Home ยป Forum ยป Bug Report and Feature Requests

Forum: Bug Report and Feature Requests

Suggestion to help the click click bot problem.

Gat0r8er ๐Ÿšซ

I noticed that when I was reading the stories that when I did the first click that I did not have to move the mouse for the second click. I got to wondering and came up with 3 suggestions that may help if they are feasible. 1) move the second click to a different position on the page. 2) make the position of the second click move to different locations on the page at random but not back to where the first click is. 3) after you make changes 1 or 2 make a change that a second click on the first click location will exit you from SOL (or possibly somewhere else, that will put him into some sort of a loop if you want to be really nasty).

Gator8er

Replies:   LupusDei  Ernest Bywater
LupusDei ๐Ÿšซ
Updated:

@Gat0r8er

move the second click to a different position on the page

I'm not a pro on it nor know the state of the art in that... but while in theory to simulate a click on certain coordinates is possible, that's the hard way and not how the bots would normally do it, imho, instead they would at most look the button up in the page code and call a click on that object. But really, they would just try simulate the call ssent to server when you click the button directly. Eiter of that doesn't care where on screen (or off, or occluded by other objects) the button might be.

So all your suggestion does is impose a needless activity on a human user, while makes no difference from a bot viewpoint.

Sure, if that mouse action is recorded that very difference in behavior could in theory then be used to differentiate between bots and humans moving the mouse, but there might be better and more stealthy ways to do the same (because anything the bot maker would learn and notice they would try to bypass or simulate, but, say, a recording of on-hover event(s) may be obfuscated), and a whole another issue is touch screen users who would look different in logs too. Then, a touch screen user is unlikely to generate two taps of exactly the same coordinates even aiming for button at the same place, so that might perhaps be differentiated against without moving the button itself too.

Replies:   Keet
Keet ๐Ÿšซ

@LupusDei

I'm not a pro on it nor know the state of the art in that... but while in theory to simulate a click on certain coordinates is possible, that's the hard way and not how the bots would normally do it, imho, instead they look the button up in the page code and call a click on that object. That doesn't care where on screen (or off, or occluded by other objects) the button might be. So all your suggestion does is impose an needless activity on a human user, while makes no difference from a bot viewpoint.

Correct, a bot doesn't bother with the position. The programmer checks the page source to determine how he can identify the button. So you have to make sure there's nothing static to identify the buttons. What would work is making sure that every time a page loads the buttons have a different (generated) identifier and nothing else that is unique to identify it (i.e. a specific class. font, color, etc). I've seen some sites doing that to make manually blocking a specific element impossible: with changing identifiers the block works only once. You have to go up the element tree to find a static identifier but that usually also blocks the 'good' content. It also means you can't have the button call a specific JavaScript function because that would identify it too.

Replies:   LupusDei
LupusDei ๐Ÿšซ
Updated:

@Keet

I've seen some sites doing that to make manually blocking a specific element impossible: with changing identifiers the block works only once. You have to go up the element tree to find a static identifier but that usually also blocks the 'good' content.

Well, perhaps even then you could do a three walk, if that's constant, like (pseudocode):

This.parent.node[5].node[3].node[1]

Or if there's a few alternative locations where the element may or not exist, grab all and look what's not empty, or even run a pattern check.

I have regex a half dozen variables out of "condensed" dynamic javascript using single long variable name that couldn't change counting code structure elements out from that... and yes, that's hilarious nuts, but was more stable than I myself would have believed.

Ernest Bywater ๐Ÿšซ

@Gat0r8er

Just out of curiosity: For those who are affected by this click page issue, How much would you be prepared to pay to alleviate just this issue?

I ask as it doesn't affect the premier accounts, so I wonder if there is a low price point to make it worth the trouble for Lazeez to introduce another level of account between free and premier. I doubt the bot bois will pay anything for their bot accounts.

Replies:   Keet
Keet ๐Ÿšซ

@Ernest Bywater

I doubt the bot bois will pay anything for their bot accounts.

And change the registration process so they can't automate it. They need hundreds of accounts to successfully download the complete site. Maybe turn back the higher download limit which would mean they need even more accounts. Using CAPTCHA for registration shouldn't be a problem, neither would having to respond with a confirmation email (and don't allow multiple accounts on the same email address).

Lazeez Jiddan (Webmaster)

@Keet

And change the registration process so they can't automate it.

It's been that way for a long time. Re-captcha, email address verification and one account per IP address per 24 hours.

Whoever was hitting the site hard has done a lot of manual work.

Replies:   Keet  Ernest Bywater
Keet ๐Ÿšซ

@Lazeez Jiddan (Webmaster)

It's been that way for a long time. Re-captcha, email address verification and one account per IP address per 24 hours.

