What happened to the forum? > SPAM

Everything about this website and its content. Here you will find update announcements or requests for feedback. Questions about layout, functionality, content, and your suggestions are welcome.
wesley123
wesley123
204
Joined: 23 Feb 2008, 17:55

Re: WTF happened to the forum?

Post

ackzsel wrote:Is it possible to disable posting for the first 24h or something after registration (assuming all these acounts are new)?
That would be really really simple but I guess that will work.

Anyway I am quite for an Captcha, but then in a modified way, I am quite sure there are sources available for such systems, might just take such one and modify it for your needs, like gridwalker said, using a system that generates it on the fly would be much harder to work around or inject anything in it.
"Bite my shiny metal ass" - Bender

ESPImperium
ESPImperium
64
Joined: 06 Apr 2008, 00:08
Location: Glasgow, Scotland

Re: What happened to the forum?

Post

Still happening.

I say suspend new registrations for a day or so till a solution can be thought of.

User avatar
Steven
Owner
Joined: 19 Aug 2002, 18:32
Location: Belgium

Re: What happened to the forum?

Post

I'm non-stop online in the next 4 hours. We'll see what happens.
AFAIK all posts have now been removed.

I looked up the IP's, and most of them were seen on many other sites as spambots. It is however the first time I have seen it to such an extent.

The countermeasure in place for registration is a question. There are 3 that rotate, I'll replace them with some new ones.
The CAPTCHA is indeed possible, but was replaced by a question more than a year ago after it was pretty clear the spambots were equipped with ever improving algorithms to decypher the CAPTCHA codes.

Thank you for the support guys!

Tyler
Tyler
0
Joined: 06 Jul 2011, 18:50

Re: What happened to the forum?

Post

For a split second I thought to myself :''wow I know the seasons over but noone's talking about F1 anymore!!!'' #-o
Second blonde moment I've had this week - the first one being that I somehow managed to confuse simulators and wind tunnels =D>

Saribro
Saribro
6
Joined: 28 Jul 2006, 00:34

Re: What happened to the forum?

Post

20 bots and 1 guy to fill in some questions/captchas can do a lot of damage.

blokkie
blokkie
0
Joined: 29 Nov 2011, 13:43
Location: Belgium

Re: What happened to the forum?

Post

I regged specially to comment here.

There are a couple of automated ways to prevent stuff like this to happen besides the captcha and other stuff people suggested here. And as this forum is in php there are some well documented ways to fix this from happening again.

I guess when securing the forum a bit more we want to have the least impact on the users (us :)) so captcha and such can be a bit anoying when there are other simpler ways still available

There are 2 most common attacks that I've seen , spambots and x-site scripting.
Sometimes the bots use X-site scripts to spam , but as I don't know how the httpd access logs look to know how the spam happens I'll give ways to fix this as well ;

I'll list them up (first == easiest to implement , last == most difficult)

1) restrict access via .htaccess file in the document root
ref link with example : http://www.spanishseo.org/block-spam-bots-scrapers

2) geoip module , restrict entire country's or ip-ranges from countrys (if spammers come from a few country's this is an easy fix :
ref link http://www.maxmind.com/app/php

3) Depending how the forum is coded , it might be interesting to use DNSBL and writeup a module or extention .
ref link : http://www.dnsbl.info/dnsbl-database-check.php

4) cross-site scripting is the most difficult to fix because php tends to be very flexible. So if the spammers use this kind of exploit the only solution is to check the values of every POST/GET request in the form fields. .. .... indeed a lot of work
ref link: http://en.wikipedia.org/wiki/Cross-site_scripting

bettonracing
bettonracing
1
Joined: 12 Oct 2007, 15:57

Re: WTF happened to the forum?

Post

wesley123 wrote: Sure that will prevent it. I dont see how Tomba has to even search for it when the whole 'active topics' section is flooded with it.

Quite an annoying situation, I would say an fix would be to allow users to search to the homepage with an search engine, but not the forum.
Somebody crap in Your cheerios yesterday?

As users respond to legitimate forum threads the "active topics" will get shuffled away meaning Tomba would likely have to open each forum/ sub forum to get to the spam threads. I was offering a potential shortcut in case Tomba didn't have another way to shortcut the process.

Tomba,
Are there any trends in the IP's used? Identical? Same country?
What about any trends in the registration fields? Time of registration? Names used?
Is there any way to monitor trends and block registrations based on some kind of trend filter?

Food for thought.

Regards,
Kurt

User avatar
Steven
Owner
Joined: 19 Aug 2002, 18:32
Location: Belgium

Re: What happened to the forum?

Post

Kurt, your suggestion was much appreciated indeed. However, this time around there was indeed such a high amount of spam that for each spampost I found, I just deleted the useraccount and all its other posts.

It seems most useraccounts registered with email addresses including "bags", "jersey", "shoes", ...

Today I have deleted approx 5 users before they were able to post. One single account managed to post a few times, and that was reported by the time I noticed it.

I hope the worst is over ;)

PS: Spambot questions asked at registration were changed 20 hours ago as well.

User avatar
Steven
Owner
Joined: 19 Aug 2002, 18:32
Location: Belgium

Re: What happened to the forum?

Post

Another update.

I've spent numerous hours on these bots (unfortunately) but I added another solution to fight the spam.

Now, upon user activation, username and email are checked for 'spammy' words (stuff like 'shoes', 'bags', ...). If one is found, the user is immediately banned with the message "Banned by spam filter".
People who find this incorrect can of course send a mail, as suggested in the message they will get.

I hope this will help a little...

wunderkind
wunderkind
5
Joined: 04 Apr 2007, 06:12

Re: What happened to the forum?

Post

Thank you Tomba for your good work in cleaning up the forum.

donskar
donskar
2
Joined: 03 Feb 2007, 16:41
Location: Cardboard box, end of Boulevard of Broken Dreams

Re: What happened to the forum?

Post

The site and forums are well worth minor disturbances. Good work and thank you to all.
Enzo Ferrari was a great man. But he was not a good man. -- Phil Hill

bhall
bhall
244
Joined: 28 Feb 2006, 21:26

Re: What happened to the forum?

Post

I've flagged items as I've seen them. I hope that itself doesn't turn into a sort of spam for moderators to deal with as well.

User avatar
Jeffsvilleusa
0
Joined: 15 Apr 2011, 00:14
Location: San Francisco

Re: What happened to the forum?

Post

Now they are posting in the current threads 4 at a time. This is creepy! Yet somehow I feel compelled to buy Nike shoes... must buy Nikes...
Box! Box!

User avatar
Neco FEROX
0
Joined: 12 Jun 2010, 14:42

F1Technical just got spammed.

Post

Peng123.....we don't want your ---

User avatar
Lurk
2
Joined: 13 Feb 2010, 20:58

Re: What happened to the forum?

Post

The guy who create bots should be hanged and burned! :evil:


We had a similar spam problem on a forum recently, the admin set a minimum time to fill the registration form. It was pretty effective for us - but we don't use an antispam question, only a captcha. Don't know if it could help here...


Otherwise maybe you can ban users who post several urls in their firsts messages..?