Personal Video Database

English => Support => Topic started by: rick.ca on September 13, 2011, 07:39:11 pm

Title: Forum Attacks
Post by: rick.ca on September 13, 2011, 07:39:11 pm
It seems the forum must be due for an upgrade in it's protection measures. We're now getting more spam than legitimate posts. Simple Machines Forums attacks (http://www.simplemachines.org/community/index.php?topic=422954.msg2960640#msg2960640) seems to contain good advice. Perhaps items 4 and 5 (in the original post) need to be addressed. I also think all the "members" with no posts should be deleted. The vast majority of them are spam bots. I'm sure any legitimate user who has such an account deleted won't mind re-registering (under new security measures) if they understand why the deletion was necessary.
Title: Re: Forum Attacks
Post by: nostra on September 13, 2011, 08:08:58 pm
Thx, I will take a look at this topic immediately
Title: Re: Forum Attacks
Post by: Ivek23 on September 13, 2011, 08:14:20 pm
Rick.ca, completely agree with this topic.
Really it is necessary to protect the forum from spam bots, because what is happening lately on this forum is already unsustainable.
Title: Re: Forum Attacks
Post by: nostra on September 16, 2011, 08:00:08 pm
Shit, I have tried 4 mods already, different registration options - no use :(
Title: Re: Forum Attacks
Post by: rick.ca on September 17, 2011, 12:30:29 am
If you delete all existing accounts with no posts and give me permission to delete new ones, I could try to keep them at bay. Looking at recently created accounts, it's rather obvious which ones are spammers. I suppose if these are real people paid to spam, there may be no other way. :-\
Title: Re: Forum Attacks
Post by: Ivek23 on September 18, 2011, 06:34:57 pm
I agree with Rick.ca proposal what makes around spam messages.
Somewhere in the month of May began an abnormal increase in the number of new registered users (sshot-1 picture attached) and already in the user profile indicates then, that their messages will almost certainly be written as "spam Communication" (sshot-2 picture and sshot-3 picture attached).


[attachment deleted by admin]
Title: Re: Forum Attacks
Post by: rick.ca on September 23, 2011, 11:19:55 pm
Quote from: rick.ca on September 17, 2011, 12:30:29 am
If you delete all existing accounts with no posts and give me permission to delete new ones, I could try to keep them at bay...

Any thoughts about this, nostra?
Title: Re: Forum Attacks
Post by: nostra on September 27, 2011, 12:06:52 am
You have the permissions to delete accounts now. I will see how to filter out fake accounts...
Title: Re: Forum Attacks
Post by: rick.ca on September 27, 2011, 01:59:26 am
Quote
You have the permissions to delete accounts now.

Thanks. That will be more gratifying than just deleting the posts. Even more so if I can catch them before they post. ;)

Quote
I will see how to filter out fake accounts...

It looks like you have removed the obvious ones. I still think most of those without any posts must be fake. Guests are free to read the forum—why would they register when they have no intention of posting? But I suppose it doesn't matter. I'll let you know if I'm having to delete accounts that were registered in the past.
Title: Re: Forum Attacks
Post by: nostra on September 27, 2011, 02:15:09 am
Yeah, removing all account without posts seemed too much for me. There is no point in creating an account and not posting anything, but I assume people could register to become a "better" part of the community or they could have planned to post some time later...
Title: Re: Forum Attacks
Post by: rick.ca on September 27, 2011, 02:52:09 am
You could send them all an email..."We're purging fake accounts. You have 10 days to post something interesting or donate to prove you're human." ;D
Title: Re: Forum Attacks
Post by: rick.ca on September 27, 2011, 04:37:35 am
If you're able to delete accounts in bulk, here are some candidates:

