Information about the recent spamming incident

General Announcements about Unreal Tournament and UT99.org
User avatar
PrinceOfFunky
Godlike
Posts: 1164
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky » Sat Feb 06, 2016 5:06 am

I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
Shade
Site Admin
Posts: 1425
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade » Sat Feb 06, 2016 5:30 am

EvilGrins wrote:
papercoffee wrote:The post is already deleted by the staff crew.
Damn straight!
Image
I scared him away.
EvilGrins, the real deal behind everything and beyond! :mrgreen:
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin » Sat Feb 06, 2016 2:23 pm

From a couple of minutes ago:
Registered users: AdsBot [Google], Alexa [Bot], Alta Vista [Bot], Ask Jeeves [Bot], Baidu [Spider], Exabot [Bot], FAST Enterprise [Crawler], FAST WebCrawler [Crawler], Francis [Bot], Gigabot [Bot], Google [Bot], Google Adsense [Bot], Google Desktop, Google Feedfetcher, Heise IT-Markt [Crawler], Heritrix [Crawler], IBM Research [Bot], ICCrawler - ICjobs, ichiro [Crawler], JackGriffin, Majestic-12 [Bot], Metager [Bot], MSN [Bot], MSN NewsBlogs, MSNbot Media, NG-Search [Bot], Nutch [Bot], Nutch/CVS [Bot], OmniExplorer [Bot], Online link [Validator], psbot [Picsearch], Seekport [Bot], Sensis [Crawler], SEO Crawler, Seoma [Crawler], SEOSearch [Crawler], Snappy [Bot], Steeler [Crawler], Synoo [Bot], Telekom [Bot], TurnitinBot [Bot], Voyager [Bot], W3 [Sitesearch], W3C [Linkcheck], W3C [Validator], WiseNut [Bot], YaCy [Bot], Yahoo [Bot], Yahoo MMCrawler [Bot], Yahoo Slurp [Bot], YahooSeeker [Bot]
You should turn off the bots automatic credentials for now.
So long, and thanks for all the fish

User avatar
Shade
Site Admin
Posts: 1425
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade » Sat Feb 06, 2016 2:36 pm

lol. Looks like some script kiddy action. It's not a big deal, he is just using crawler user agents of known crawlers. Its harmless.
The funny thing is, he is wasting so much time, just to get some crawler-names appearing at the bottom of a website. I guess someone has no life. :lol:

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin » Sat Feb 06, 2016 3:19 pm

I know this is a real pain for you Shade but you badly need to stop this. Google "bad web crawlers" and you'll see that allowing any crawlers to just index everything is a terrible idea. I used google's crawler to read the posts inside the admin section of one very popular UT site. I immediately let them know and they fixed it but the point is that the permissions system is so crazy in phpBB that it's very easy to overlook something trivial that leaves certain parts of your site wide open.

My advice is get someone into the backend that you trust and that knows what's up with security. UT99.org is a great place but if you choose to ignore and allow it's not going to be for very long. You are getting a sustained and persistent attack. WAY better and more secure sites fall all the time.
So long, and thanks for all the fish

User avatar
Shade
Site Admin
Posts: 1425
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade » Sat Feb 06, 2016 3:24 pm

Crawlers have specific permissions on this board. They can only read content which is public to guests.

JackGriffin
Godlike
Posts: 3765
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin » Sat Feb 06, 2016 3:40 pm

OK, I'm going to stop talking about it. It's not my place anyway.
Spoiler
Show
I still reserve the right to say "I tried to tell you."
So long, and thanks for all the fish

User avatar
PrinceOfFunky
Godlike
Posts: 1164
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky » Sat Feb 06, 2016 5:22 pm

Shade wrote:
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
Oh, I tough this spammer created like thousands.
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
Shade
Site Admin
Posts: 1425
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade » Sat Feb 06, 2016 5:38 pm

PrinceOfFunky wrote: Oh, I tough this spammer created like thousands.
Nope. Just 14, which where used to post a massive number of posts.

User avatar
PrinceOfFunky
Godlike
Posts: 1164
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky » Sat Feb 06, 2016 8:05 pm

JackGriffin wrote:Depends on how they were salted. A decent group could decrypt a password database, especially if it were as large as that one. You'd have a lot of easy ones to crack first to apply to the table.
Exactly, a decent group.
I doubt that a group that's not able to automate a registering phase, should be consider as a decent group :/
"Your stuff is known to be buggy and unfinished/not properly tested"

User avatar
EvilGrins
Godlike
Posts: 8107
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA

Re: Information about the recent spamming incident

Post by EvilGrins » Sat Feb 06, 2016 8:34 pm

Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
http://unreal-games.livejournal.com/
Image
medor wrote:Replace Skaarj with EvilGrins :mrgreen:
Smilies · viewtopic.php?f=8&t=13758

User avatar
UnrealGGecko
Godlike
Posts: 2457
Joined: Wed Feb 01, 2012 11:26 am
Personal rank: GEx the Gecko
Location: Kaunas, Lithuania

Re: Information about the recent spamming incident

Post by UnrealGGecko » Sat Feb 06, 2016 8:47 pm

EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:

User avatar
papercoffee
Godlike
Posts: 9948
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Information about the recent spamming incident

Post by papercoffee » Sat Feb 06, 2016 9:36 pm

UnrealGecko wrote:
EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:
Duuuude ... look at my colour. I'm retired!


...

Ok, I can't resist...

@Shade
No double posts!!
You should be an example for the community.
:ironic:

User avatar
Shade
Site Admin
Posts: 1425
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade » Sat Feb 06, 2016 9:38 pm

What double post? :noidea

User avatar
papercoffee
Godlike
Posts: 9948
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Information about the recent spamming incident

Post by papercoffee » Sat Feb 06, 2016 9:42 pm

Shade wrote:What double post? :noidea
:loool: Hahaha ...Gecko fused them already. Or was it you? :wink: