Just a note ....

[MysteryFCM]

I sent you an e-mail earlier concerning the API key's usage, but decided what the heck, and figured I'd find out myself and it seems the key isn't site dependant, which is great.

I've went ahead and included a BotScout lookup in my Spambot Search Tool (I use this on multiple sites for multiple forums/forms/blogs/etc)

[Mike]

I sent you an e-mail earlier concerning the API key's usage, but decided what the heck, and figured I'd find out myself and it seems the key isn't site dependant, which is great.

I've went ahead and included a BotScout lookup in my Spambot Search Tool (I use this on multiple sites for multiple forums/forms/blogs/etc)

Welcome, and thank you for implementing the API in your software!

You're correct, the API key is not site-dependent; you can use the same API key on as many sites as you need to. Currently the key is good for 300 API queries a day, but we can adjust that up if you need more (just let us know).

We're almost ready to release our Bot Trap Form Server, and you're more than welcome to use that as well. We're putting the finishing touches on it and hope to have it available within a few days.

The Form Server lets people put a small line of code in a page that invisibly embeds a randomized form in the page each time it's loaded. The form is very attractive to bots and is designed to be nearly impossible for them to identify as a bot trap.

Unfortunately, the Form Server system needs a different key for each site registered; this was a design consideration forced on us in order to prevent malicious users (botnet owners) from poisoning the database. We don't have a hard limit on the number of sites allowed yet, and the limit will be adjustable on a per-user basis, so trusted users will be able to deploy more forms than other users.

The system uses a scoring ladder to help weed out false entries, and should be very effective in proactively responding to bots and letting them add themselves to the database.

If you're interested in trying out the Bot Trap Form Server, let me know and we'll get you going. It's very easy to implement.

Again, welcome and thank you for implementing the BotScout API in your code!


Mike

[MysteryFCM]

I sent you an e-mail earlier concerning the API key's usage, but decided what the heck, and figured I'd find out myself and it seems the key isn't site dependant, which is great.

I've went ahead and included a BotScout lookup in my Spambot Search Tool (I use this on multiple sites for multiple forums/forms/blogs/etc)

Welcome, and thank you for implementing the API in your software!

You're correct, the API key is not site-dependent; you can use the same API key on as many sites as you need to. Currently the key is good for 300 API queries a day, but we can adjust that up if you need more (just let us know).

hehe cheers ....... I'll definately need more than 300 per day (the SBST gets in excess of 5000 queries per day on a single site, and I've got it installed on 3 sites so far (no idea of the traffic to them on the other two sites as I don't monitor them)).

We're almost ready to release our Bot Trap Form Server, and you're more than welcome to use that as well. We're putting the finishing touches on it and hope to have it available within a few days.

The Form Server lets people put a small line of code in a page that invisibly embeds a randomized form in the page each time it's loaded. The form is very attractive to bots and is designed to be nearly impossible for them to identify as a bot trap.

Unfortunately, the Form Server system needs a different key for each site registered; this was a design consideration forced on us in order to prevent malicious users (botnet owners) from poisoning the database. We don't have a hard limit on the number of sites allowed yet, and the limit will be adjustable on a per-user basis, so trusted users will be able to deploy more forms than other users.

The system uses a scoring ladder to help weed out false entries, and should be very effective in proactively responding to bots and letting them add themselves to the database.

If you're interested in trying out the Bot Trap Form Server, let me know and we'll get you going. It's very easy to implement.

Again, welcome and thank you for implementing the BotScout API in your code!

Mike

My pleasure and yep, I'll be interested in trying out the BTFS

[Mike]

hehe cheers ....... I'll definately need more than 300 per day (the SBST gets in excess of 5000 queries per day on a single site, and I've got it installed on 3 sites so far (no idea of the traffic to them on the other two sites as I don't monitor them)).

Yikes, lol. Okay, we'll keep an eye on the query count for your key and if it starts to climb we'll bump it up (probably way up).

The one bit of advice I'd offer in terms of implementing the code is to check the return values carefully, the absence of a 'Y' doesn't necessarily mean there was no match- it may mean that an error is being returned (bad format, query limits, etc). We're looking at adding a special return value to help implement this, most likely a "!" returned as the first character to give scripts something to trigger on.

[MysteryFCM]

Much appreciated, cheers

A return value specific to errors would be much appreciated as it would allow easier differentiation from non-matches (let me know when you've done this and I'll modify the scripts accordingly).

[Mike]

Much appreciated, cheers

A return value specific to errors would be much appreciated as it would allow easier differentiation from non-matches (let me know when you've done this and I'll modify the scripts accordingly).

We'll look at adding this within the next day or so and we'll post a notice here (the API Doc page will also be updated).

