SH!T EATER ATTACK INFO

[Lassen Forge]

We are aware of the current attack going on at ePlaya - we have deleted well over 500 of this bots posts, no help in site until an admin logs on.

ALL USERS - PLEASE bear with us while we attempt to can this fuck, er, get this situation under control. If you can refrain from posting for a bit it will help!

Sincerely...

bb

[helitack]

How about this:
http://bbantispam.com/lr/

Or this:
http://www.phpbb.com/community/viewtopi ... sc&start=0

Or this:
http://www.phpbbdoctor.com/blog/?p=26

And, it seems appropriate at this point in time for the Admin to give up their sole priviledge of locking someones account and let the Moderators have that function enabled. It would help stop this stuff until someone makes it hard for the spammers to register on this thing...

[MrMullen]

I have a couple of questions and comments that might help.

How many moderators are there? It seems like if you had 4 or 5 high ranking moderators and then a larger group of people that can disable accounts (Not delete) and move messages to handle spam right there and now. That way, you get plenty of eyes to handle the spam problem and then move messages to a place for a real moderator to delete them. If they screw up, they lose their jobs.

Also, someone should install a captcha program.

[Dork]

We already have visual confirmation and do not allow guests to post. Spammers have figured out how to bypass visual confirmation already so it's of limited use. The question one is interesting, I'll have to add that to the list of things I am looking into. I have a different mod I'll try later today, hopefully that will keep this particular spambot from registering tomorrow.

[MrMullen]

I have to admit, captcha is not totally effective. There is a rather neat website dedicated to writing software that read captcha. As a computer science guy, I find it very interesting.

[stargeezer]

I believe I mentioned this once before, but just in case...

Why not limit the number of posts that a new account can have on a daily basis. After some period of time. this daily limit just goes away.

On a similar thought, what is the highest number of valid posts one account has had in a day? If the coding would be simpler, limit all accounts on a daily basis. While this may be a large number, I would expect it to be well less than the 500+ you were just hit with.

Neither of the above options would solve the problem, I am not sure there is a perfect solution, but at least they would limit the problem to a more reasonable number.

[diane o'thirst]

IMdB has a post quota on everyone on that board. After you post, you can't post again for two minutes. Course a hacker can program a bot to wait for yea-number minutes and post again but it would give the regular eyes a chance to spot it and report, or kill in the case of a mod. We wouldn't have "every-ten-seconds-rapidfire-submachinebot" spammage happening where it only takes an hour to flood the site.

[Dork]

I have thought about limits too, and it would slow them down a bit but not stop them. One issue is that as far as I can tell, when a message is deleted there's no record left of it. So, they come in, post 10 (or whatever the limit is) messages, a moderator comes in and deletes them. Now that user has zero posts and can start posting again. Or, they can create an account, wait a week, then start spamming with it.

Pretty much any mod we put in will only slow them down a bit and stop the dumber spambots. The question one and instaban are the only published mods I see out there right now that seem to stand a chance at making a huge difference. I haven't seen much activity since I put in the confusabot mod this morning, hopefully that will calm things down a bit until I can get comfortable enough with the code to put in some more complicated changes.

[spectabillis]

just an observation, but there's now scotto, bbsue, dork, antiM, emily... many more people comming together to tackle things than previously and its starting to show. they are volunteering their time and effort and i know I appreciate it. granted the spamming problem has been around too long and i understand people's frustrations, but i hope that others can see this change and support them.

[Archantael]

It's definitely noticeable. Without question.
And having moderators on at all times of the day and night has been something the board's needed for years.

[Cabana Springs]

just an observation, but there's now scotto, bbsue, dork, antiM, emily... many more people comming together to tackle things than previously and its starting to show. they are volunteering their time and effort and i know I appreciate it. granted the spamming problem has been around too long and i understand people's frustrations, but i hope that others can see this change and support them.

Honestly - I am very appreciative of all the help the current moderators do for this board. I am just glad you are not doing it anymore.

[DVD Burner]

Just my 00000.002%

There is a new phpbbs update that should solve the sock shit problem.

http://images.tribe.net/tribe/upload/ph ... d2e9618e03

note: the image verification at sign up to the bottom.

