Create an Account
username: password:
 
  MemeStreams Logo

Bad Behavior Anti-bot Screener not very good
search
Home Agent Weblogs Social Network Post Help About

Acidus
Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Bad Behavior Anti-bot Screener not very good
Topic: Miscellaneous 12:57 pm EDT, Aug 17, 2009

Instead, Bad Behavior pioneered an HTTP fingerprinting approach. Instead of looking at the spam, we look at the spammer. Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, “shockingly effective.” After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldn’t be spammers.

Ran across a blog "protected" by this today. Pretty liberal use of the word "fingerprint." It doesn't even check if the "Accept" header value is valid for a given "User-Agent" header. In fact, base bones all you need is:

GET / HTTP/1.1
Accept: */*
Host: [host]

blog.xmpp.org uses this so you can play with any HTTP editor.

Bad Behavior Anti-bot Screener not very good

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0