By Romain Wednesday, February 21 2007 - 20:11 UTC - Tech - Permalink
The previous article on spam bots was focus on using generation of the document itself by adding dynamic content (JavaScript) or a random fields... By the way, Jungsonn follows with a clever technique of the same kind.
Today, I was looking at the logs of a phpBB forum we have in an association where we have lots of spam; okay phpBB is famous and maybe not the most secure but well... there is some prevention (modules such as CAPTCHA) for this and the webmaster installed lots of them...
I was quickly able detect manually the bots actually, this is something like same processes even if they introduced lots of variations and of course a detection system cannot be time based because they prevent this.
So we can easily see that it's tricky to automatically detect a bot without learning machine, SVM etc. but it's not my point here.
If I cannot easily prevent them coming on the website or track them, I can at least manipulate in some way:
Fake login page which cannot be seen by a user (<a href="login.php?sid=THE SESSION ID" style="display:none">Login</a>; As display:none can be easily detected by the bots we can trick this with the JavaScript "expression" evaluation in CSS...) and in the fake page adding some information in the cookie/session such as SESSION['BOT'] = 'DETECTED' etc.
We also need a verification script embedded in every page which would do generate a blank page or something like that... Don't forget also to ban the IP address.
I will try to develop this idea and test it because now, I have no proof that it can work properly. Furthermore, it also need the bots not to support CSS a/o JavaScript.
Last comments