java – Search for "bots" and their messages

Question:

There is a project in which bots are registered too often and spam as soon as they can.

Is there a solution for finding bots and their messages?

Register approximately similar names (admin1, admin2, admin, …, adminN) Messages they also have the same content. At the moment, there is a regular season to fight PR, which holds them back more or less, but due to frequent rounds and the release of new fixes, the regular season already exceeds 1000 characters in length. In fact, the dictionary is already in the regular season.

Is there some kind of out-of-the-box solution to deal with such a problem? It is assumed that the messages will begin to change and I would like to be able to analyze the previous messages of the bot in order to identify a certain% of similarity and block them.

A Java solution is desirable.

Answer:

Because bots are often registered from IPs of foreign countries (more often – countries of the "third world"), I recently decided to block certain IP ranges by subnets in the Apache settings. This eliminated a large number of not only bots, but also pests trying to look for phpMyAdmin directories, etc. In addition, I added the functionality of answering simple questions (with rotation of questions) during registration. A potential user can easily answer the question (I have a highly specialized resource on Linux, I ask about distribution families), and an attacker, even if he is a human, is unlikely to look for an answer. Just in case, I will give here a part of the config in which I block IP ranges (when I did, I found these lists somewhere on the Web). The solution may not be one hundred percent, but it helped me.

Order allow,deny
Allow from all
# AfriNIC:
Deny from 41 102 105 197
# APNIC:
Deny from 1 14 27 36 39
Deny from 42.0.0.0/7
Deny from 49
Deny from 58.0.0.0/7
Deny from 60.0.0.0/7
Deny from 101 103 106
Deny from 110.0.0.0/7
Deny from 112.0.0.0/5
Deny from 120.0.0.0/6
Deny from 124.0.0.0/7
Deny from 126 133 175 180
Deny from 182.0.0.0/7
Deny from 202.0.0.0/7
Deny from 210.0.0.0/7
Deny from 218.0.0.0/7
Deny from 220.0.0.0/6
# LACNIC:
Deny from 177 179 181
Deny from 186.0.0.0/7
Deny from 189
Deny from 190.0.0.0/7
Deny from 200.0.0.0/7
# Networks:
Deny from 3 6 9 11 13 15
Deny from 16.0.0.0/6
Deny from 20.0.0.0/7
Deny from 22 25 26
Deny from 28.0.0.0/7
Deny from 30 33
Deny from 34.0.0.0/7
Deny from 38 40 44 47 48
Deny from 51
Deny from 52.0.0.0/6
Deny from 56.0.0.0/7
Deny from 214.0.0.0/7
Scroll to Top