Jump to content
puggybelle

Can I limit the number of words entered in account creation?

Recommended Posts

6 hours ago, JcMagpie said:

From my testing it made no change . I have honey pot and google recapatch running between them 99% of bot's were stopped niether stoped the human idiots

OK, thanks. But just to be clear in case someone is reading this, the current, released, version of Honey Pot doesn't have the check for the number of words in a name. The unreleased version does and I hope to get it uploaded this weekend.

Share this post


Link to post
Share on other sites

My attacks were not the same as @puggybelle the names were normal length and no ad's were part of the account. What they had was script in the address lines in some and some had just fake addresses. None had actualy logged in.

I spoke with my host about this and the first thing they did was inform me that if any of my sites had unscured form's and was hacked it would be susspended untill it was cleaned and all forms secured! Luckly all live site were already secure with google and they did not have an issue. The problem was with Frozen and Phoenix test sites. We then secured most of them keeping 2 for testing.

So why were they attacking the account page? Well I tested on one site and selected to edit one of the fake account, it then became clear what they were after as on about the 5th or 6th fack account I opend and edited the site crashed as the db was messed up, simply opening and editing the account and then saving it caused the db to crash. Most of these fake accounts had script in the address lines. What It's intentions are i have no idea but i dont think they were good.

On the second site I then changed the input lenght on the fileds in the data base to limit the lenght of characters per line , but the attack still continued just the bits saved were trimed to the lenght set. I imagine the bots just look for an input box and dump stuff into it.

As i said I belive you need to lock the door and put a few bolts on it as well.

1) I use HoneyPot it reduced the number

2) Added Google recapatcha and they droped by about 95% in total

3) Added a long resubmit time in admin and it reduced the human idiots as I imagine they are not too keen on siting around for 30min before they can try again.

Sound's like the new HoneyPot will do most of this so I'm sure that will be welcome by users.


 

Share this post


Link to post
Share on other sites

Just to see how active the @puggybelle  attack on osC is I removed Google capatch from one site about 2 days ago and it was under atack within a few seconds of the capatcha beeing disabled. This is what it looks likes......

image.thumb.png.b0b5107cf6207ba57d7178e9a1344a90.png


 

Share this post


Link to post
Share on other sites

@JcMagpie - Welcome to MY world!  😛

It's not unusual to see one or two of these things every month, but...I've been getting bombarded with it for the last week or so.

Dozens of these every day now.

I guess spammers are really ramping things up for the holiday season!

- Andrea

Share this post


Link to post
Share on other sites

I've been seeing a lot of these fake accounts this week as well. I use cloudflare cdn firewall to challenge the countries they are coming from....Hungary, Latvia etc. It's working quite well. I refuse to inconvenience my customers with a captcha.


The water in a vessel is sparkling; the water in the sea is dark. The small truth has words which are clear; the great truth has great silence.

- Rabindranath Tagore

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×