Information about the recent spamming incident

General Announcements about Unreal Tournament and UT99.org
User avatar
PrinceOfFunky
Godlike
Posts: 1204
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky »

I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
User avatar
Shade
Site Admin
Posts: 1481
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade »

EvilGrins wrote:
papercoffee wrote:The post is already deleted by the staff crew.
Damn straight!
Image
I scared him away.
EvilGrins, the real deal behind everything and beyond! :mrgreen:
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
UT99.org Discord Server: https://discord.gg/6CP2UjZ
UT Server Browser: https://ut99.org/servers
JackGriffin
Godlike
Posts: 3776
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin »

From a couple of minutes ago:
Registered users: AdsBot [Google], Alexa [Bot], Alta Vista [Bot], Ask Jeeves [Bot], Baidu [Spider], Exabot [Bot], FAST Enterprise [Crawler], FAST WebCrawler [Crawler], Francis [Bot], Gigabot [Bot], Google [Bot], Google Adsense [Bot], Google Desktop, Google Feedfetcher, Heise IT-Markt [Crawler], Heritrix [Crawler], IBM Research [Bot], ICCrawler - ICjobs, ichiro [Crawler], JackGriffin, Majestic-12 [Bot], Metager [Bot], MSN [Bot], MSN NewsBlogs, MSNbot Media, NG-Search [Bot], Nutch [Bot], Nutch/CVS [Bot], OmniExplorer [Bot], Online link [Validator], psbot [Picsearch], Seekport [Bot], Sensis [Crawler], SEO Crawler, Seoma [Crawler], SEOSearch [Crawler], Snappy [Bot], Steeler [Crawler], Synoo [Bot], Telekom [Bot], TurnitinBot [Bot], Voyager [Bot], W3 [Sitesearch], W3C [Linkcheck], W3C [Validator], WiseNut [Bot], YaCy [Bot], Yahoo [Bot], Yahoo MMCrawler [Bot], Yahoo Slurp [Bot], YahooSeeker [Bot]
You should turn off the bots automatic credentials for now.
So long, and thanks for all the fish
User avatar
Shade
Site Admin
Posts: 1481
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade »

lol. Looks like some script kiddy action. It's not a big deal, he is just using crawler user agents of known crawlers. Its harmless.
The funny thing is, he is wasting so much time, just to get some crawler-names appearing at the bottom of a website. I guess someone has no life. :lol:
UT99.org Discord Server: https://discord.gg/6CP2UjZ
UT Server Browser: https://ut99.org/servers
JackGriffin
Godlike
Posts: 3776
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin »

I know this is a real pain for you Shade but you badly need to stop this. Google "bad web crawlers" and you'll see that allowing any crawlers to just index everything is a terrible idea. I used google's crawler to read the posts inside the admin section of one very popular UT site. I immediately let them know and they fixed it but the point is that the permissions system is so crazy in phpBB that it's very easy to overlook something trivial that leaves certain parts of your site wide open.

My advice is get someone into the backend that you trust and that knows what's up with security. UT99.org is a great place but if you choose to ignore and allow it's not going to be for very long. You are getting a sustained and persistent attack. WAY better and more secure sites fall all the time.
So long, and thanks for all the fish
User avatar
Shade
Site Admin
Posts: 1481
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade »

Crawlers have specific permissions on this board. They can only read content which is public to guests.
UT99.org Discord Server: https://discord.gg/6CP2UjZ
UT Server Browser: https://ut99.org/servers
JackGriffin
Godlike
Posts: 3776
Joined: Fri Jan 14, 2011 1:53 pm
Personal rank: -Retired-

Re: Information about the recent spamming incident

Post by JackGriffin »

OK, I'm going to stop talking about it. It's not my place anyway.
Spoiler
I still reserve the right to say "I tried to tell you."
So long, and thanks for all the fish
User avatar
PrinceOfFunky
Godlike
Posts: 1204
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky »

Shade wrote:
PrinceOfFunky wrote:I think you should advice anyone to change their passwords then.

LANguy wrote:Lower tech implementation, a required custom field like: "Are you a spam bot? Type in "no"" with a 2 character input for "no" being the only answer that will permit them to register, pretty much completely killed all the spam in my forum.
Custom spambots could be written anyway. Like if you use HTMLUnit APIs for Java, you could easily check the text "Are you a spam bot?" and the input bar near it, and write "no" inside the input bar and then search_for/temporarly_create a custom submit button and press it automatically.
The accounts used for spamming were most likely (after some investigation) created by hand (not a big deal with just around 14 accounts). Just the posting spam itself was automated.
Oh, I tough this spammer created like thousands.
User avatar
Shade
Site Admin
Posts: 1481
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade »

PrinceOfFunky wrote: Oh, I tough this spammer created like thousands.
Nope. Just 14, which where used to post a massive number of posts.
UT99.org Discord Server: https://discord.gg/6CP2UjZ
UT Server Browser: https://ut99.org/servers
User avatar
PrinceOfFunky
Godlike
Posts: 1204
Joined: Mon Aug 31, 2015 10:31 pm

Re: Information about the recent spamming incident

Post by PrinceOfFunky »

JackGriffin wrote:Depends on how they were salted. A decent group could decrypt a password database, especially if it were as large as that one. You'd have a lot of easy ones to crack first to apply to the table.
Exactly, a decent group.
I doubt that a group that's not able to automate a registering phase, should be consider as a decent group :/
User avatar
EvilGrins
Godlike
Posts: 10236
Joined: Thu Jun 30, 2011 8:12 pm
Personal rank: God of Fudge
Location: Palo Alto, CA

Re: Information about the recent spamming incident

Post by EvilGrins »

Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
User avatar
UnrealGGecko
Godlike
Posts: 2975
Joined: Wed Feb 01, 2012 11:26 am
Personal rank: GEx the Gecko
Location: Kaunas, Lithuania

Re: Information about the recent spamming incident

Post by UnrealGGecko »

EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:
User avatar
papercoffee
Godlike
Posts: 10529
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Information about the recent spamming incident

Post by papercoffee »

UnrealGecko wrote:
EvilGrins wrote:Kinda surprised papercoffee hasn't popped in and gotten Shade for that doublepost up there... Image
Oh snap :ironic:

Oh ahem uuhh... NO DOUBLE POSTING!

It wasn't papercofee, but It'll do :tongue:
Duuuude ... look at my colour. I'm retired!


...

Ok, I can't resist...

@Shade
No double posts!!
You should be an example for the community.
:ironic:
User avatar
Shade
Site Admin
Posts: 1481
Joined: Sun Jan 27, 2008 12:03 pm
Personal rank: Founder of UT99.org
Location: Germany

Re: Information about the recent spamming incident

Post by Shade »

What double post? :noidea
UT99.org Discord Server: https://discord.gg/6CP2UjZ
UT Server Browser: https://ut99.org/servers
User avatar
papercoffee
Godlike
Posts: 10529
Joined: Wed Jul 15, 2009 11:36 am
Personal rank: coffee addicted !!!
Location: Cologne, the city with the big cathedral.

Re: Information about the recent spamming incident

Post by papercoffee »

Shade wrote:What double post? :noidea
:loool: Hahaha ...Gecko fused them already. Or was it you? :wink: