Go Back   EQEmulator Home > EQEmulator Forums > General > General::General Discussion

General::General Discussion General discussion about EverQuest(tm), EQEMu, and related topics.
Do not post support topics here.

Reply
 
Thread Tools Display Modes
  #1  
Old 09-12-2007, 12:02 AM
Lalolyen
Banned
 
Join Date: Aug 2007
Location: Sneeking up behind a admin IRL
Posts: 169
Default

Actually if the admin of the wiki would contact me.. I can give ya some code to stop auto-signups on the wiki and can give ya some code to stop spam submissions.

Everyone has seen the "type what you see in the image" to create an account but the anti-spam script is our own that I created a few years back. Simply put, its the same type of preventative script that VB and phpBB uses to keep people from flooding a forum, based upon time.
Reply With Quote
  #2  
Old 09-12-2007, 02:48 AM
Theeper
Discordant
 
Join Date: May 2004
Posts: 290
Default

CAPTCHA's won't stop the bots. there is plenty of CAPTCHA detecting OCR software out there that works great. The easiest thing to is to put a simple hidden form variable or add some custom field to the reg page. Then, the spammers have to manually modify their bots. They won't want to do it just for one site.
Reply With Quote
  #3  
Old 09-12-2007, 03:30 AM
Lalolyen
Banned
 
Join Date: Aug 2007
Location: Sneeking up behind a admin IRL
Posts: 169
Default

Mine will I haven't seen a CAPTCHA bot yet that can answer questions thats presented in an image =).

Such as in text "What color" In image "is the sky"? And...
in text "What are the first two letters in" in image "Rhumspheld"?

If bots can break that, its time for me to retire.

You would really have to have one hell of a reason system built into that bot.

Last edited by Lalolyen; 09-12-2007 at 11:33 AM..
Reply With Quote
  #4  
Old 09-12-2007, 03:57 AM
Theeper
Discordant
 
Join Date: May 2004
Posts: 290
Default

You should start your retirement process now then :p~

Since your questions couldn't be completely random, it's just security through obscurity. All I need to do is manually refresh your page a few times and write down all the answers one time.

Since a bot can easily read your image text, it's simple to plug in the answers and have the bot compare text strings and generate the answer.

The main principal behind CAPTCHA is that the text is completely random, so it would be very difficult for someone to generate a hash table or maintain a list of answers. Setting a finite amount of possible solutions actually makes it easier for bots to crack your system.

Granted, noone would spend much effort to crack that type of CAPTCHA on a small site like this, but if it were a piece of widely distributed software or some big site, it would be cracked within minutes.
Reply With Quote
  #5  
Old 09-12-2007, 04:34 AM
sfisque
Hill Giant
 
Join Date: Oct 2006
Posts: 248
Default

except that lalo's solution works fine for "untargetted" attacking. if someone is taking the time to sniff the site for vulnerabilities in order to hand craft their bot's attack, we can assume it is a targetted attack from a (most likely small) set of addresses which can be black listed.

security through obscurity works fine, if it is maintained (read: the dictionary of questions is modified over time to prevent staleness), for a "one off" which our wiki would be (there wont be 1000's of shrink wrapped releases of our wiki).

== sfisque
Reply With Quote
  #6  
Old 09-12-2007, 05:06 AM
Lalolyen
Banned
 
Join Date: Aug 2007
Location: Sneeking up behind a admin IRL
Posts: 169
Default

Quote:
Originally Posted by sfisque View Post
except that lalo's solution works fine for "untargetted" attacking. if someone is taking the time to sniff the site for vulnerabilities in order to hand craft their bot's attack, we can assume it is a targetted attack from a (most likely small) set of addresses which can be black listed.

security through obscurity works fine, if it is maintained (read: the dictionary of questions is modified over time to prevent staleness), for a "one off" which our wiki would be (there wont be 1000's of shrink wrapped releases of our wiki).

== sfisque

Yeah but come on lol, the spammer is posting advertisements. Thats not targeted in the least, thats the same as email spam; someone has a list of URLs set up in a bot to go out and advertise their websites for the search engines to pick up on. I've seen the same thing on MediaWiki quite a bit.

Image verification, even the simplest verifications will shut down the spam we have been seeing.

If someone is outright attacking the website, then the admins need to get a hold of the FBI, they DO investigate those whom intrude in networks and information systems (including gaining unauthorized access to spam the wiki).
Reply With Quote
  #7  
Old 09-12-2007, 10:04 AM
Theeper
Discordant
 
Join Date: May 2004
Posts: 290
Default

CAPTCHA will not stop spam. Bots like XRumer have proven that.

Unless our wiki software was custom written, it is just like the thousands of other sites that use it .. which is why spam bots hit us.

Regardless, why go through the trouble of making images and creating a DB of questions/answers ? Just add 1 custom field into the reg page, like a checkbox. Then, any bot would have to be programmed to submit the extra data.

I have run a few sites with phpBB on them for several years and the only thing that has ever eliminated spam on them is by slightly altering the submitted fields. Every CAPTCHA mod I tried was cracked before I even installed it. Granted, phpBB is much more widespread than this wiki software, but the principal is the same.

There is a new trick spammers use .. they set up a free porn site, harvest your CAPTCHA image, post it to the porn site, make surfers solve it to view nekked pics, then store the answer so it can solve it on your site. Even the most advanced and unreadable image can be cracked this way.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

   

All times are GMT -4. The time now is 10:30 PM.


 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3