Welcome, Guest!!
follow us on... rss

Author Topic: Bots with "real" names  (Read 35517 times)

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #15 on: February 22, 2009, 04:52:04 PM »
Unfortunately, yep :( (alot of 'em tend to be mixed with keyloggers, or use the name the victim is logged onto their PC as)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #16 on: February 23, 2009, 09:12:31 PM »
Ah, the queries themselves are adding to the database.

Can you remove this record please

http://www.botscout.com/search.htm?sterm=Martin00001&stype=q

That's my IP and email address, as I tried creating his registration for him using 'Martin' as the username, my email and my IP, I was then going to edit his record to his details.  (I don't have server access, so I can't quickly enable or disable this filter)

Then I realised I had the old version of SBST which does the username checks, and doesn't rely on multiple items being blocked, so it seems by trying to sign up using 'Martin' and other non-listed details, those extra details are now also listed.

Hope that makes sense :)

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #17 on: February 23, 2009, 09:15:45 PM »

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #18 on: February 24, 2009, 02:44:47 AM »
Cheers for letting me know dude, the SBST has never submitted anything to BS, so if it's getting added automagically, I think it's likely there's a bug in the code on BS's side.

/edit

Depending of course, on why it's adding it, as it doesn't seem to add everything (I love coding sometimes - the problems they come up with are always hillariously annoying hehe)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Bots with "real" names
« Reply #19 on: February 24, 2009, 04:03:14 AM »
Cheers for letting me know dude, the SBST has never submitted anything to BS, so if it's getting added automagically, I think it's likely there's a bug in the code on BS's side.

Not so much a bug as a feature. We were doing some predictive adding of tested data based on whether or not any of the other items had been logged before. We've turned that off for the moment.

The IPs and records mentioned have been removed.
Please don't PM me for assistance- post your questions in the forum where others can see them.

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #20 on: February 24, 2009, 04:09:47 AM »
hehe nice one, cheers :)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #21 on: February 24, 2009, 01:39:48 PM »
OK great, the predictive method of adding does sound like a good idea, though strengthening the criteria maybe two require two of the 3 existing items would cause less potential for false positives, so if IP and email are already listed in the lookup, but username isn't listed, then add the username,

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #22 on: February 25, 2009, 06:10:18 PM »
Oks, I've added the selective matching, along with a few other things. Anyone fancy testing it?

http://hosts-file.net/download/test/check_spammers.zip

The new BotScout code by the way, is (modified of course as the following is a variation on what is included in the SBST);

Code: [Select]
// *********************************************************************************
// BEGIN CHECK BOTSCOUT
// *********************************************************************************
//
// Check the username etc against BotScout. Done using a single query for efficiency
// as we don't need multiple queries for the plain version.
//
// If any of the values are missing, BotScout will ignore them (better for us as it
// prevents us having to deal with them, which thus prevents spammers potentially
// abusing it)
//
if($sBSAPI !=''){
$BaseMatch="2,3";
$bFoundMatch=false;
$sBSMail = $mail;
$sBSIP = $ip;
$sBSName = $name;
$fspamcheck = getURL('http://botscout.com/test/?multi&key='.$sBSAPI.'&mail='.$sBSMail.'&ip='.$sBSIP.'&name='.$sBSName);
// BotScout error codes begin with an apostrophe, so we'll check for those first
if (strpos($fspamcheck, '! ') !==False) {
$bFoundMatch = false;
echo 'Error: '.$fspamcheck;
}else{
//if (strpos($fspamcheck, 'Y|') !==False) {
// $bFoundMatch = true;
//}

$sSpamData = explode('|',$fspamcheck);
if($sSpamData[0] == 'Y'){
switch($BaseMatch){
case "1,2": // Match username and IP
if($sSpamData[7] > 0 && $sSpamData[3] > 0){$bFoundMatch = true;}else{$bFoundMatch = false;}
break;
case "1,3": // Match username and E-mail
if($sSpamData[7] > 0 && $sSpamData[5] > 0){$bFoundMatch = true;}else{$bFoundMatch = false;}
break;
case "2,3": // Match IP and E-mail
if($sSpamData[3] > 0 && $sSpamData[5] > 0){$bFoundMatch = true;}else{$bFoundMatch = false;}
break;
case "1,2,3": // Match Username, IP and E-mail
if($sSpamData[7] > 0 && $sSpamData[3] > 0 && $sSpamData[5] > 0){$bFoundMatch = true;}else{$bFoundMatch = false;}
break;
default:
$bFoundMatch = true; break;
}
}else{
$bFoundMatch = false;
}

} // End if (strpos($fspamcheck, '! ') !==False)

if($bFoundMatch==true){
echo 'BotScout says this is a spamer';
} // End if($bFoundMatch==true)

} // End If ($sBSAPI !='')

// *********************************************************************************
// END CHECK BOTSCOUT
// *********************************************************************************
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #23 on: February 25, 2009, 06:37:33 PM »
Chris just reminded me that I forgot to mention, the default is to match only if IP + E-mail is found. You can change this in config.php;

Code: [Select]
// What should we base a match on? (APPLIES TO CHECK_SPAMMERS_PLAIN.PHP ONLY)
//
// 1 = Name
// 2 = IP
// 3 = Email
//
// 2,3 = Only return true if both IP and e-mail are listed
// 1,2 = Only return true if both Username and IP are listed
// 1,3 = Only return true if both Username and e-mail are listed
// 1,2,3 = Only return true if all 3 are listed
//
// IMPORTANT: This should NEVER be set to match based on username only
//    As this leaves it wide open to false positives.

$BaseMatch = "2,3";
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #24 on: February 25, 2009, 06:56:11 PM »
Working sweet as for me.   I tried cases 2,3 and 1,3

Also Mike as the legit Martin wasn't infected afte rall, could I ask we remove his email addy's from this topic, help against any SpamBots that might come this way ;)

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bots with "real" names
« Reply #25 on: February 25, 2009, 07:02:37 PM »
hehe cheers dude :)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Bots with "real" names
« Reply #26 on: February 25, 2009, 09:21:06 PM »
Yes, they're already removed. Shouldn't be a problem at this time.


Working sweet as for me.   I tried cases 2,3 and 1,3

Also Mike as the legit Martin wasn't infected afte rall, could I ask we remove his email addy's from this topic, help against any SpamBots that might come this way ;)
Please don't PM me for assistance- post your questions in the forum where others can see them.

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #27 on: February 25, 2009, 09:37:59 PM »

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Bots with "real" names
« Reply #28 on: February 26, 2009, 05:04:59 AM »
Yes, I think those are all removed already.

Sorry, I meant from this post http://botscout.com/forum/index.php/topic,17.msg154.html#msg154

Cheers
Please don't PM me for assistance- post your questions in the forum where others can see them.

rusticdog

  • Newbie
  • *
  • Posts: 12
    • View Profile
Re: Bots with "real" names
« Reply #29 on: February 26, 2009, 02:30:54 PM »
The forum post I mean....they've been removed from the database, but as they are still present in the forum post they might get picked up by bots scanning for email addresses.


Cheers