Author Topic: Forum Attacks  (Read 40998 times)

0 Members and 6 Guests are viewing this topic.

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Forum Attacks
« on: September 13, 2011, 07:39:11 pm »
It seems the forum must be due for an upgrade in it's protection measures. We're now getting more spam than legitimate posts. Simple Machines Forums attacks seems to contain good advice. Perhaps items 4 and 5 (in the original post) need to be addressed. I also think all the "members" with no posts should be deleted. The vast majority of them are spam bots. I'm sure any legitimate user who has such an account deleted won't mind re-registering (under new security measures) if they understand why the deletion was necessary.

Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #1 on: September 13, 2011, 08:08:58 pm »
Thx, I will take a look at this topic immediately
Gentlemen, you can’t fight in here! This is the War Room!

Offline Ivek23

  • Global Moderator
  • *****
  • Posts: 2743
    • View Profile
Re: Forum Attacks
« Reply #2 on: September 13, 2011, 08:14:20 pm »
Rick.ca, completely agree with this topic.
Really it is necessary to protect the forum from spam bots, because what is happening lately on this forum is already unsustainable.
Ivek23
Win 10 64bit (32bit)   PVD v0.9.9.21, PVD v1.0.2.7, PVD v1.0.2.7 + MOD


Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #3 on: September 16, 2011, 08:00:08 pm »
Shit, I have tried 4 mods already, different registration options - no use :(
Gentlemen, you can’t fight in here! This is the War Room!

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #4 on: September 17, 2011, 12:30:29 am »
If you delete all existing accounts with no posts and give me permission to delete new ones, I could try to keep them at bay. Looking at recently created accounts, it's rather obvious which ones are spammers. I suppose if these are real people paid to spam, there may be no other way. :-\

Offline Ivek23

  • Global Moderator
  • *****
  • Posts: 2743
    • View Profile
Re: Forum Attacks
« Reply #5 on: September 18, 2011, 06:34:57 pm »
I agree with Rick.ca proposal what makes around spam messages.
Somewhere in the month of May began an abnormal increase in the number of new registered users (sshot-1 picture attached) and already in the user profile indicates then, that their messages will almost certainly be written as "spam Communication" (sshot-2 picture and sshot-3 picture attached).


[attachment deleted by admin]
Ivek23
Win 10 64bit (32bit)   PVD v0.9.9.21, PVD v1.0.2.7, PVD v1.0.2.7 + MOD


Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #6 on: September 23, 2011, 11:19:55 pm »
If you delete all existing accounts with no posts and give me permission to delete new ones, I could try to keep them at bay...

Any thoughts about this, nostra?

Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #7 on: September 27, 2011, 12:06:52 am »
You have the permissions to delete accounts now. I will see how to filter out fake accounts...
Gentlemen, you can’t fight in here! This is the War Room!

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #8 on: September 27, 2011, 01:59:26 am »
Quote
You have the permissions to delete accounts now.

Thanks. That will be more gratifying than just deleting the posts. Even more so if I can catch them before they post. ;)

Quote
I will see how to filter out fake accounts...

It looks like you have removed the obvious ones. I still think most of those without any posts must be fake. Guests are free to read the forum—why would they register when they have no intention of posting? But I suppose it doesn't matter. I'll let you know if I'm having to delete accounts that were registered in the past.

Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #9 on: September 27, 2011, 02:15:09 am »
Yeah, removing all account without posts seemed too much for me. There is no point in creating an account and not posting anything, but I assume people could register to become a "better" part of the community or they could have planned to post some time later...
Gentlemen, you can’t fight in here! This is the War Room!

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #10 on: September 27, 2011, 02:52:09 am »
You could send them all an email..."We're purging fake accounts. You have 10 days to post something interesting or donate to prove you're human." ;D

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #11 on: September 27, 2011, 04:37:35 am »
If you're able to delete accounts in bulk, here are some candidates:

75 accounts with usernames ending in "rhitogBor."
30 accounts with usernames ending in "Dotloorofak." I tired after deleting 45.

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #12 on: September 27, 2011, 11:19:36 pm »
Most of the spam accounts are easy enough to identify, but they're being added faster than I can delete them. I can also see, as I suspected, some of them are adding a "normal" looking accounts, then coming back to them a day or more later to add links and spam posts. The Quick Ban on Account Delete mod would help, particularly if IP bans are effective. Can you see any pattern in the IP addresses of these accounts, or are they being spoofed too?

Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #13 on: September 27, 2011, 11:49:06 pm »
There seems to be a pattern in those IP addresses, but I am not sure how likely it is for normal users to happen to have an IP address from the same range...
Gentlemen, you can’t fight in here! This is the War Room!

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #14 on: September 28, 2011, 01:24:37 am »
I wouldn't ban a range unless there were more than two IP's in last octet. The chance of a legitimate user (current or future) being in the same group would be extremely slim. Otherwise, I would only block the one IP being banned. By a "pattern," I meant one that suggests they are real IP addresses (rather than somehow spoofed) and therefore can be banned. Also, I understand spammers are now the primary users of proxy services like Tor. I don't think we should be concerned about blocking those.

I'm beginning to wonder if they're now more active because I've been deleting accounts. I just deleted a dozen or so about an hour ago. Now there's a dozen or so new ones.  ::)

It seems they consistently post in the first board. Maybe you should create a new first board called "Spam," and let them do their thing. :D

Offline nostra

  • Administrator
  • *****
  • Posts: 2852
    • View Profile
    • Personal Video Database
Re: Forum Attacks
« Reply #15 on: September 28, 2011, 02:22:15 am »
Quote
I would only block the one IP being banned

I think blocking one IP does not solve anything.

Quote
By a "pattern," I meant one that suggests they are real IP addresses (rather than somehow spoofed) and therefore can be banned.

Not sure about this, but ass far I understand the IPs seem to be real

Quote
It seems they consistently post in the first board. Maybe you should create a new first board called "Spam," and let them do their thing. Cheesy

Yeah, does not look so good :(
Gentlemen, you can’t fight in here! This is the War Room!

Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #16 on: September 29, 2011, 01:14:41 am »
I have tried 4 mods already, different registration options - no use

Did you try httpBL (implementation of Project Honeypot API) and Stop Spammer. These two seem to be mentioned most often by those who claim to have solved the problem (e.g., here) But maybe the better verification process in SMF 2.0 is a factor as well. :-\

You have the permissions to delete accounts now.

Is there something you can do that would allow me to use checkboxes to select accounts, then delete them all at once? They're being added at a rate of more than 50 per day—too many to deleted one-at-a-time. :(

Offline jondak

  • User
  • ***
  • Posts: 33
    • View Profile
Re: Forum Attacks
« Reply #17 on: September 29, 2011, 03:41:31 pm »
Easiest way its in my opinion that new accounts can't start new threads or reply to new thread till that reply or thread has been accepted by an admin. You can make it so that new accounts need 5 posts before they can freely post without being check.

Offline Ivek23

  • Global Moderator
  • *****
  • Posts: 2743
    • View Profile
Re: Forum Attacks
« Reply #18 on: September 29, 2011, 04:40:06 pm »
Easiest way its in my opinion that new accounts can't start new threads or reply to new thread till that reply or thread has been accepted by an admin. You can make it so that new accounts need 5 posts before they can freely post without being check.

Very good proposal to limit spam posts and, therefore, to limit or to reduce the number of newly registered members who write spam posts.
Ivek23
Win 10 64bit (32bit)   PVD v0.9.9.21, PVD v1.0.2.7, PVD v1.0.2.7 + MOD


Offline rick.ca

  • Global Moderator
  • *****
  • Posts: 3241
  • "I'm willing to shoot you!"
    • View Profile
Re: Forum Attacks
« Reply #19 on: September 29, 2011, 07:14:15 pm »
I suppose this would work, as long as there were always a moderator available to promptly approve legitimate posts. Requiring approval for the first post only would be good enough. But it wouldn't stop them from adding 50+ spam accounts per day.

This might work well in combination with the automatic deletion of accounts for which there has been no initial post within, say, 24 hours. The first message of the registration routine would be something like, "Registration is not required for viewing any part of this website, only for posting messages to the Forum. Please do not register unless you intend to post messages. New accounts for which no post is made within 24 hours will be deleted."

But I don't understand why any such measures are necessary. The other SMF 1.x forum I frequent is ten times as big and 100 times as active as this one. It's attacked in the same way, but has no measures like this. There are spam accounts in it's membership list, but only about one per day. Those ones are obvious spam accounts, suggesting they're not so few because the admins are deleting them. They must have measures that are effective in preventing most of them from registering.

 

anything