Welcome, Guest!!
follow us on... rss

Author Topic: Botreport from Users  (Read 19961 times)

ragtek

  • Newbie
  • *
  • Posts: 9
    • View Profile
    • ragtek
Botreport from Users
« on: March 18, 2009, 04:36:54 AM »
Have you planed any reportsystem?

I thought on a service that forumadmins can send you the "data" from bots which registered in forums


For example:
http://fatak.net/forum/member.php?u=1069  thats a bot, who wasn't stopped by you

now the admin could send the mailadress, username & ip to your db

if there are now >50 reports from different webpages, the probability that this is a bot is very high, so it could be a bot.
it would be necessery to "control" this(thats why i thought on 50 reports) so not everybody could report some "normal" users/competitors to the db

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Botreport from Users
« Reply #1 on: March 18, 2009, 09:52:13 AM »
Having a section on the forum for reporting them is probably the best idea, so evidence is posted and public (will save anyone complaining they don't belong in the database)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

H.beast

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Botreport from Users
« Reply #2 on: April 09, 2009, 12:37:35 PM »
Good idea. Here's one for you to check since i may have missed the forum for this. 77.52.0.97 hits big over the past few days in a Google search and the wide range of sites worldwide it's hit are typical earmarks of a bot because it's highly unlikely one person would visit and join so many sites over a two day period.

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Botreport from Users
« Reply #3 on: April 09, 2009, 12:45:20 PM »
I'm not seeing anything for that IP? Do you have any URL's to example spam posts?
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Botreport from Users
« Reply #4 on: April 09, 2009, 01:32:59 PM »
Beast,

We can add it, but we need the name and at least one address email that it's used. If you can provide that, we'll look at adding it.

Good idea. Here's one for you to check since i may have missed the forum for this. 77.52.0.97 hits big over the past few days in a Google search and the wide range of sites worldwide it's hit are typical earmarks of a bot because it's highly unlikely one person would visit and join so many sites over a two day period.
Please don't PM me for assistance- post your questions in the forum where others can see them.

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Botreport from Users
« Reply #5 on: April 09, 2009, 01:34:30 PM »
Having a section on the forum for reporting them is probably the best idea, so evidence is posted and public (will save anyone complaining they don't belong in the database)

Exactly- this would give not just us, but everyone visibility of the names, ips, etc.
Please don't PM me for assistance- post your questions in the forum where others can see them.

Mur

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Botreport from Users
« Reply #6 on: August 12, 2009, 09:59:57 AM »
Having a section on the forum for reporting them is probably the best idea, so evidence is posted and public (will save anyone complaining they don't belong in the database)

The more I test the BotScout API the more spammers I'm finding.

I looked for a forum for reporting and to give evidence but didn't find one.

I'll just add to this post.
Username: caylakcief
Email: caylak_cief@hotmail.com
IP: 78.164.53.199

It's not a bot it's Human and found a hidden testing Snitz forum I have.
Google searched the username and found it is using an old snitz hack to post into forums ..
HACKED BY GOKAY94
WWW.TURKHACKTEAM.ORG
Posted 7/2009 on the older versions.
I run the new version with a few mods and will let him deface all he wants to see if there are more code issues with snitz.

Hope this helps.

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Botreport from Users
« Reply #7 on: August 12, 2009, 10:01:59 AM »
Cheers :)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Botreport from Users
« Reply #8 on: August 12, 2009, 10:08:18 AM »
Added. :)
Please don't PM me for assistance- post your questions in the forum where others can see them.

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Botreport from Users
« Reply #9 on: August 12, 2009, 10:13:21 AM »
Beat me to it ;)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mur

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Botreport from Users
« Reply #10 on: September 09, 2009, 07:37:48 AM »
Good Morning,
Just a thought, one day we might need to setup our XML to feed remote databases so we could do away with the manual entry after the bot has been identified.
But until such time;


I score this a (10)
RAW Data:       
First Name: Chofobeeronna (used in other bots)
Email: fdudlak@ozdy.co
IP Address : 99.229.234.61 (Open Proxy Alive proxy 99.229.234.61:1025)
Username: Chofobeeronna
City: Satellite Beach
State: USA
Country:
PWD: 123456789

Mur

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Botreport from Users
« Reply #11 on: September 09, 2009, 07:46:59 AM »
RAW Data:       
First Name: Chofobeeronna (used in other bots)
Email: fdudlak@ozdy.co
IP Address : 99.229.234.61 (Open Proxy Alive proxy 99.229.234.61:1025)
Username: Chofobeeronna
City: Satellite Beach
State: USA
Country:
PWD: 123456789
Sorry, I should have explained my layout.
The above information is provided by the BOT.
In this case the Email, IP, City, State, Country do not match so it failed pretesting.


Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Botreport from Users
« Reply #12 on: September 09, 2009, 08:10:28 AM »
Sorry, I should have explained my layout.
The above information is provided by the BOT.
In this case the Email, IP, City, State, Country do not match so it failed pretesting.

Thanks- we've added this record.

I'm curious- what mechanism or code do you use to do your pre-testing? IP matching to a predetermined list of cities/state/countries, or....?
Please don't PM me for assistance- post your questions in the forum where others can see them.

Mur

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Botreport from Users
« Reply #13 on: September 09, 2009, 09:07:12 AM »
My "Pretest" is kind of simple and mostly all scripted.
Summary:
I monitor all connections to Posting, Login and Signup pages.
UserAgents that are not formed correctly are sent to a database table with the IP address. I've found most bots send out feelers before they attempt to login or post.
When the new bot attempts a login I've found they have common scripted fields. I have 6 forums and have modified the fields and names.
Typically my favorite bots will attempt to post to all 6 forums within 2 minutes. This flags the monitoring of the IP address.
Then I am notified via email with the information I displayed above.
Also bots enter specific pages where typical users don't.
It's the old "Is it Human" test.
There's more but I'm limited to the space here and I don't want to bore you all.


Mur

  • Newbie
  • *
  • Posts: 23
    • View Profile
Re: Botreport from Users
« Reply #14 on: September 09, 2009, 10:25:16 AM »
IP matching to a predetermined list of cities/state/countries, or....?

Yes, for years I have run my own version of IP to Country and Member Validation type of testing.
It was part of my eCommerce sites that had to screen every connection during checkout.

I tried to get the API running from my site to yours but the feed isn't accepted on my crappy shared over populated with spammers hosting service.

I sure wish I had a full automated system but in the end it's Human input.