SykkBoy

Our dating site has been getting hit pretty hard with profiles created by XRumer. I wouldn't care so much if they weren't so shitty ;-)

Is there a way to detect XRumer? I'd like to be able to autoblock as soon as we start seeing the profiles come in.

__________________
Support my new movie “The Second Coming”

Ferus

Like most will say
No point in investing $XXXX, in a golden solution sold by security-pushers

SykkBoy

It looks like that's the way we'll be going, I was just hoping someone might have a decent blocking solution or detection solution so we can write our own blocker.

__________________
Support my new movie “The Second Coming”

klinton

check out stopforumspam.org for latest XR IPs and used emails...

as someone above posted, the only efficient and smart way is to post a some specific questions and answers...and change/ modify them from time to time

Klen

Ferus suggestion sound quite fine to me,questions which can be answered by human only usually do the trick

RazorSharpe

The solution we use (not a dating site):

We create a hidden field named "email" and we generate the field name for the real email address on-the-fly. Most automated softwares will fill in the hidden field and won't know how to handle the real email field. The beauty of changing the field name per page load makes sure people can't just manually update their software. We use a combination of hash and time stamp. Works well for us ...

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

sarettah

That is quite a nice solution. Simple. Wish I had thought of that


.

__________________
All cookies cleared!

_Richard_

HerPimp

Captcha does not work, for a penny people will type it out. Only use Q/A and get creative.

__________________

AmeliaG

Ooh, that is a nice elegant solution!

__________________
GFY Hall of Famer

AltStar Hall of Famer



Blue Blood's SpookyCash.com

Babe photography portfolio

SDSimon

Hi SykkBoy.
Would HTaccess work here?

>>>Winners WIN because they NEVER GIVE UP!<<<

freecartoonporn

this

we used to do hidden field technique but very simple way.
create a hidden field name it email and check serverside.
if filled then its bot else human.

but yours looks pretty interesting., theres one downside i can think of , is that , people have to retype email at every visit.

another way use javascript to hide field

__________________

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

RazorSharpe

Well considering that this is a registration form, the user should essentially only be filling this form in once so "every visit" shouldn't really be an issue.

__________________
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.

just a punk

Yep. I'm using the similar method on my sites since 2003. BTW, another good solution is to encrypt your signup form with JavaScript. It will stop 99% of spamboats that automatically searching for forms at your webpages.

__________________
Obey the Cowgod

just a punk

Also you can generate a special token (using the visitor's IP for example) and set it as a cookie when your registration form was visited. Then just check it when the form will be submitted. I was using this method long time ago to protect against so-called referrer spoofing. AFAIK this method is still being used by many high-trafficking websites like Pinterest.

Edit: Course ANY protection can be compromised but not by XRumer or regular spambots. The one will need to create a special software to bypass your protection. For example, this my WP plugin allows to automatically pin the post images to various pinboards including pinterest.com, sex.com and many others: http://www.cyberseo.net/xpinner/

__________________
Obey the Cowgod

freecartoonporn

wont this stop ppl from joining if their javascript is disabled ?

__________________

SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean

just a punk

Almost all sites now require JavaScript, so I don't see a problem with that. Even this board won't work as it should w/o JavaScript. Not even mention all these new responsive sites.

__________________
Obey the Cowgod

SykkBoy

I like this, thanks

Also, going to test out the Q/A
captchas are pretty much useless and will just piss of actual users (although they're probably used to them by now)

we're also working with dynamic membera area/login pages.

__________________
Support my new movie “The Second Coming”

Klen

Yeah i get pissed every time when i see monstrosity known as re-captcha.