Clever Bots

The is the core forum of BFC. It's all about informal and random talk on any topic.
Forum rules
Post a new topic to begin a chat.
Any topic is acceptable, and topic drift is permissible.
Post Reply
User avatar
yogi
Posts: 6411
Joined: 14 Feb 2015, 21:49

Clever Bots

Post by yogi »

Just thought I would mention the reason for the new slot at the top of the index page. It's merely a message for humans who would by some stroke of luck want to become a member and register their intent. Previously the normal registration page would show up if you wanted to join in, but apparently the bots have figured out how to answer those innocuous questions I ask prior to letting them register. So, now the site admin is getting a LOT of requests from robots of various genre. One obvious way to stop that is to put a halt to any registration at all. This is good, but that eliminates any real humans who might have a desire to merge with us. Thus, the message now is to send the admin an e-mail and instructions on registering will be sent.

Before we upgraded to the current level of phpBB software there was a clever CAPTCHA puzzle that had to be solved. The upgrade broke it and thus we had to resort to the Q&A routine to get past the gatekeeper. That only works for so long, and that time apparently has expired. There is a possible fix for the old puzzle, and I will investigate that at my leisure. The maintainer of the extension seems to have other things to do besides maintaining his software. The last resort would be any number of re-CAPTCHA variants, Google having the most popular one. Going that rout involves using the provider's API, which is necessary for them to process the inputs for us. I've hesitated doing that in the past because it also gives them tracking information about this site. It's not a BIG deal, but it's a deal. So, I will try the fix and maybe re-CAPTCHA. I'm not expecting any new interest in this site, but you never know.

:mrgreen: :grin: :lol:

User avatar
Kellemora
Posts: 4077
Joined: 16 Feb 2015, 17:54

Re: Clever Bots

Post by Kellemora »

I still mention it to a few folks from time to time. But most of those I do talk with are either editors or writers with no time for anything else on their plate. Or a few of the nonsense ones I don't mention anyplace else too, because they are a pain where they are at, hi hi.

One crafts gal I tried to get to join, because she likes talking about more serious things, and does like to gab.
She said no, she only pick who she wants to talk to and don't want others asking her things.
She makes friends who pick her brain to pieces and after they get what they wanted to know, they disappear.
I've had a lot of writer friends like that too!

Interesting the BOTS can figure out the answers to questions though. Unless they are capable of seeing your answer key.

I had a retail customer once figure out the password to my wholesale price list that only dealers could get in to see.
I still never figured out how they managed to do it. First off, the file was sorta hidden. I used an asterisk as the key for the link to the page, but even if you clicked on it, the only thing that appeared on your screen was the password request box. The password was fairly simple to be easy for dealers to remember. It was just their account number but started with a W and ended with a P, and I had to have it in my list of passwords. Now I did not use a database, it was written right in the html coding at first. It was so long ago now, I don't remember exactly how I did it. This was before I changed to XHTML/CSS and didn't use those hidden pages anymore, because I now had a mfgr. rep. who bought all of my product and handled everything else for me as far as sales to distributors went. No more direct sales, so no need for a price list.
I'm sure there are now better ways of doing things, still in HTML5 than how I did things in the early years of HTML.

User avatar
yogi
Posts: 6411
Joined: 14 Feb 2015, 21:49

Re: Clever Bots

Post by yogi »

This is not my first experience with bot registration. When the site first went online there were no countermeasures. There was no need for them because there were not that many bots. Now the entire Russian, Chinese, and Iranian intelligence community scan the entire Internet on a daily basis looking for vulnerabilities. These are not your ordinary hackers. They are state sponsored and out to do some serious damage. Why would they bother with us? It's just too difficult not to look for something, so they put all their vulnerable eggs in one basket so to speak and see what hatches.

It would be wonderful if I knew the exact mechanism by which they solve the puzzles. Most but not all the questions asked require some thinking and not just looking things up on Google. Each security question has a table of answers, but I don't think that is what they are looking at. If they were able to hack that far into the site structure, there would be no need for them to register. They could just take over and post anything they want. My suspicion is that Artificial Intelligence is involved. It's almost like a human and not that difficult to determine the correct response.

Hiding passcodes inside the HTML is the worst possible way to go about things. It's plain text to begin with and the source code for all sites is easily viewed in any browser. That's why people use databases to store passcodes. Even if you see the site code, all you see is the variable assigned to the passcode and not the passcode itself. In our case so many failed logins will cause a delay before you can try again. When the bots run into that, they simply change their IP address and try again.

I've seen the Google re-CAPTCHA and it's pretty cool. It's a jigsaw puzzle of small order; maybe only 9 pieces. Your task it to complete the puzzle. If you do it too quickly, they give you another puzzle, and a third one if they really can't verify that you are a human. It's pretty slick and I don't know how they do it, but all the decoding is done on Google's servers. That's why you need the API to use it.

