Information about the recent spamming incident

General Announcements about Unreal Tournament and UT99.org

Re: Information about the recent spamming incident

Postby PrinceOfFunky » Sat Feb 06, 2016 5:06 am

I think you should advice anyone to change their passwords then.


LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.

Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
Image
User avatar
PrinceOfFunky
Inhuman
 
Posts: 991
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Postby Shade » Sat Feb 06, 2016 5:30 am

EvilGrins wrote:
papercoffee wrote:The post is already deleted by the staff crew.

Damn straight!
Image
I scared him away.


EvilGrins, the real deal behind everything and beyond! :mrgreen:

PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.


LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.

Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.


The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
User avatar
Shade
Site Admin
 
Posts: 1364
Joined: Sun Jan 27, 2008 12:03 pm
Location: Germany
Personal rank: Founder of UT99.org

Re: Information about the recent spamming incident

Postby JackGriffin » Sat Feb 06, 2016 2:23 pm

From a couple of minutes ago:
Registered users: AdsBot [Google], Alexa [Bot], Alta Vista [Bot], Ask Jeeves [Bot], Baidu [Spider], Exabot [Bot], FAST Enterprise [Crawler], FAST WebCrawler [Crawler], Francis [Bot], Gigabot [Bot], Google [Bot], Google Adsense [Bot], Google Desktop, Google Feedfetcher, Heise IT-Markt [Crawler], Heritrix [Crawler], IBM Research [Bot], ICCrawler - ICjobs, ichiro [Crawler], JackGriffin, Majestic-12 [Bot], Metager [Bot], MSN [Bot], MSN NewsBlogs, MSNbot Media, NG-Search [Bot], Nutch [Bot], Nutch/CVS [Bot], OmniExplorer [Bot], Online link [Validator], psbot [Picsearch], Seekport [Bot], Sensis [Crawler], SEO Crawler, Seoma [Crawler], SEOSearch [Crawler], Snappy [Bot], Steeler [Crawler], Synoo [Bot], Telekom [Bot], TurnitinBot [Bot], Voyager [Bot], W3 [Sitesearch], W3C [Linkcheck], W3C [Validator], WiseNut [Bot], YaCy [Bot], Yahoo [Bot], Yahoo MMCrawler [Bot], Yahoo Slurp [Bot], YahooSeeker [Bot]


You should turn off the bots automatic credentials for now.
"You damn kids, back in my time we made the items, maps and games ourselves with an unwieldy engine using counter-intuitive crash-prone tools and we liked it so much we built communities around this which nowadays look like cults because they're quasi-parallel societies based on the same old games." -Hellkeeper
User avatar
JackGriffin
Godlike
 
Posts: 3685
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: Hack coder

Re: Information about the recent spamming incident

Postby Shade » Sat Feb 06, 2016 2:36 pm

lol. Looks like some script kiddy action. It's not a big deal, he is just using crawler user agents of known crawlers. Its harmless.
The funny thing is, he is wasting so much time, just to get some crawler-names appearing at the bottom of a website. I guess someone has no life. :lol:
User avatar
Shade
Site Admin
 
Posts: 1364
Joined: Sun Jan 27, 2008 12:03 pm
Location: Germany
Personal rank: Founder of UT99.org

Re: Information about the recent spamming incident

Postby JackGriffin » Sat Feb 06, 2016 3:19 pm

I know this is a real pain for you Shade but you badly need to stop this. Google "bad web crawlers" and you'll see that allowing any crawlers to just index everything is a terrible idea. I used google's crawler to read the posts inside the admin section of one very popular UT site. I immediately let them know and they fixed it but the point is that the permissions system is so crazy in phpBB that it's very easy to overlook something trivial that leaves certain parts of your site wide open.

My advice is get someone into the backend that you trust and that knows what's up with security. UT99.org is a great place but if you choose to ignore and allow it's not going to be for very long. You are getting a sustained and persistent attack. WAY better and more secure sites fall all the time.
"You damn kids, back in my time we made the items, maps and games ourselves with an unwieldy engine using counter-intuitive crash-prone tools and we liked it so much we built communities around this which nowadays look like cults because they're quasi-parallel societies based on the same old games." -Hellkeeper
User avatar
JackGriffin
Godlike
 
Posts: 3685
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: Hack coder

Re: Information about the recent spamming incident

Postby Shade » Sat Feb 06, 2016 3:24 pm

Crawlers have specific permissions on this board. They can only read content which is public to guests.
User avatar
Shade
Site Admin
 
Posts: 1364
Joined: Sun Jan 27, 2008 12:03 pm
Location: Germany
Personal rank: Founder of UT99.org

Re: Information about the recent spamming incident

Postby JackGriffin » Sat Feb 06, 2016 3:40 pm

OK, I'm going to stop talking about it. It's not my place anyway.
Spoiler: show
I still reserve the right to say "I tried to tell you."
"You damn kids, back in my time we made the items, maps and games ourselves with an unwieldy engine using counter-intuitive crash-prone tools and we liked it so much we built communities around this which nowadays look like cults because they're quasi-parallel societies based on the same old games." -Hellkeeper
User avatar
JackGriffin
Godlike
 
Posts: 3685
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: Hack coder

Re: Information about the recent spamming incident

Postby PrinceOfFunky » Sat Feb 06, 2016 5:22 pm

Shade wrote:
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.


LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.

Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.


The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.

Oh, I tough this spammer created like thousands.
Image
User avatar
PrinceOfFunky
Inhuman
 
Posts: 991
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Postby Shade » Sat Feb 06, 2016 5:38 pm

PrinceOfFunky wrote:Oh, I tough this spammer created like thousands.


Nope. Just 14, which where used to post a massive number of posts.
User avatar
Shade
Site Admin
 
Posts: 1364
Joined: Sun Jan 27, 2008 12:03 pm
Location: Germany
Personal rank: Founder of UT99.org

Re: Information about the recent spamming incident

Postby PrinceOfFunky » Sat Feb 06, 2016 8:05 pm

JackGriffin wrote:Depends on how they were salted. A decent group could decrypt a password database, especially if it were as large as that one. You'd have a lot of easy ones to crack first to apply to the table.

Exactly, a decent group.
I doubt that a group that's not able to automate a registering phase, should be consider as a decent group :/
Image
User avatar
PrinceOfFunky
Inhuman
 
Posts: 991
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Postby EvilGrins » Sat Feb 06, 2016 8:34 pm

Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
User avatar
EvilGrins
Godlike
 
Posts: 6122
Joined: Thu Jun 30, 2011 8:12 pm
Location: Palo Alto, CA
Personal rank: God of Fudge

Re: Information about the recent spamming incident

Postby UnrealGGecko » Sat Feb 06, 2016 8:47 pm

EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image


Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:
"NHL Rock The Rink" (PS1) announcer wrote:...And there are no stunt doubles in this game, folks!

My work for UT99: Counter-Strike VP, MaleOne+ & FemaleOne+ voicepacks (NEW!), DM-XC-NaliTreeV2 (from the ut99.org Xmas Contest mappack), my small spec of files at Google Drive

List of console converted maps, models & more!
User avatar
UnrealGGecko
Site Staff
 
Posts: 2103
Joined: Wed Feb 01, 2012 11:26 am
Location: Kaunas, Lithuania
Personal rank: GEx the Gecko

Re: Information about the recent spamming incident

Postby papercoffee » Sat Feb 06, 2016 9:36 pm

UnrealGecko wrote:
EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image


Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:

Duuuude ... look at my colour. I'm retired!


...

Ok, I can't resist...

@Shade
No double posts!!
You should be an example for the community.
:ironic:
User avatar
papercoffee
Site Staff
 
Posts: 9046
Joined: Wed Jul 15, 2009 11:36 am
Location: Cologne, the city with the big cathedral.
Personal rank: coffee addicted !!!

Re: Information about the recent spamming incident

Postby Shade » Sat Feb 06, 2016 9:38 pm

What double post? :noidea
User avatar
Shade
Site Admin
 
Posts: 1364
Joined: Sun Jan 27, 2008 12:03 pm
Location: Germany
Personal rank: Founder of UT99.org

Re: Information about the recent spamming incident

Postby papercoffee » Sat Feb 06, 2016 9:42 pm

Shade wrote:What double post? :noidea

:loool: Hahaha ...Gecko fused them already. Or was it you? :wink:
User avatar
papercoffee
Site Staff
 
Posts: 9046
Joined: Wed Jul 15, 2009 11:36 am
Location: Cologne, the city with the big cathedral.
Personal rank: coffee addicted !!!

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: No registered users and 1 guest