Greenguy's Board - View Single Post - Hey, List Owners With Captcha, Give Webmasters A Break

Viper · 2008-02-05, 03:28 PM

As a programmer, I can tell you right now that there is currently no way for anyone to stop auto-submitters via your forms.. Captcha can be bypassed and more and more auto-submitters will be building that into their software as time goes on... All these methods really do is push the real submitters away and you end up with primarily auto submitted stuff which will tend to redirect or install exploits etc.

For the idea of putting on a question.. Here's how I would overcome that... First thing I do is reload your form a bunch of times to get a bunch of your question... (a group of guys that auto-submit a shit load could have some lackey check your form a couple times a week and do this as necessary)... Then I put the questions and answers in my DB. Another thing I do is have a script monitor your submit form.. You change it and I get flagged to check it out and see if I need to make changes to my script. So now my autosubmitter goes to your page and if I recognise the question, I submit.. If I don't, then I reload until I find a question I know. If my autosubmitter reaches some threshold of reloads, it stops and flags me so that I have to go to your site and grab a bunch of your new questions... then I reset and away I go again... If you use "simple" questions, I can actually code it in so that I can answer them automatically. Let's say you actually write code to monitor your page to see if the page is reloaded a bunch of times before submitting and you stop that.. no problem, I'll just use some proxies... and the bigger auto-submitters are going to have multiple cheap dial-up accounts to be able to do this stuff as well.

Instead of trying to stop all these auto-submits, ask yourself WHY you want to stop them... Is it because they end up redirecting etc.? Then set up a program to scan your DB to auto-delete sites that end up doing that.. Is it because they change the site? Then implement code to store a CRC32 or MD5 of all 4 pages and then scan the pages and delete the site if they change... Get more active in banning domains, IP blocks, registrars, nameservers and affiliate IDs on the sites... Don't accept sites where the nameserver is some other site or the same as the domain that's been submitted... Don't allow submissions that are coming from servers... And more...

All of this stuff should be part of your DB software and be automatic for the most part. You need to fight technology with technology but just be aware that you will always be behind and playing catchup. I hate cheating submitters and I've been battling these guys for a long time now... I do all of this stuff on my TGPs and it makes a big difference. It's allowed me to keep my submit forms completely open for 5 years now.

By the way.. I'm currently hand submitting some free sites and it's just not cost effective from the amount of traffic/sales that are generated... I'm seriously considering auto-submitting...

2008-02-05, 03:28 PM	#12
Viper Just because I don't care doesn't mean I don't understand! Join Date: Mar 2006 Location: West Coast, Canada Posts: 98	As a programmer, I can tell you right now that there is currently no way for anyone to stop auto-submitters via your forms.. Captcha can be bypassed and more and more auto-submitters will be building that into their software as time goes on... All these methods really do is push the real submitters away and you end up with primarily auto submitted stuff which will tend to redirect or install exploits etc. For the idea of putting on a question.. Here's how I would overcome that... First thing I do is reload your form a bunch of times to get a bunch of your question... (a group of guys that auto-submit a shit load could have some lackey check your form a couple times a week and do this as necessary)... Then I put the questions and answers in my DB. Another thing I do is have a script monitor your submit form.. You change it and I get flagged to check it out and see if I need to make changes to my script. So now my autosubmitter goes to your page and if I recognise the question, I submit.. If I don't, then I reload until I find a question I know. If my autosubmitter reaches some threshold of reloads, it stops and flags me so that I have to go to your site and grab a bunch of your new questions... then I reset and away I go again... If you use "simple" questions, I can actually code it in so that I can answer them automatically. Let's say you actually write code to monitor your page to see if the page is reloaded a bunch of times before submitting and you stop that.. no problem, I'll just use some proxies... and the bigger auto-submitters are going to have multiple cheap dial-up accounts to be able to do this stuff as well. Instead of trying to stop all these auto-submits, ask yourself WHY you want to stop them... Is it because they end up redirecting etc.? Then set up a program to scan your DB to auto-delete sites that end up doing that.. Is it because they change the site? Then implement code to store a CRC32 or MD5 of all 4 pages and then scan the pages and delete the site if they change... Get more active in banning domains, IP blocks, registrars, nameservers and affiliate IDs on the sites... Don't accept sites where the nameserver is some other site or the same as the domain that's been submitted... Don't allow submissions that are coming from servers... And more... All of this stuff should be part of your DB software and be automatic for the most part. You need to fight technology with technology but just be aware that you will always be behind and playing catchup. I hate cheating submitters and I've been battling these guys for a long time now... I do all of this stuff on my TGPs and it makes a big difference. It's allowed me to keep my submit forms completely open for 5 years now. By the way.. I'm currently hand submitting some free sites and it's just not cost effective from the amount of traffic/sales that are generated... I'm seriously considering auto-submitting...