[MysteryFCM]

Nice one

Btw, your main site login form isn't allowing my full e-mail address in order to login

Full e-mail = botscout_com AT it-mate.co.uk

It seems to limit the chars so the last letter isn't allowed?

[Mike]

Nice one

Btw, your main site login form isn't allowing my full e-mail address in order to login

Full e-mail = botscout_com AT it-mate.co.uk

It seems to limit the chars so the last letter isn't allowed?

Whoops. That's fixed now. It should take up to 50 characters now.

My partner is adding the error handling modification to the API and says he'll be done by the time I finish this message. Here's the change to the API info page:

API Error Handling
In the event of an API error or query limit, the API will return an exclamation mark (!) followed by a single space, and then the text of the error message. For example:

! Sorry, but that doesn't appear to be a valid API key.

If your code tests for an exclamation mark as the first character and finds one, then it can expect an error message to follow. The message could be emailed to an admin. It's possible we'll add an error code for the various messages, but I'm not sure if there's much utility in doing that. (??)

[Mike]

I sent you an e-mail earlier concerning the API key's usage, but decided what the heck, and figured I'd find out myself and it seems the key isn't site dependant, which is great.

Hmmm, did you send the email through the contact form? I looked but didn't see anything. (??)

[MysteryFCM]

I sent you an e-mail earlier concerning the API key's usage, but decided what the heck, and figured I'd find out myself and it seems the key isn't site dependant, which is great.

Hmmm, did you send the email through the contact form? I looked but didn't see anything. (??)

I did, yep

[MysteryFCM]

Nice one

Btw, your main site login form isn't allowing my full e-mail address in order to login

Full e-mail = botscout_com AT it-mate.co.uk

It seems to limit the chars so the last letter isn't allowed?

Whoops. That's fixed now. It should take up to 50 characters now.

My partner is adding the error handling modification to the API and says he'll be done by the time I finish this message. Here's the change to the API info page:

API Error Handling
In the event of an API error or query limit, the API will return an exclamation mark (!) followed by a single space, and then the text of the error message. For example:

! Sorry, but that doesn't appear to be a valid API key.

If your code tests for an exclamation mark as the first character and finds one, then it can expect an error message to follow. The message could be emailed to an admin. It's possible we'll add an error code for the various messages, but I'm not sure if there's much utility in doing that. (??)

Cool I've just made another modification to the script so will add this aswell then re-release it

[MysteryFCM]

I've added this in and released the new version

Btw, the bot trapping form generator doesn't seem able to detect the domains IP? (domain is the hosts-file.net server)

[Mike]

I've added this in and released the new version

Btw, the bot trapping form generator doesn't seem able to detect the domains IP? (domain is the hosts-file.net server)

I'll have a look at this, let me see what I can find. It should trigger once you TAB away from the field or click on the next field.

..........

Hmmmm, it seemed to find it okay for me: 67.228.216.52

Sometimes it takes it a moment or two to resolve the IP. If it still doesn't find it for you, let me know. Are you using IE or Firefox, or...?

I tried it with FF and IE 7.0 and it worked okay for me. (??)

[MysteryFCM]

It's detecting an IP now, but the wrong one

hosts-file.net = 212.56.95.253 (PTR: mysteryfcm.plus.com)

67.228.216.52 = eccparking.com

http://hosts-file.net/?s=67.228.216.52

Incidentally, I've got 3 sites on that IP listed in the hpHosts blacklist;

http://hosts-file.net/?s=67.228.216.52&sDM=1#matches

/edit

Using Avant Browser btw (uses the same Trident engine as IE)

[Mike]

Weird. Hmmm. Well, go ahead and save it and I'll change the IP manually. Tell me which IP to put in there and we'll give it a shot.

The form server code is nearly done and should be available within a day or so. Once you get the form key you can go here to get a preview of the form server (the forms are visible now, but they won't be when it's released):

http://botscout.com/form/?apikey=your_form_api_key

(Note that the form key isn't the same as your regular API key)

We use the PHP function gethostbyname() to resolve the IP address, but apparently it's not reliable...so we'll need to find a reliable method of getting IP addresses. (Suggestions  welcome, lol)

It's detecting an IP now, but the wrong one

hosts-file.net = 212.56.95.253 (PTR: mysteryfcm.plus.com)

67.228.216.52 = eccparking.com

http://hosts-file.net/?s=67.228.216.52

Incidentally, I've got 3 sites on that IP listed in the hpHosts blacklist;

http://hosts-file.net/?s=67.228.216.52&sDM=1#matches

/edit

Using Avant Browser btw (uses the same Trident engine as IE)