Whoever was hitting the site hard has done a lot of manual work.

Ah, I don't remember exactly, it's been a long time since I registered myself :)
It does surprise me that they did put in all that manual work. You probably already checked if there's something reoccurring in the email addresses and/or ip's so you can block them.

Ernest Bywater ๐Ÿšซ

@Lazeez Jiddan (Webmaster)

Re-captcha

I hate that Google crap as it breaks the basic security settings of 'don't allow third party cookies' and they include other crap code in what they send to make it work. The original Captcha works with 3rd party cookies blocked.

Lazeez Jiddan (Webmaster)

@Ernest Bywater

Re-captcha


I hate that Google crap as it breaks the basic security settings of 'don't allow third party cookies' and they include other crap code in what they send to make it work. The original Captcha works with 3rd party cookies blocked.

I hear you. It was a quick and dirty solution.

I'm thinking of implementing my own verification method. We'll see if I have to resort to that. For now the button click hasn't been defeated yet.

Ernest Bywater ๐Ÿšซ

@Keet

I was hoping to get some idea of what people would think was a fair amount to pay to avoid this issue and that it would be above the break even point for what it costs Lazeez to process a payment. The payment collection systems all charge the merchant fees, either a per transaction fee or a percentage of the payment as a fee or both.

If it costs say (guess only) $3.75 to process a payment and people are prepared to pay $4.00 then it's worth the trouble to organize. However, if they're only prepared to pay $2.00 it isn't worth the trouble to organize.

If we could find out what people would think it was worth paying and it made it worth the effort we could ask Lazeez to do create a new account level to suit.

Replies:   Bibliophage
Bibliophage ๐Ÿšซ

@Ernest Bywater

One problem is that huge numbers of people are absolutely terrified of _anyone_ tracing their pleasure habits, no matter how innocuous. This makes it really difficult to get those people to provide money - because almost all easy to use, reliable ways to receive money end up with some way to identify the real person on the sending end. About the only way to do it is stuff like the old Green Dot "money" orders that can be bought with cash - or just sending cash in an envelope.

So you have people that would pay for it - but they don't want anyone to know that they're paying for it.

Replies:   Ernest Bywater  Keet
Ernest Bywater ๐Ÿšซ
Updated:

@Bibliophage

One problem is that huge numbers of people are absolutely terrified of _anyone_ tracing their pleasure habits, no matter how innocuous.

As some one who has undergone the inquisition and been crucified on the alter of political garbage and media bullshit I can understand their concerns. I was simply seeking a mid-point that allowed them to not have to worry about the anti-bot protections they find irritating and not having to buy a full premier account if they don't wish to.

edit to add: It's the old conflict between convenience and costs.

Replies:   Bibliophage
Bibliophage ๐Ÿšซ

@Ernest Bywater

I didn't say the concerns were completely unfounded. Just that too many take it to paranoid extremes. An excellent example is the transgender community. Most of them haven't realized that the bulk of people beyond visual range just don't give two hoots in hell about anything but the numbers on the check, credit card, money order, whatever. If they want to hide, all they really have to do is turn off their phone, and drop their mail in a box at least 20 miles from home.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@Bibliophage

Just that too many take it to paranoid extremes.

Paranoia is the delusion that everyone is out to get you.

Just because you are paranoid, that isn't proof that no-one is out to get you. :)

Switch Blayde ๐Ÿšซ

@Dominions Son

Just because you are paranoid, that isn't proof that no-one is out to get you. :)

If they're out to get you, you're not paranoid.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@Switch Blayde

If they're out to get you, you're not paranoid.

Again, no. Paranoia is the delusion that everyone is out to get you.

The mere fact that someone is out to get you is not proof that you are not paranoid.

Bibliophage ๐Ÿšซ

@Dominions Son

I didn't say they had no reason to be concerned. I said that they took it to paranoid _extremes_.

Some seem to act like they're terrified that even the owner of the site they're purveying, supplying exactly what they're seeking, is going to sell them out to "The Man" (whatever evil empire(tm) they think is after them)

Keet ๐Ÿšซ

@Bibliophage

So you have people that would pay for it - but they don't want anyone to know that they're paying for it.

You pay the WLPC (World Literature Publishing Company), not SOL. Of course the WLPC is the parent company for multiple sites, where SOL is one of them. But on your bank statement it would look like you bought one or more books.

Replies:   Dominions Son
Dominions Son ๐Ÿšซ

@Keet

But on your bank statement it would look like you bought one or more books.

Or paid a vanity press to print your book.

Back to Top

 

WARNING! ADULT CONTENT...

Storiesonline is for adult entertainment only. By accessing this site you declare that you are of legal age and that you agree with our Terms of Service and Privacy Policy.


Log In