There is a project in which bots are registered too often and spam as soon as they can.
Is there a solution for finding bots and their messages?
Register approximately similar names (admin1, admin2, admin, …, adminN) Messages they also have the same content. At the moment, there is a regular season to fight PR, which holds them back more or less, but due to frequent rounds and the release of new fixes, the regular season already exceeds 1000 characters in length. In fact, the dictionary is already in the regular season.
Is there some kind of out-of-the-box solution to deal with such a problem? It is assumed that the messages will begin to change and I would like to be able to analyze the previous messages of the bot in order to identify a certain% of similarity and block them.
A Java solution is desirable.
Because bots are often registered from IPs of foreign countries (more often – countries of the "third world"), I recently decided to block certain IP ranges by subnets in the Apache settings. This eliminated a large number of not only bots, but also pests trying to look for phpMyAdmin directories, etc. In addition, I added the functionality of answering simple questions (with rotation of questions) during registration. A potential user can easily answer the question (I have a highly specialized resource on Linux, I ask about distribution families), and an attacker, even if he is a human, is unlikely to look for an answer. Just in case, I will give here a part of the config in which I block IP ranges (when I did, I found these lists somewhere on the Web). The solution may not be one hundred percent, but it helped me.
Order allow,deny Allow from all # AfriNIC: Deny from 41 102 105 197 # APNIC: Deny from 1 14 27 36 39 Deny from 188.8.131.52/7 Deny from 49 Deny from 184.108.40.206/7 Deny from 220.127.116.11/7 Deny from 101 103 106 Deny from 18.104.22.168/7 Deny from 22.214.171.124/5 Deny from 126.96.36.199/6 Deny from 188.8.131.52/7 Deny from 126 133 175 180 Deny from 184.108.40.206/7 Deny from 220.127.116.11/7 Deny from 18.104.22.168/7 Deny from 22.214.171.124/7 Deny from 126.96.36.199/6 # LACNIC: Deny from 177 179 181 Deny from 188.8.131.52/7 Deny from 189 Deny from 184.108.40.206/7 Deny from 220.127.116.11/7 # Networks: Deny from 3 6 9 11 13 15 Deny from 18.104.22.168/6 Deny from 22.214.171.124/7 Deny from 22 25 26 Deny from 126.96.36.199/7 Deny from 30 33 Deny from 188.8.131.52/7 Deny from 38 40 44 47 48 Deny from 51 Deny from 184.108.40.206/6 Deny from 220.127.116.11/7 Deny from 18.104.22.168/7