75 accounts with usernames ending in "rhitogBor."
30 accounts with usernames ending in "Dotloorofak." I tired after deleting 45.
Title: Re: Forum Attacks
Post by: rick.ca on September 27, 2011, 11:19:36 pm
Most of the spam accounts are easy enough to identify, but they're being added faster than I can delete them. I can also see, as I suspected, some of them are adding a "normal" looking accounts, then coming back to them a day or more later to add links and spam posts. The Quick Ban on Account Delete (http://custom.simplemachines.org/mods/index.php?mod=2427) mod would help, particularly if IP bans are effective. Can you see any pattern in the IP addresses of these accounts, or are they being spoofed too?
Title: Re: Forum Attacks
Post by: nostra on September 27, 2011, 11:49:06 pm
There seems to be a pattern in those IP addresses, but I am not sure how likely it is for normal users to happen to have an IP address from the same range...
Title: Re: Forum Attacks
Post by: rick.ca on September 28, 2011, 01:24:37 am
I wouldn't ban a range unless there were more than two IP's in last octet. The chance of a legitimate user (current or future) being in the same group would be extremely slim. Otherwise, I would only block the one IP being banned. By a "pattern," I meant one that suggests they are real IP addresses (rather than somehow spoofed) and therefore can be banned. Also, I understand spammers are now the primary users of proxy services like Tor. I don't think we should be concerned about blocking those.

I'm beginning to wonder if they're now more active because I've been deleting accounts. I just deleted a dozen or so about an hour ago. Now there's a dozen or so new ones.  ::)

It seems they consistently post in the first board. Maybe you should create a new first board called "Spam," and let them do their thing. :D
Title: Re: Forum Attacks
Post by: nostra on September 28, 2011, 02:22:15 am
Quote
I would only block the one IP being banned

I think blocking one IP does not solve anything.

Quote
By a "pattern," I meant one that suggests they are real IP addresses (rather than somehow spoofed) and therefore can be banned.

Not sure about this, but ass far I understand the IPs seem to be real

Quote
It seems they consistently post in the first board. Maybe you should create a new first board called "Spam," and let them do their thing. Cheesy

Yeah, does not look so good :(
Title: Re: Forum Attacks
Post by: rick.ca on September 29, 2011, 01:14:41 am
Quote from: nostra on September 16, 2011, 08:00:08 pm
I have tried 4 mods already, different registration options - no use

Did you try httpBL (http://custom.simplemachines.org/mods/index.php?mod=2155) (implementation of Project Honeypot API (http://www.projecthoneypot.org/)) and Stop Spammer (http://custom.simplemachines.org/mods/index.php?mod=1547). These two seem to be mentioned most often by those who claim to have solved the problem (e.g., here (http://www.simplemachines.org/community/index.php?topic=453264.msg3166899#msg3166899)) But maybe the better verification process in SMF 2.0 is a factor as well. :-\

Quote from: nostra on September 27, 2011, 12:06:52 am
You have the permissions to delete accounts now.

Is there something you can do that would allow me to use checkboxes to select accounts, then delete them all at once? They're being added at a rate of more than 50 per day—too many to deleted one-at-a-time. :(
Title: Re: Forum Attacks
Post by: jondak on September 29, 2011, 03:41:31 pm
Easiest way its in my opinion that new accounts can't start new threads or reply to new thread till that reply or thread has been accepted by an admin. You can make it so that new accounts need 5 posts before they can freely post without being check.
Title: Re: Forum Attacks
Post by: Ivek23 on September 29, 2011, 04:40:06 pm
Quote from: jondak on September 29, 2011, 03:41:31 pm
Easiest way its in my opinion that new accounts can't start new threads or reply to new thread till that reply or thread has been accepted by an admin. You can make it so that new accounts need 5 posts before they can freely post without being check.

Very good proposal to limit spam posts and, therefore, to limit or to reduce the number of newly registered members who write spam posts.
Title: Re: Forum Attacks
Post by: rick.ca on September 29, 2011, 07:14:15 pm
I suppose this would work, as long as there were always a moderator available to promptly approve legitimate posts. Requiring approval for the first post only would be good enough. But it wouldn't stop them from adding 50+ spam accounts per day.

This might work well in combination with the automatic deletion of accounts for which there has been no initial post within, say, 24 hours. The first message of the registration routine would be something like, "Registration is not required for viewing any part of this website, only for posting messages to the Forum. Please do not register unless you intend to post messages. New accounts for which no post is made within 24 hours will be deleted."

