Here is how to protect your forum from XRumer, at least for now
- Thread starter bcc423
- Start date
Not even 2 minutes... and it is beat.
Check your logs (if you have anything to track it)
You need to learn more about automation (or even xrumer) before you start telling people you can beat us with a retarded little script... for future reference.
Not going to help you out any further... there are many scripts better than your homemade version.
Same user with the same cookies from the same ip and/or user agent?
That could easily be combated with a simple limit on registrations.
I didn't include that in this proof of concept.
Try doing it for real as you would do in production with proxies 'n shit.
That could easily be combated with a simple limit on registrations.
I didn't include that in this proof of concept.
Try doing it for real as you would do in production with proxies 'n shit.
Also, if you need unique urls for the database, just append some random parameter
http://www.wickedfire.com/redirect.php?url=http://70.121.224.218:9095/register_form.jsphttp://70.121.224.218:9095/register_form.jsp?something123423=dsf234ffg
And make as many of them as you need.
I'm just not sure if XRumer can be run "as for real" with just one url.
http://www.wickedfire.com/redirect.php?url=http://70.121.224.218:9095/register_form.jsphttp://70.121.224.218:9095/register_form.jsp?something123423=dsf234ffg
And make as many of them as you need.
I'm just not sure if XRumer can be run "as for real" with just one url.
Dude, I wasn't even using anything to hide it. I could use many things ... but like I said, I make money, I don't make money by giving you evidence on how to block your site from the wrath of xrumer. Good luck.
Oh and if you think it is a problem with xrumer, it isn't the only automation software. :smilie_weihn_winki:
I know, and that's why regs were successful. Normally, they would be caught by more basic filters.
The whole point of this approach is to make sure that you can't "repeat" the same steps if you try to hide your info.
So in combination with basic limits, you wouldn't be able to do much.
I just don't have those basics implemented, since it's not a real reg system.
Some stats from a production box. Busy little fuckers 
Code:
visnum | ctime | ip | substring | substring | substring
---------+----------------------------+---------------------------+-------------------+-------------+-------------------------------
6431284 | 2010-01-01 15:08:19.136-05 | 127.0.0.1, 201.68.5.160 | vnz-vsloven | 123456789 | 9150007020@mail.ru
6429666 | 2010-01-01 12:59:18.027-05 | 119.247.79.180 | icomenao | someboi | maplism@gmail.com
6427654 | 2010-01-01 10:04:26.374-05 | 127.0.0.1, 83.146.112.130 | cgcgreality | 111111a | 915qaq@mail.ru
6426648 | 2010-01-01 07:47:40.847-05 | 92.113.66.96 | ruscgirlss | Russian7 | naroonq3@ukr.net
6425761 | 2010-01-01 06:04:13.646-05 | 119.247.79.180 | icomenao | someboi | maplism@gmail.com
6425483 | 2010-01-01 04:56:16.684-05 | 88.85.212.126 | John breaphsap | sQhQo2v836 | pornoworld123@mail.ru
6425382 | 2010-01-01 04:35:02.795-05 | 91.202.207.224 | InitStintyref | 7ccyDTo378 | crqfusud@mail.ru
6425327 | 2010-01-01 04:23:57.622-05 | 95.25.186.199 | fluislomo | pam2233 | kirstinshepley99@gmail.com
6425313 | 2010-01-01 04:21:30.387-05 | 196.40.10.250 | rebaslimg | Blast159 | reba@theonlyemail.com
6423962 | 2010-01-01 01:08:06.122-05 | 196.40.10.250 | rebaslimg | Blast159 | reba@theonlyemail.com
6423721 | 2010-01-01 00:46:37.872-05 | 95.71.101.92 | mihatatu | 123456789 | mihatatu@mail.ru
6423488 | 2010-01-01 00:27:03.241-05 | 69.175.10.90 | anydayJef | uWzCY3b139 | messickbeeman@gmail.com
6422821 | 2009-12-31 23:29:41.906-05 | 64.191.50.99 | MikeAi | pass1525 | asdasd24234a@aol.com
6421428 | 2009-12-31 21:20:04.777-05 | 66.176.211.237 | CheapAdderall | 1zQTNyh588 | hus.hok70@gmail.com
6418291 | 2009-12-31 17:20:20.593-05 | 91.214.45.233 | Cydaymaypenam | AQ9KtFI236 | Cydaymaypenam@newinbox.info
6417073 | 2009-12-31 15:42:41.732-05 | 95.25.186.199 | ApetPeessat | pam2233 | latricefrisina70@gmail.com
6414908 | 2009-12-31 12:55:56.264-05 | 92.113.116.253 | ruscgirlss | Russian7 | naroonq3@ukr.net
6414672 | 2009-12-31 12:40:24.971-05 | 127.0.0.1, 201.68.5.160 | CheapAdderall | 1zQTNyh588 | hus.hok70@gmail.com
6413841 | 2009-12-31 11:49:18.41-05 | 95.24.221.130 | gyclalsvaxy | lIQX7xV286 | wanessawallenchtain@gmail.com
6413260 | 2009-12-31 11:15:21.589-05 | 95.24.221.130 | Rinsaxiogiask | FTYj893 | laurabombaniero@gmail.com
6411758 | 2009-12-31 09:33:42.494-05 | 196.40.8.34 | petermorrison79 | 123456789 | accounts@drugshome.org
6408754 | 2009-12-31 01:00:33.439-05 | 24.131.181.199 | obenezessGype | RphCqYw381 | mymail78@aaip.net
6408664 | 2009-12-31 00:49:26.38-05 | 80.149.88.131 | PaidOnlineSurveys | 4qhd2tz519 | bfmark662@gmail.com
6405872 | 2009-12-30 20:53:21.899-05 | 77.242.37.5 | Usequeenabede | nH2rmb677gg | pseutsfueli@kibermail.com
I care about you and your business just as little as you care about me and my business.
So the whole argument (made by you and a few others here) about how you can and will continue hitting thousands of other forums is way off the mark.
I don't give an ounce of shit about what you do to other forums. I'm not on some sort of anti-spam crusade.
I just want to see if automation software really can beat ANY kind of defense system as was implied earlier.
This is just for sport, simply something else to do between making money and looking at boobs.
So far, no one has beat it, aside from the case with 070707. And with that particular instance, I simply wasn't expecting the kind of "lameness" he demonstrated. That's why I didn't code against it.
You do know xrumer can skip the div's with style="display:none;" right?
If you really want me to test your shit, hit me on AIM tomorrow and I'll go for it with ya.
If you really want me to test your shit, hit me on AIM tomorrow and I'll go for it with ya.
Always code against lameness first. That will solve 99% of your problems; unless you have a site like craigslist, the other 1% you can usually deal with manually.
But I think after this thread, the only real defense you'll have is to move the forum to another server.
It twasn't me, it twas teh hemorrhoids. Anyways, good luck with the crusade against forum sign-ups. (It is a new year, and I am required to be nice, now.) :smilie_weihn_winki: