 |
 |
||||
 |
 |
||||
 |
|||||
|
|||||||
 |
|
|
Thread Tools | Search this Thread | Display Modes |
11-03-2000, 12:21 PM
|
#1 |
|
Big Jerk
Join Date: Oct 2000
Location: Netherlands
Posts: 835
|
Programmers Discussion - How to Code cheat prevention?
Hi Guys,
As some of you perhaps know i am a programmer  Being a CJ(2)-Webmaster for not that long I thought of starting this topic: how can we build scripts/programs to prevent from being cheated?Well ofcourse there are some ways, but I thought by bundling our powers we could perhaps make better detections? I've a couple of ideas myself, perhaps that some of you can (in)validate them? But before i start: does anyone know good resources for bots (you obviously need this knowledge to be able to defeat them) - First of all we have the lamers of IMG-Srcing, Frame Reloading and Frame-0 sizing but these can be simply detected by prod. levels [anything below 15% is suspicious, below 10% very suspicious, 5% 99% cheater, 0% 100% cheater or broken script ]- Then we could do a set-cookie and a get-cookie to detect the most stupid bots... - We could obviously check for ip's and referers [same ip of the same referer 90% of the time is suspicious] - Click pattern? [somewhat hard to code ] thus: each time 1 click, 2 clicks, 1.2 clicks, [or some other nice number] etc?- strstr(getenv("USER_AGENT"), "bot") (or "Bot", "bOt", "boT", "BOt", "bOT", "BOT") That's it for now: can't think of anything more now... Your opinions please? Greetz, Much0S |
|
|
|
11-03-2000, 03:21 PM
|
#2 |
|
Registered User
Join Date: May 2000
Posts: 31
|
Kind of off the subject here.
You seem like you can solve alot of java problems. I am having trouble with my site. Can you check it out and give me some advice what I can do. The site is http://hardcorelinxxx.com . When you visit the site click on one of the pics at the top to enlarge them. Now close that window. Then either click back or close the main site. No exit will pop =( For some reason when anyone clicks on one of those pics it breaks the exit comand. Any suggestions? Thanks |
|
|
|
|
11-03-2000, 04:15 PM
|
#3 |
|
Big Jerk
Join Date: Oct 2000
Location: Netherlands
Posts: 835
|
In your <A HREF=xxx> line you've "onClick='exit=false'" remove that and it should work out fine.
If not let me know |-) Much0S |
|
|
|
|
11-03-2000, 04:29 PM
|
#4 |
|
Registered User
Join Date: May 2000
Posts: 31
|
I feel so stupid. I put that there so the exit would not pop when that link was clicked. I forgot I don't need that since it is target="_blank". hehe
Thanks |
|
|
|
|
11-03-2000, 04:44 PM
|
#5 |
|
Big Jerk
Join Date: Oct 2000
Location: Netherlands
Posts: 835
|
np
|
|
|
|
|
11-03-2000, 06:11 PM
|
#6 |
|
Big Jerk
Join Date: Mar 2000
Location: Boucherville
Posts: 1,435
|
I think that cheater-proof solution shouldn'T be posted here
may be hitbot programmers around |
|
|
|
|
11-03-2000, 07:50 PM
|
#7 |
|
Big Jerk
Join Date: Apr 2000
Location: Canada
Posts: 203
|
If I were a cheater, this is what I would code. Maybe it can help you think of how to protect against it.
When run, my hitbot would do the following: 1. Select a random proxy from a list of a few thousand or so. 2. Connect to your site through the proxy, and identify itself as MSIE, with refering url set appropriatly. 3. Start clicking. Totally random, maybe 5-10 times somewhere on the page. 4. Do step 1 through 3 recursively for every trade that was opened. Does that scare anyone? Productivity wouldn't be abnormal, it would be tuned to blend in. The only immediate problem with this system is repeating IPs. Other then that... I wouldn't notice if that was happening to me. redbomb (studio) 63936161 |
|
|
|
|
11-03-2000, 08:40 PM
|
#8 |
|
Wee Jerk
Join Date: Nov 2000
Location: hometown
Posts: 5
|
Well, since *all* variables etc can be spoofed I run a mysql-driven heuristic script that that compares what the sending (offending?) webmaster's surfers click on to my site-wide average, ex:
say link 1 gets 6% sitewide link 2 gets 12% etc, etc So now if anyones "clicks" are way off that average... that's a nice red flag. Very hard to cheat as the bot *cannot* know my daily internal average. |
|
|
|
|
11-04-2000, 12:33 AM
|
#9 |
|
Big Jerk
Join Date: Mar 2000
Location: Boucherville
Posts: 1,435
|
from now, the only way I see to block that is block access from proxies to the in.cgi script and to the out.cgi script
altho blocking all proxies make us loose some visitors. my 2 cents Jimbo |
|
|
|
|
11-04-2000, 03:56 AM
|
#10 |
|
Big Jerk
Join Date: Oct 2000
Location: Netherlands
Posts: 835
|
The proxy thing doesn't seem to hard to handle? You simply make a database of thousands of proxies and if 80-90% of a user of a website is coming from a proxy it probably isn't good.
Furthermore no idiot clicks 5-10 times on a link, so you can statistically proof that if somebody(thing) clicks more than 2*StandardDevition+AverageClick that it's 95% chance that you are being cheated But again, does anyone know a good resource for bots? I always say: if there is a way to make it, there must be a way to brake it Greets, Much0S |
|
|
|
|
11-04-2000, 03:26 PM
|
#11 |
|
Wee Jerk
Join Date: Nov 2000
Location: hometown
Posts: 5
|
anyone have a good (large) list of "open" proxies?
|
|
|
|
|
11-07-2000, 09:19 PM
|
#12 |
|
Big Jerk
Join Date: Dec 1969
Location: Fortaleza, CE, Brazil
Posts: 475
|
Hey Jimbo, you could send (redirect) all visitors with proxies to a FPA or sponsor site, so I'll not loose the visitor, and may be make a buck or two.
(proxy on): "Fake" visitor (hitbot) => sponsor page => bye cheater "Real" visitor => sponsor page => money, thank$ $surfer! |
|
|
|
|
11-12-2000, 01:23 AM
|
#13 |
|
Big Jerk
Join Date: Oct 1999
Location: Hidden canadian grow house =) Yeah i grow pot, SO WHAT?
Posts: 770
|
you can get bots that will scan IP blocks for proxies.
__________________
ICQ 41830788 |
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
|
|
All times are GMT -5. The time now is 11:53 PM.