[Dork]

Just my 00000.002%

There is a new phpbbs update that should solve the sock shit problem.

http://images.tribe.net/tribe/upload/ph ... d2e9618e03

note: the image verification at sign up to the bottom.

We already have image verification. It doesn't work. That one doesn't look much better.

[DVD Burner]

Huh? Doesn't work?


strange.

As far as the look goes, you can change it to look anyway you want.

any idea why it doesn't work?

what does it do when installed?

[Lassen Forge]

Simply put? Bots can decypher these. Sucks. Worth looking into if it really deos have a new angle to making it work without having the same downfall the other ones have...

Hugz,
Sus

[Dork]

When I say it doesn't work, I mean the spambots already know how to read the letters in the image. There might be a system out there that's more difficult for those programs to read, but enough of their tries will still probably work.

[Archantael]

Thank you Cabana for saying exactly what I was thinking.

Back on topic when info on how to circumvent image verification exploits makes it to Darknet, the security value is nil. Image Verification is no longer effective, the horse is dead, hold your floggers.

[DVD Burner]

When I say it doesn't work, I mean the spambots already know how to read the letters in the image. There might be a system out there that's more difficult for those programs to read, but enough of their tries will still probably work.

I guess I've been fortunate.

Dork, thanks for being on the up and up.

you and Sue are rockin.

[Toolmaker]

Just out of curiosity.. do these spambots use proxies? If so we can block alot of known proxie servers by IP address. I have a couple links to pages that have tons of proxies if you wanted to add the IPs to your block/ban list.

[spectabillis]

can post them up anyways. its been some time since i searched but my wish was to find a mod that lets the admin batch upload and install a list of reported bad ipaddr/domains. that was almost two years ago though when i looked, my thinking was something similar to an opensource antivirus app that gets community updates on what to scan for.

[mdmf007]

find out where they live and I will personnal go there and kick them in the balls, before I destroy their computer set up and put the fear of god in them.

[emily sparkle]

you can send me a list like that. i can't batch them, but i'll get them added...

i think a lot of them are using proxies.

[Toolmaker]

PM sent to Emily and Dork. Keep in mind that these sites I sent you two update DAILY. You might need a mod just to block IP addresses 24-7. Hope those lists help out stopping the spammers. I was poking around the PHP website and it looks like there is a mod that blocks "open proxies". Would this work to block all of the bot software? I don't know much about these bots but I imagine these folks are probably using some kind of anonymous web surfing so they don't get in trouble. Good luck and thanks for all the hard work you put in.

[A Human]

Blocking Spammers

We use at Our Board the following anti spam mods.

Email Notification New_Registration 1 0 5 - to advise administrator of new users - great when you set membership to admin approved

E-Mail Spambot Fighter - To help fight spam, modifies all public e-mail addresses to display in the format: user AT domain DOT tld

Confusabot ACP - Change "agreed" and "coppa" variables to confuse bots

Admin Userlist regIP add on - This makes it so that you can see the IP address that the person registered with in the admin Userlist mod

Log ip - Logs the IP address of users when they register.

Admin Userlist regIP add on - makes it easier to delete/ban users

Disable User Posting Privileges - when you simply want to stop someone posting yet keep them as a user

Memberlist Hidden User MOD - allows user to control ones appearance on memberlist

Memberlist Access - With this MOD admin can decide who gets to view the memberlist. Options include: All, registered users, moderators, admins. Options are settable from the ACP.

Live Email Validate (LEV) - When a user signs up or edits their email address, this MOD will attempt to verify it via the DNS MX records and a test SMTP session, returning true or false as appropriate. In the event of failure, some server responses are displayed if DEBUG is set to true in constants.php

CodeCrush IP Log - This is an IP logger, that will log the IP of anyone browsing to your phpbb forums. It also logs referral info, ACP-logins and browser revision. Created cause I couldn't find any other IP-tracking utility within phpbb besides the poster_ip. I wanted to keep a log of all visitors not just posters. - fantastic for barring and identifying bad users

and yes they still get through, the ones that do are manual operators in which case barring of the ips usually suffice, if they were teched up they would be using software with variable ip.

More than happy to expand.

Peace

A Human