the same (cept when it's manually changed ofc). :)
"My name is Ozymandias, King of Kings:
Look on my works, ye mighty, and despair!"
Nothing beside remains. Round the decay
Of that colossal wreck, boundless and bare,
The lone and level sands stretch far away.

Re: Bot List

PostPosted: Tue Nov 16, 2010 7:02 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Wonderful.

MS, what you suggest is indeed possible and would indeed be a lot harder for bots to crack. However, it would also require quite large modifications to phpBB in order to implement if there is not a mod out there for it already. A modification of that scale, I just don't have time to do atm.

I will try to look into a mod over the next couple of weeks that either mimics what you suggest, or increases anti-bot measures in some other way. For now, we may just have to put up with any that keep slipping through :(
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Mon Nov 29, 2010 12:12 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
So that everyone is aware, I will be updating our version of the phpBB3 software later this afternoon to the latest version - 3.0.8. I am hoping that some of the issue will be resolved by the various security fixes that will thus be applied. I'm going to keep looking for a mod to help, but am also hoping this will do some good.

I will be closing the board for the duration of the upgrade, so that it can be completed smoothly.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Tue Nov 30, 2010 5:38 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Ok, the update to 3.0.8 is FINALLY complete. Sorry about the forum being inaccessible and broken for the majority of the last 24 hours, but the update went incredibly badly due to the server. A brief explanation would be that it refused to let any part of the update proceed, so I ended up having to apply all database changes and code changes manually :blank:

So, what does this mean? Well, two things. First of all, and most importantly, we now have various security updates applied along with a new Captcha - reCAPTCHA - rather than the one we were using which had been successfully hacked about a decade ago. reCAPTCHA is supposed to be a lot better at keeping spam bots out, so hopefully it will improve the situation we've been experiencing for the past few weeks with regards to bots/spam.

Secondly, the administrative situation is somewhat more positive than it has been in a couple of years. During countless hours of frustration, I wrote and applied various different scripts to attempt to clear our cache files (those files have been inaccessible to us for about two years now due to server issues, and had caused a lot of problems in terms of us being unable to update various things due to cached files overriding changes we made). I can only guess one of those scripts took an awful long time to run, since when I got up this morning the cache had been fully cleared, meaning we now have access to it again. I'm going to clear it every week or so from now on, to ensure we don't slip back into the situation where we lose our access again.

One negative knock on effect of my having to apply the update manually though is that it introduces the human error factor. Everything I have tested so far works ok, but if anyone spots any issues/has any problems with the forums in the next couple of days and/or weeks, then please let me know what you were doing and what happened. Similarly, if anyone sees any mention of "cache/data_global.php" across the site, could you please let me know - this is an issue generated when phpBB tries to modify its cached config file and finds it cannot due to a permissions error. I can't fix this error, as the 'applying' of permissions on our server has been broken for a long time, but I can force it to manually regenerate the file and thus solve the issue until the next time an edit needs to be made to said file.

Hopefully there will be no issues, but better safe than sorry :)

Edit: I should note that the upgrade means that we no longer have our "registration question", as the choice is now between that or a CAPTCHA. For now I've gone with reCAPTCHA, but I can reconfigure this in future if necessary.

Edit 2: Tested registration with reCAPTCHA and it is now working. I have also made various little styling tweaks to the template files, to get us back to (hopefully) exactly how we were before the upgrade. I think that's everything now, so unless I or anyone else notices something I've missed I am stopping my changes now :)
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Tue Nov 30, 2010 8:31 pm

User avatar
Stracius
Posts: 1471
Joined: Wed Nov 17, 2004 4:02 pm
Location: under the starry night sky
Contact:
Very big thanks for all the hard work, Anny (and anyone else who may be involved).

Re: Bot List

PostPosted: Wed Dec 01, 2010 2:48 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Not a problem ;)

Also, having noticed a bot slipped through today, I'm going to try and add a couple of required fields into the registration process this evening - probably a drop down list selection, where the default option is rejected, and a simple arithmetic query (probably "What is 10 multiplied by x" with x being a number between one and ten).

Beyond that though, if there is no improvement I am not sure what else I can do. There are no anti-spam mods yet released and approved by phpBB for this latest version of the board software, and even if there were I would be loath to install them considering how much trouble this manual upgrade has caused. I may have to start investigating whether banning IPs would bear fruit by comparing IPs/Email Addresses of our recent offenders.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Wed Dec 01, 2010 7:11 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
Aha. My mistake. The bot from today registered a few days before I performed the upgrade. No new accounts registered since the upgrade was performed save my test one :) I take back what I said about creating required registration fields for now!
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!

Re: Bot List

PostPosted: Tue Dec 21, 2010 7:07 am

BlueFlames
Posts: 448
Joined: Wed Sep 01, 2004 3:24 am
Location: SSX Vault 12

Re: Bot List

PostPosted: Tue Dec 21, 2010 3:42 pm

User avatar
Anubis
Site Admin
Posts: 4063
Joined: Thu Sep 02, 2004 10:13 pm
Location: The Unholy Realm
Contact:
BlueFlames wrote:Another....

Dealt with, and added a Chinese e-mail suffix to the ban list.
"Perhaps this is what I have always wished for since that day. The loss and destruction of all. That's right, one must destroy before creating. In that case, if my conscience becomes a hindrance to me, then I will simply erase it. I have no other choice but to move forward....therefore!" - Lelouch vi Britannia/Zero, Code Geass: Hangyaku no Lelouch

Forever an eXile and proud of it!


Return to “Members”


Information

  • Who is online

  • Users browsing this forum: No registered users and 5 guests