PDA

View Full Version : Another Spam Attack - and upcoming actions



Robbie
07-19-2008, 08:15 PM
Just wanted to let everyone know that there was another spam attack today...2 actually...and I imagine more will take place very soon...I'm trying to eliminate them now and enact actions that will prevent them from taking place...but if you get a message alerting you of a pm...and you find that you don't have a pm...it was probably spam, and it was deleted.

I am trying out reCaptcha. Its an image verification system that not only helps eliminate spam, but in the process of solving the captcha, you're helping to digitize old books for online use. Read about it here: http://recaptcha.net/

I may end up temporarily disabling PMs until I can get the problem under further control...if so I'll make a post here letting you all know...and wil also be setting the board up to only allow pms after at least 5 actual posts are made.

Midgardsormr
07-19-2008, 08:44 PM
That's brilliant! I most definitely approve of that measure. I love the idea of turning a nuisance into something useful, and doing it completely transparently. That's got to be one of the most elegant ideas I've seen in a while.

Robbie
07-19-2008, 08:54 PM
Yeah I thought it was rather ingenious...As soon as I did some searching on the vbulletin forums about spam blocking...I found out that vBulletin NATIVELY supports reCaptcha...I went ahead and signed up...and sure enough it worked.

Robbie
07-19-2008, 08:57 PM
I just read...I think the spammer is using a script that tries all the accounts in the memberlist and tries to log in using the same password as their username.

Which basically means...if a user stupidly made their password the same as their username, it will eventually be found by this bot. I'm going to see if I can find code that will tell me what users on the site have done this...

So...if your password is the same as your username...change it now, or I may change it for you.

Robbie
07-19-2008, 09:09 PM
There's a BUNCH of spam PMs from a BUNCH of users...I think they're compromised accounts...

I have turned off private messaging temporarily. If all goes well private messaging will return tomorrow or Monday...but I'm not comfortable turning it back on until the spam problem is solved.

Sorry for the inconvenience.

Redrobes
07-19-2008, 09:30 PM
Let me know if there is anything I can do script wise to help out. I use one to grab errors from the error log and format up htaccess entries which get tacked on. Ok it bins some legit attempts to join that screwed up but it culls the spam bots severely.

RobA
07-19-2008, 09:47 PM
Good luck, Robbie.

Spammers are a pain in the butt. On my home site blog I ended up having to block trackbacks at the firewall, not because they were getting them through (very good spam prevention in the blog software I use), but because the spam catching/processing was killing by CPU :P

-Rob A>

NeonKnight
07-20-2008, 12:09 AM
Best of luck in eliminating the annoyances of the Web!

Robbie
07-20-2008, 02:38 PM
Thanks to a nice healthy discussion on the vbulletin forums I think I got it under control. All the affected users were banned and I've deleted all their sent pms.

I've also set up a new permission system that I'll be turning on momentarily.

Whats going to happen is that all the Registered Users on the site with more than 5 posts will be promoted to the Guild Members group.

These two groups are identical except for the fact that registered users cannot send private messages.

If there ever happens to be any other forms of spam such as spam posts, then I'll make their first 5 posts require moderator approval before they appear on the site. This is definitely going to help cull the problem...BUT, there may be some minor permissions issues that pop up...and if anyone sees anything wrong, please PM me when PMS are turned back on.

Thank you all for your patience, and again I apologize for the inconvenience.

Redrobes...thanks for the offer for assistance. There's a php script that was posted to the vbulletin forum that searches the user base and randomly changes all the passwords of users who's passwords = username...but I'd like to modify it to only create a list of said users instead of randomly assigning their password. Know enoough about php to help me with that? If not, I'll try to work through it...but its lower priority at the moment since I seem to have it under control.

Robbie
07-20-2008, 02:48 PM
Ok, its done...private messaging has been turned back on...BUT...the registered users group does not have access to it.

As soon as the site runs its regularly scheduled maintenance routines (every hour) it should make a mass promotion...promoting all users with more than 5 posts to the Guild Members group, and allowing private messages again.

I'll make a post here when I see for sure that that has happened.

All members of additional groups (such as industry pros and CLs and whatnot...should already have their private messaging system back...but I'm not sure)

Robbie
07-20-2008, 03:19 PM
Promotions have taken place. All users with more than 5 points have been given their private messaging capability.

What kinda bugs me is that out of 2000+ users...only 282 users have more than 5 posts. We gotta do something about all you lurkers! ;)

Please post in this thread if there are any problems.

jfrazierjr
07-21-2008, 12:13 AM
Promotions have taken place. All users with more than 5 points have been given their private messaging capability.

What kinda bugs me is that out of 2000+ users...only 282 users have more than 5 posts. We gotta do something about all you lurkers! ;)

Please post in this thread if there are any problems.

