• OzzModz is no longer taking registrations. All registrations are being redirected to Snog's Site
    All addons and support is available there now.

Addon [OzzModz] Registration Spaminator

Status
Not open for further replies.

Ozzy47

Administrator
Ozzy47 submitted a new resource:

[OzzModz] Spaminator - Registration Spam Bot Fighting Tool

Another mod brought to you by,
OzzModz.png

This mod is another tool in fighting spam bots from signing up at your forum.

How it works

The approach of [OzzModz] Spaminator is to add various elements to forms that need protection from bots. These elements do not present new fields to users, so [OzzModz] Spaminator is completely transparent to humans. Both humans and bots submit those forms and [OzzModz] Spaminator performs heuristic analysis on each submitted form.
Bots are usually programs/scripts that are relatively dumb, and 99.9% of the time they fail [OzzModz] Spaminator tests and human users don't. Once [OzzModz] Spaminator proves the submission is by a bot, the form submission is blocked.

The more there are opportunities for the bot to slip and prove it is a bot, the better defense from spam we have. So we can combine multiple checks as opposed to only one CAPTCHA/ReCaptcha per form. This gives huge advantage to [OzzModz] Spaminator.

Since programs like XRummer have defeated CAPTCHA/ReCaptcha, email verification, Q & A and many other spam blocking tecniques, [OzzModz] Spaminator brings a whole new set of problems, the bots will fail 99.9% of the time. Now a little history on XRummer.

-----------------------------------------------------------------------------------------------------------------------------

About XRumer

XRumer
is a search engine optimization program, created by BotmasterLabs, that is able to register and post to forums (forum spam) with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP and features a proxy checking tool to verify the integrity and anonymity of the proxies used.
In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google ranking without falling afoul of forum posting policies. The software is also capable of avoiding detection by making posts in off-topic, spam and overflow sections of forums thus attempting to keep its activities in high activity low content areas of the targeted forum. However there are other platforms used to spam to which includes website comment spam.


XRumer is capable of posting to blogs and guestbooks in addition to its main role as an automated forum posting tool. It can also create forum profiles complete with signature in an attempt to avoid alerting forum administrators with any off topic forum posts. The software is also able to gather and decipher artificial intelligence such as security questions (i.e. what is 2+2?) often used by forums upon registration. Since the latest version of XRumer, the software is capable of collecting such security questions from multiple sources and is much more effective in defeating them.
Helper program Hrefer is also included. This software is used to automatically parse results from search engines including Google, Yahoo, Bing and Yandex for forums and blogs that can then be used as a target list for the main XRumer application.

As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL have been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is Averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them but with the goal to make automatic recognition impossible. Captchas are used by freemail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

-----------------------------------------------------------------------------------------------------------------------------

Advantages Of [OzzModz] Spaminator

There are many advantages of [OzzModz] Spaminator over CAPTCHA/ReCaptcha, email verification, Q & A etc:

  • [OzzModz] Spaminator does not bother normal human users.
  • [OzzModz] Spaminator tests are designed in such a way that normal users will never see them
  • There is no limitation on number of tests [OzzModz] Spaminator can implement on forms, so it can get progressively stronger.
  • As bots get smarter, [OzzModz] Spaminator will be updated with new recipes to defeat them.
  • [OzzModz] Spaminator needs very little configuration.

-----------------------------------------------------------------------------------------------------------------------------

Four Spam Prevention Options I Avoid

Captcha's

A captcha is an image that renders text in an not-so-easy-to-read way, also known as challenge text. By requiring users to type the challenge text into a text field, it verifies some form of human interaction and intelligence. So if what the user enters matches the challenge text, the user is said to have successfully completed the challenge and their form submission is allowed to proceed.

But this has also been defeated by XRumer.

Q & A's
A second option is implementing a question and answer field. For example, a sign up form may include the following question: What color is an orange? Humans can easily answer that question, whereas spam bots won’t be smart enough. Once submitted, the answer to the question can be tested, if it’s correct the form was likely submitted by a human and can be handled accordingly.

But this has also been defeated by XRumer.

Banning IP addresses
Banning IP addresses rarely works because those can be spoofed or reassigned and you might actually end up blocking a legitimate user; spammers tend to use dynamic IPs anyway.

Third-party solutions which use ever-growing databases of known spammers to compare against.
I don’t want to rely on some third-party solution because the fewer dependencies I have on my site the better I’m going to feel about it. Plus this also has the potential of blocking wanted users as well as unwanted ones. Some people will argue that the added complexity is a necessary evil, but I just can’t seem to bring myself to agree.


All Degrade The User Experience
While all four options are easy and help prevent spam, I don’t recommend them because they interfere with the user experience. Often times they can even be frustrating to deal with and prompt users to leave. A good example of that would be captchas that output text that’s too hard for humans to read.

For that reason I always recommend implementing the least invasive option available.

-----------------------------------------------------------------------------------------------------------------------------

Major Features
  • Stops spambots in their tracks from registering at your site.
  • All attempts are recorded into the database, for easy viewing in the spaminator log for those usergroups with log viewing permissions.

-----------------------------------------------------------------------------------------------------------------------------

Complete Feature List
  • Option to set set the mod in test mode, so you can see the fields the bots see. Make sure you leave it off, otherwise users that fill out the fields, will be blocked.
  • Option to select how many results to show on the log page.
  • Ability to set usergroup permissions for which groups can view the log.

-----------------------------------------------------------------------------------------------------------------------------

Frequently Asked Questions.

Q.
Why do I need such a thing, you ask?

A. To screw spambots.

-----------------------------------------------------------------------------------------------------------------------------

* History (Changelog) *
-------------------------
v1.0.0 (May 1, 2019)
- Initial private beta release.
 
I assume you're using all xF native anti-spam measures?

Most people think it has to be human, if these are defeated but the fact is, xrumer and other such programs defeat captchas, puzzles, Q&A, all the time. It won't defeat this, however.
 
Yeah, nice site bevans. Congratulations on your accomplishment with it.

When you see the logs, you'll understand why the bots kept getting through before.
 
Look at bevans proving you don't need fancy styles, window dressing, bells and whistles, to have a booming xF community:

Forum statistics
Threads 62,688
Messages 485,236
Members 21,052
 
Yeah, nice site bevans. Congratulations on your accomplishment with it.

When you see the logs, you'll understand why the bots kept getting through before.
Thanks, I started with Matt's WWWBoard in 1996, switched to a product called Discus in 1998, switched to VB3 in 2004 and the forum built up to nearly 2 million posts.
Then in 2013 I had a hard drive fry, and my only backups were corrupted. So I rebuilt with VB4 and 0 posts, Everything on there has been since Oct. 2013
Just switched to Xenforo about a month ago.
The site is pretty much standard, as you can tell. But folks seem to be taking to it all right.
 
Your experience will be great to have as a tester, you've seen ALL the anti-spam crap over the years, but nothing like the Spaminator.
 
We will see how you do with this one, and if necessary give you access to the login spaminator. That stops any existing bots from logging in.
 
Yep login Spaminator and "Contact us" spaminator, if you don't already have that one it IS released I believe.
 
Status
Not open for further replies.
Back
Top