WSAHM
Posts: 3
Joined: 20 Feb 2015, 14:06

Re: Clever Bots

Post by WSAHM »

Oh my goodness gracious, crazy-making stuff! You my friend are one patient persevering webmaster willing to work endless hours to resolve issues! Kudos to you, Dennis! You are amazing!

User avatar
yogi
Posts: 6411
Joined: 14 Feb 2015, 21:49

Re: Clever Bots

Post by yogi »

I'm retired and have nothing better to do. :lol:
I DO appreciate you kind words nonetheless. I enjoy doing and learning technical things. Keeps the mind fresh, you know?

User avatar
Kellemora
Posts: 4077
Joined: 16 Feb 2015, 17:54

Re: Clever Bots

Post by Kellemora »

When I hit sites with those Captcha's I may try once or twice, but then I will usually leave unless there is a really important reason I need to get into their site.

In the early days of HTML there were not so many bots to worry about, so I got by with doing it that way.
I can't be certain, but it seems like when I first switched over the XHTML/CSS I put the answer key in the Style Folder.
But shortly thereafter I started only using one mfg. rep. so no longer needed a wholesale price list available.
That was so long ago now, I don't recall what I did or even if I did it at all.
I was so busy working with other things using the XHTML/CSS building that multi-tiered website I never put on-line. After all that work I ended up moving on to something else. Something where I could make a couple of bucks, hi hi.

I have sorta of a dumb question to ask.
I have an 8-port gigabit LAN switch, and have used all 8 ports since I added the WiFi access point up here in my office.
The Silver Yogi has a WiFi Card in it, but I'm still hard wired to the LAN and not using the WiFi card.
I tried using it as an access point only to find out WiFi cards don't work that way, hi hi.
Which is why I bought a cheap Access Point, which works great by the way. Better than it should for the cheap price.

I brought my little Netbook up here to my office to upgrade the OS, it was still version 8.
Normally I would just use a LAN cable and plug it into the LAN switch.
Instead I logged into the WiFi for the Access Point up here. It was already set to log into the WiFi in the house. So I had to enter the passcode to access the access point. It did just fine doing that.
Although I had previously downloaded the new OS and made a DVD for the install.
I took a blank USB stick and tried downloading over the WiFi to it. Didn't work.
Figured out I needed to download the file to the computer, then make a bootable USB stick in order to install from it.

It only took about 8 minutes to download the OS on my computer, but when I did so over the WiFi onto the Netbooks HD, it took well over 20 minutes.
Is that because the Netbook is slower, or because WiFi is slower than a gigabit LAN?

I don't have time to try doing it on the Silver Yogi just to see if the LAN is faster than the WiFi.
FWIW: The Access Point is NOT used as a Repeater. The WiFi is hardwired to the LAN which goes directly to the Router.

User avatar
yogi
Posts: 6411
Joined: 14 Feb 2015, 21:49

Re: Clever Bots

Post by yogi »

At the risk of stating the obvious, your network speed, down or up, will only be as fast as the slowest element of your network. Thus, your ISP might be sending you data at GB speeds, but if that WiFi card maxes out at 300 MBs, then you will only see the top speed of the WiFi Card. You have speed control in all the hardware connected to your lan, i.e., the modem, the router, the switches, the NICs , and WiFi cards. Typically WiFi is the slowest of the lot and I'm certain the Silver Yogi's WiFi could be upgraded.

The fact that you can't download an OS over the WiFi card - at least I think that is what you are telling me - seems more than a little odd. It might be slow, but it certainly is capable. I've made USB memory sticks using software that downloads the .iso from the repository and did it using the WiFi connection of my laptop. The most common method, however, is to download the iso to your computer where you can do a checksum verification or other validation of the download. Then you would run a program, such as mkusb in LInux or Rufus in Windows to create the OS on a Stick. And, if you are crazy like me, you can do it all inside a virtual box to isolate the stick OS from the rest of your LAN. There probably are other ways to go about it too, but those are the ones I'm familiar with.

User avatar
Kellemora
Posts: 4077
Joined: 16 Feb 2015, 17:54

Re: Clever Bots

Post by Kellemora »

Oh, the OS did download OK, it just took like a half hour longer is all.
Where I messed up was trying to save the ISO directly to the USB stick.
There was no option to make it bootable doing it that way.
So I downloaded it onto the computer then saved it as a bootable ISO to the stick.
It worked as it should that way without any problems.

Going back a few years when I used LAN Hubs instead of LAN Switches, 10/100 days, having a computer that was 10 plugged into the Hub slowed down the entire system to only 10.
Now with the LAN Switch, which is 10/100/1000, I can plug an older 100 computer into the switch and the 1000 computers still run at 1000.
Even though my Router is 200 feet of LAN cable away from the switch in my office, I still get the 1000 speed, which is good.

My KVM and my LAN Switch are now both over ten year mark, well maybe not the LAN switch because I replaced it a long time ago, swapped out the 10/100 for the 10/100/1000 one, but it has to have been more than 8 years ago now. I can look it up since I do keep all that data on hand, in a file, somewhere, hi hi.

Post Reply