• OzzModz is no longer taking registrations. All registrations are being redirected to Snog's Site
    All addons and support is available there now.

Addon [OzzModz] Login Spaminator

Status
Not open for further replies.

Ozzy47

Administrator
Ozzy47 submitted a new resource:

[OzzModz] Login Spaminator - Login Form Spam Bot Fighting Tool

Another mod brought to you by,


This mod is another tool in fighting spam bots from signing up at your forum.

How it works

The approach of [OzzModz] Login Spaminator is to add various elements to login form that needs protection from bots. These elements do not present new fields to users, so [OzzModz] Login Spaminator is completely transparent to humans. Both humans and bots submit those forms and [OzzModz] Login Spaminator performs heuristic analysis on each submitted form.
Bots are usually programs/scripts that are relatively dumb, and 99.9% of the time they fail [OzzModz] Login Spaminator tests and human users don't. Once [OzzModz] Login Spaminator proves the submission is by a bot, the form submission is blocked.

The more there are opportunities for the bot to slip and prove it is a bot, the better defense from spam we have. So we can combine multiple checks as opposed to only one CAPTCHA/ReCaptcha per form. This gives huge advantage to [OzzModz] Login Spaminator.

Since programs like XRummer have defeated CAPTCHA/ReCaptcha, email verification, Q & A and many other spam blocking tecniques, [OzzModz] Login Spaminator brings a whole new set of problems, the bots will fail 99.9% of the time. Now a little history on XRummer.

-----------------------------------------------------------------------------------------------------------------------------

About XRumer

XRumer
is a search engine optimization program, created by BotmasterLabs, that is able to register and post to forums (forum spam) with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP and features a proxy checking tool to verify the integrity and anonymity of the proxies used.
In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google ranking without falling afoul of forum posting policies. The software is also capable of avoiding detection by making posts in off-topic, spam and overflow sections of forums thus attempting to keep its activities in high activity low content areas of the targeted forum. However there are other platforms used to spam to which includes website comment spam.


XRumer is capable of posting to blogs and guestbooks in addition to its main role as an automated forum posting tool. It can also create forum profiles complete with signature in an attempt to avoid alerting forum administrators with any off topic forum posts. The software is also able to gather and decipher artificial intelligence such as security questions (i.e. what is 2+2?) often used by forums upon registration. Since the latest version of XRumer, the software is capable of collecting such security questions from multiple sources and is much more effective in defeating them.
Helper program Hrefer is also included. This software is used to automatically parse results from search engines including Google, Yahoo, Bing and Yandex for forums and blogs that can then be used as a target list for the main XRumer application.

As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL have been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is Averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them but with the goal to make automatic recognition impossible. Captchas are used by freemail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

-----------------------------------------------------------------------------------------------------------------------------

Advantages Of [OzzModz] Login Spaminator

There are many advantages of [OzzModz] Login Spaminator over CAPTCHA/ReCaptcha, email verification, Q & A etc:

  • [OzzModz] Login Spaminator does not bother normal human users.
  • [OzzModz] Login Spaminator tests are designed in such a way that normal users will never see them
  • There is no limitation on number of tests [OzzModz] Login Spaminator can implement on forms, so it can get progressively stronger.
  • As bots get smarter, [OzzModz] Login Spaminator will be updated with new recipes to defeat them.
  • [OzzModz] Login Spaminator needs very little configuration.

-----------------------------------------------------------------------------------------------------------------------------

Four Spam Prevention Options I Avoid

Captcha's

A captcha is an image that renders text in an not-so-easy-to-read way, also known as challenge text. By requiring users to type the challenge text into a text field, it verifies some form of human interaction and intelligence. So if what the user enters matches the challenge text, the user is said to have successfully completed the challenge and their form submission is allowed to proceed.

But this has also been defeated by XRumer.

Q & A's
A second option is implementing a question and answer field. For example, a sign up form may include the following question: What color is an orange? Humans can easily answer that question, whereas spam bots won’t be smart enough. Once submitted, the answer to the question can be tested, if it’s correct the form was likely submitted by a human and can be handled accordingly.

But this has also been defeated by XRumer.

Banning IP addresses
Banning IP addresses rarely works because those can be spoofed or reassigned and you might actually end up blocking a legitimate user; spammers tend to use dynamic IPs anyway.

Third-party solutions which use ever-growing databases of known spammers to compare against.
I don’t want to rely on some third-party solution because the fewer dependencies I have on my site the better I’m going to feel about it. Plus this also has the potential of blocking wanted users as well as unwanted ones. Some people will argue that the added complexity is a necessary evil, but I just can’t seem to bring myself to agree.


All Degrade The User Experience
While all four options are easy and help prevent spam, I don’t recommend them because they interfere with the user experience. Often times they can even be frustrating to deal with and prompt users to leave. A good example of that would be captchas that output text that’s too hard for humans to read.

For that reason I always recommend implementing the least invasive option available.

-----------------------------------------------------------------------------------------------------------------------------

Major Features
  • Stops spambots in their tracks from logging in at your site.
  • All attempts are recorded into the database, for easy viewing in the login log for those usergroups with log viewing permissions.

-----------------------------------------------------------------------------------------------------------------------------

Complete Feature List
  • Option to set set the mod in test mode, so you can see the fields the bots see. Make sure you leave it off, otherwise users that fill out the fields, will be blocked.
  • Option to select how many results to show on the log page.
  • Ability to set usergroup permissions for which groups can view the log.

-----------------------------------------------------------------------------------------------------------------------------

Frequently Asked Questions.

Q.
Why do I need such a thing, you ask?

A. To screw spambots.

-----------------------------------------------------------------------------------------------------------------------------

* History (Changelog) *
-------------------------
v1.0.0 (May 19, 2019)
- Initial private beta release.

Read more about this resource...
 

Attachments

  • OzzModz.png
    OzzModz.png
    56.5 KB · Views: 0
I do have a update planned early next month. Seems the bots have adjusted to some of the traps, so the addon needs to be tweaked.
 
Login Spaminator is now for sale and all support is now on Snog's site.

 
Status
Not open for further replies.
Back
Top