Clever Bots
Posted: Fri Jun 03, 2022 10:37 pm
When I set up the ZofzPCB website, I was scared about unintentionally breaking the copyright law or not having a correct Impressum. Then I got into monitoring the traffic. Google analytics was my best friend. It took quite a lot of time from me.
Then the GDPR law topic come. I have decided to remove Google Analytics from the website.
I didn't want to have those annoying consent banners, and I didn't want to lose even more time looking at the curves. Instead, I wrote a small Apache log analysis program, having a week as the time step.
But what was surprising was to see so many attempts to break in!
The website was absolutely static at the time, and any attempts were just in vain, even funny.
I even wanted to create an artificial Word-Press login page just for fun.
Everything changed when I uploaded the forum software (phpBB). Suddenly the attacks become clever, touching the right points. The bots were passing the image captcha and were placing some strange messages. Nothing drastic, just creating backlinks to some webpages, like doctors' offices - whoever ordered a google search boost.
This would make sense only if repeated many times on many forums. So, such advanced software, capable of completing forum registration, including answering email confirmation and passing the captcha, just for this. (Or was it an actual human.)
I have panicked, and I have removed those users in bulk. (Even one real user, sorry!)
The solution was quite unexpected.
One has to replace the captcha with a simple test question. How good that we have a kind of subculture on PCB design/manufacture.
The bots are known to google the question and try combinations of Google answers. Very advanced, very interesting.
Now, how to form a query to make google stupid? "Not knowing" is not the best idea, as Google knows a lot. One must let some more popular topic prevail.
For example, the green mask (our, typically-green lacquer) will be overwhelmed by the existence of a "green" beauty product to be placed on a human face.
Awesome. No bot has passed thru till now.
I hope I didn't go too far on this.
Then the GDPR law topic come. I have decided to remove Google Analytics from the website.
I didn't want to have those annoying consent banners, and I didn't want to lose even more time looking at the curves. Instead, I wrote a small Apache log analysis program, having a week as the time step.
But what was surprising was to see so many attempts to break in!
The website was absolutely static at the time, and any attempts were just in vain, even funny.
I even wanted to create an artificial Word-Press login page just for fun.
Everything changed when I uploaded the forum software (phpBB). Suddenly the attacks become clever, touching the right points. The bots were passing the image captcha and were placing some strange messages. Nothing drastic, just creating backlinks to some webpages, like doctors' offices - whoever ordered a google search boost.
This would make sense only if repeated many times on many forums. So, such advanced software, capable of completing forum registration, including answering email confirmation and passing the captcha, just for this. (Or was it an actual human.)
I have panicked, and I have removed those users in bulk. (Even one real user, sorry!)
The solution was quite unexpected.
One has to replace the captcha with a simple test question. How good that we have a kind of subculture on PCB design/manufacture.
The bots are known to google the question and try combinations of Google answers. Very advanced, very interesting.
Now, how to form a query to make google stupid? "Not knowing" is not the best idea, as Google knows a lot. One must let some more popular topic prevail.
For example, the green mask (our, typically-green lacquer) will be overwhelmed by the existence of a "green" beauty product to be placed on a human face.
Awesome. No bot has passed thru till now.
I hope I didn't go too far on this.