<-- not a lurker
<-- not having any problems that I know of, or at least not any that might have been caused by your monkeying around with your site's permissions at any rate....

Redrobes
07-21-2008, 11:11 AM
Redrobes...thanks for the offer for assistance. There's a php script that was posted to the vbulletin forum that searches the user base and randomly changes all the passwords of users who's passwords = username...but I'd like to modify it to only create a list of said users instead of randomly assigning their password. Know enoough about php to help me with that? If not, I'll try to work through it...but its lower priority at the moment since I seem to have it under control.
I could take a look. I haven't done PHP (and I don't do SQL either) but I know its a lot like html with embedded scripting and all scripty languages seem similar to me. Can you email it over ?

RobA
07-21-2008, 11:20 AM
I've done a fair bit of PHP, you can toss it my way if you wish.

-Rob A>

Robbie
07-21-2008, 11:36 AM
Actually, the script WAS already modified to not change the passwords...BUT...the script only worked for 3.6 vbulletin, and we're on 3.7.2

No biggie...There's a guy redoing the script for 3.7 now...I couldn't tell you what changes have been made from 3.6 to 3.7 that would make the script not work...I'll reapproach this when the script is done...BUT...vBulletin has acknowledged the new tactic and has already stated that the next patch release will probably have password != username enforcing.

Thanks for the offer of help.

töff
07-21-2008, 12:10 PM
grr@spamrz

Captcha's a pain, even if we are helping clean up book scans. But, what what must be done, must be done.

Kalomier
07-21-2008, 05:01 PM
Just wanted to let you know that I received an e-mail regarding the spam and 5 posts. I'm working on my 5 posts, :D ... and trying to make them insightful. ;).

NeonKnight
07-21-2008, 05:05 PM
Just wanted to let you know that I received an e-mail regarding the spam and 5 posts. I'm working on my 5 posts, :D ... and trying to make them insightful. ;).

As of right now, you have 4 posts! I expect to see fifth and sixth soon!

Robbie
07-21-2008, 05:18 PM
No rush...just sent that email to lure the lurkers out of hiding. we have 1700+ lurkers.

jfrazierjr
07-21-2008, 06:01 PM
No rush...just sent that email to lure the lurkers out of hiding. we have 1700+ lurkers.


I would be interested in knowing how many of those lurkers have had no activity in the past x months? I know I posted a map and one of my players created an account just to view the some of the copies of the map I had made up. I highly doubt he will ever post to the forums at all. Unfortuntatly, I had forgotten about the login to view attachments thing when I sent him the link, otherwise, I would have just sent the image file directly to him and I would expect that there are quite a few lurking users who just created accounts to be able to see the images and may have only been "active" for few days and then moved on.

Joe

spiralbound
07-21-2008, 07:59 PM
I approve of these new measures. Good luck in the anti-spam arms race. It always boggles me that the spammers think that forcing themselves somewhere that they're explicitly not wanted will yield viable "customers". If someone kicked in your front door, tied you to a chair and stuffed a sock in your mouth, would you then feel inclined to buy anything from that person?

I have been a low activity lurker. Just looking at the pretty maps for the most part. Although I am also very slowly reading the various tutorials on this site. Perhaps I'll share some of my maps, but they're more examples of how to make crappy maps rather than how to make a map you'd want to show off! :)

Midgardsormr
07-21-2008, 08:47 PM
There's no better way to go from "crappy" to "work of art" than by posting something here. The specific advice you'll get is worth paying for, and yet it's all offered free of charge. Take advantage!

JoeyD473
07-22-2008, 12:20 AM
Promotions have taken place. All users with more than 5 points have been given their private messaging capability.

What kinda bugs me is that out of 2000+ users...only 282 users have more than 5 posts. We gotta do something about all you lurkers! ;)

Please post in this thread if there are any problems.

What's wrong with us lurkers?

SeerBlue
07-22-2008, 01:31 AM
I am sure there is nothing wrong with lurkers, having been one myself, but , at least in my case, have found that I learn things from even those who start their post with "this is my first map".
And look forward to learning from each new poster.
SeerBlue

Gamerprinter
07-22-2008, 01:58 AM
What's wrong with us lurkers?

We're glad to offer map resources, tips, tutorials, maps to play with, etc - to everyone, including the lurkers. However... this is a FORUM afterall, forums require participation.

As SeerBlue says, you learn from every post.

Except lurkers don't post... we'd like your participation, please. ;)

GP

RPMiller
07-22-2008, 02:01 AM
...and learning. :D

su_liam
07-22-2008, 03:54 AM
Yeah if I have the nerve to put up a tutorial with the cr#p I've shown here, anybody can. Come on more pretty pictures. At the very least I will be there saying, "Ooh, cool! How'd you do that?"

:)