Page 2 of 3
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 5:06 am
by PrinceOfFunky
I think you should advice anyone to change their passwords then.
LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 5:30 am
by Shade
EvilGrins wrote:papercoffee wrote:The post is already deleted by the staff crew.
Damn straight!
I scared him away.
EvilGrins, the real deal behind everything and beyond!
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.
LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 2:23 pm
by JackGriffin
From a couple of minutes ago:
Registered users: AdsBot [Google], Alexa [Bot], Alta Vista [Bot], Ask Jeeves [Bot], Baidu [Spider], Exabot [Bot], FAST Enterprise [Crawler], FAST WebCrawler [Crawler], Francis [Bot], Gigabot [Bot], Google [Bot], Google Adsense [Bot], Google Desktop, Google Feedfetcher, Heise IT-Markt [Crawler], Heritrix [Crawler], IBM Research [Bot], ICCrawler - ICjobs, ichiro [Crawler], JackGriffin, Majestic-12 [Bot], Metager [Bot], MSN [Bot], MSN NewsBlogs, MSNbot Media, NG-Search [Bot], Nutch [Bot], Nutch/CVS [Bot], OmniExplorer [Bot], Online link [Validator], psbot [Picsearch], Seekport [Bot], Sensis [Crawler], SEO Crawler, Seoma [Crawler], SEOSearch [Crawler], Snappy [Bot], Steeler [Crawler], Synoo [Bot], Telekom [Bot], TurnitinBot [Bot], Voyager [Bot], W3 [Sitesearch], W3C [Linkcheck], W3C [Validator], WiseNut [Bot], YaCy [Bot], Yahoo [Bot], Yahoo MMCrawler [Bot], Yahoo Slurp [Bot], YahooSeeker [Bot]
You should turn off the bots automatic credentials for now.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 2:36 pm
by Shade
lol. Looks like some script kiddy action. It's not a big deal, he is just using crawler user agents of known crawlers. Its harmless.
The funny thing is, he is wasting so much time, just to get some crawler-names appearing at the bottom of a website. I guess someone has no life.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 3:19 pm
by JackGriffin
I know this is a real pain for you Shade but you badly need to stop this. Google "bad web crawlers" and you'll see that allowing any crawlers to just index everything is a terrible idea. I used google's crawler to read the posts inside the admin section of one very popular UT site. I immediately let them know and they fixed it but the point is that the permissions system is so crazy in phpBB that it's very easy to overlook something trivial that leaves certain parts of your site wide open.
My advice is get someone into the backend that you trust and that knows what's up with security. UT99.org is a great place but if you choose to ignore and allow it's not going to be for very long. You are getting a sustained and persistent attack. WAY better and more secure sites fall all the time.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 3:24 pm
by Shade
Crawlers have specific permissions on this board. They can only read content which is public to guests.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 3:40 pm
by JackGriffin
OK, I'm going to stop talking about it. It's not my place anyway.
I still reserve the right to say "I tried to tell you."
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 5:22 pm
by PrinceOfFunky
Shade wrote:PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.
LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
Oh, I tough this spammer created like thousands.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 5:38 pm
by Shade
PrinceOfFunky wrote:
Oh, I tough this spammer created like thousands.
Nope. Just 14, which where used to post a massive number of posts.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 8:05 pm
by PrinceOfFunky
JackGriffin wrote:Depends on how they were salted. A decent group could decrypt a password database, especially if it were as large as that one. You'd have a lot of easy ones to crack first to apply to the table.
Exactly, a decent group.
I doubt that a group that's not able to automate a registering phase, should be consider as a decent group :/
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 8:34 pm
by EvilGrins
Kinda surprised
papercoffee hasn't popped in and gotten
Shade for that doublepost up there...
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 8:47 pm
by UnrealGGecko
EvilGrins wrote:Kinda surprised
papercoffee hasn't popped in and gotten
Shade for that doublepost up there...
Oh snap
Oh ahem uuhh... NO DOUBLE POSTING!
It wasn't papercofee, but It'll do
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 9:36 pm
by papercoffee
UnrealGecko wrote:EvilGrins wrote:Kinda surprised
papercoffee hasn't popped in and gotten
Shade for that doublepost up there...
Oh snap
Oh ahem uuhh... NO DOUBLE POSTING!
It wasn't papercofee, but It'll do
Duuuude ... look at my colour. I'm retired!
...
Ok, I can't resist...
@Shade
No double posts!!
You should be an example for the community.
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 9:38 pm
by Shade
What double post?
Re: Information about the recent spamming incident
Posted: Sat Feb 06, 2016 9:42 pm
by papercoffee
Shade wrote:What double post?
Hahaha ...Gecko fused them already. Or was it you?
