Page 1 of 1

Clever Bots

Posted: Fri Jun 03, 2022 10:37 pm
by Zofz
When I set up the ZofzPCB website, I was scared about unintentionally breaking the copyright law or not having a correct Impressum. Then I got into monitoring the traffic. Google analytics was my best friend. It took quite a lot of time from me.

Then the GDPR law topic come. I have decided to remove Google Analytics from the website.
I didn't want to have those annoying consent banners, and I didn't want to lose even more time looking at the curves. Instead, I wrote a small Apache log analysis program, having a week as the time step.

But what was surprising was to see so many attempts to break in!
The website was absolutely static at the time, and any attempts were just in vain, even funny.
I even wanted to create an artificial Word-Press login page just for fun.

Everything changed when I uploaded the forum software (phpBB). Suddenly the attacks become clever, touching the right points. The bots were passing the image captcha and were placing some strange messages. Nothing drastic, just creating backlinks to some webpages, like doctors' offices - whoever ordered a google search boost.
This would make sense only if repeated many times on many forums. So, such advanced software, capable of completing forum registration, including answering email confirmation and passing the captcha, just for this. (Or was it an actual human.)
I have panicked, and I have removed those users in bulk. (Even one real user, sorry!)

The solution was quite unexpected.
One has to replace the captcha with a simple test question. How good that we have a kind of subculture on PCB design/manufacture.
The bots are known to google the question and try combinations of Google answers. Very advanced, very interesting.

Now, how to form a query to make google stupid? "Not knowing" is not the best idea, as Google knows a lot. One must let some more popular topic prevail.
For example, the green mask (our, typically-green lacquer) will be overwhelmed by the existence of a "green" beauty product to be placed on a human face.
Awesome. No bot has passed thru till now.
I hope I didn't go too far on this.

Re: Clever Bots

Posted: Fri Jul 29, 2022 1:53 pm
by Kaziq
Slightly too far in my opinion. I had to type the answer four times to match the right combination of capitals and spaces. You realize it is spelled in various ways, right? :) Perhaps you could make it accept all the versions, not only one, if the feature allows for that.

But it's still not so bad, as one forum I recently tried to register on. After answering the question, the activation e-mail never came (tried several times). And I couldn't find any way to contact the forum staff, so perfect spam protection gyus :D
Just kidding. I know that it was not intentional. But it's a great lesson, that too much protection may be bad for you.

Re: Clever Bots

Posted: Fri Jul 29, 2022 2:35 pm
by Zofz
There is a possibility to give several answers in the forum setup. There are multiple questions, btw, rotating slowly. Please PM me with the other responses you have been trying.

Re: Clever Bots

Posted: Fri Jul 29, 2022 5:19 pm
by Kaziq
I can't use PMs. It says I have too few posts, or something. Will send you an email instead.