But I don't understand why any such measures are necessary. The other SMF 1.x forum I frequent is ten times as big and 100 times as active as this one. It's attacked in the same way, but has no measures like this. There are spam accounts in it's membership list, but only about one per day. Those ones are obvious spam accounts, suggesting they're not so few because the admins are deleting them. They must have measures that are effective in preventing most of them from registering.
Title: Re: Forum Attacks
Post by: Ivek23 on September 29, 2011, 07:52:24 pm
Maybe I should be yet another moderator that would help in cleaning spam posts and spam user accounts.
Title: Re: Forum Attacks
Post by: rick.ca on September 29, 2011, 10:40:54 pm
We may need to make all three active users moderators. ;D
Title: Re: Forum Attacks
Post by: rick.ca on October 02, 2011, 01:13:15 am
These numbers tell an interesting story...

     March
     March
         Sept
     2010
     2011
     2011
New accounts         
100
307
3,347
Deleted
-5
-198
-2,153
Remaining
95
109
1,194
No activity
-65
-89
-1,190
Used
30
20
4
Lurkers
-17
-17
  ?
 - unknown—included in "no activity"
Posters
13
3
4

If the creation of spam accounts cannot be controlled, then there is no practical means by which we can identify and delete them. This is why I suggested simply deleting all accounts for which there were no posts (spam posts would already be deleted, so the accounts from which they were posted would have no posts). Doing so, however, would also delete the legitimate accounts of "lurkers"—real people who have gone to the trouble to register, but have not yet had occasion to post. These accounts, however, can be identified as those having a Last Active date greater than their Date Registered. Spammers do not browse and leave. When they return after registering, it's to post spam. At the same time, real people do not go to the trouble to register and then never return. If they do return after 30 days, it's unlikely they would even remember registering the first time. Besides, the numbers prove the vast majority of these inactive accounts were created by spammers anyway.

So if spam accounts cannot be prevented, this is what I suggest:


I don't know if moderators can be given the permissions required to do the deletions of steps 1 and 3. This post (from the SMF 1.x support board) suggests how those can be done.

Quote from: JimM on January 23, 2011, 10:39:14 pm
The only other way might be to make sure you have moderation checkboxes selected in your profile and then set your page length to a large number. Go to the memberlist from the Admin area and click on Last Online until the sort is showing the oldest date. Click the checkboxes of the ones you want to delete, depending on the page size you set, you can click the box at the top of the page to select all the members on the page. The select the action at the bottom of the page.
Title: Re: Forum Attacks
Post by: Ivek23 on October 02, 2011, 06:50:14 am
Quote from: rick.ca on October 02, 2011, 01:13:15 am
These numbers tell an interesting story...

    March
    March
       Sept
    2010
    2011
    2011
New accounts          
100
307
3,347
Deleted
-5
-198
-2,153
Remaining
95
109
1,194
No activity
-65
-89
-1,190
Used
30
20
4
Lurkers
-17
-17
 ?
 - unknown—included in "no activity"
Posters
13
3
4


Very interesting and alarming statistics.

Quote from: rick.ca on October 02, 2011, 01:13:15 am
So if spam accounts cannot be prevented, this is what I suggest:

  • Clean-up the existing accounts by deleting all those for which there has been no activity since registration.
  • Moderators delete spam and the accounts that post them as they are posted.
  • Periodically (but at least monthly) delete accounts
    • that can be identified as spam by their links and contact info.
    • created more than 30 days prior for which there has been no activity since registration.

I don't know if moderators can be given the permissions required to do the deletions of steps 1 and 3.


Exactly should be done.
It would be necessary to delete all user accounts, which have never been active    (Last active:        Never). Now it is around 5900 or more accounts, after all deletions (cleaning) accounts then it would be user accounts and user only between 1000 and 2000, which would be a real number of users of this forum.

Title: Re: Forum Attacks
Post by: Ivek23 on October 05, 2011, 07:52:05 am
I disagree completely with this,
Quote from: nostra on September 27, 2011, 02:15:09 am
There is no point in creating an account and not posting anything, but I assume people could register to become a "better" part of the community or they could have planned to post some time later...
but more on that here.
Quote from: rick.ca on October 02, 2011, 01:13:15 am
At the same time, real people do not go to the trouble to register and then never return. If they do return after 30 days, it's unlikely they would even remember registering the first time.
There are many such users, when registered, then not more active.

Quote from: Ivek23 on September 29, 2011, 07:52:24 pm
Maybe I should be yet another moderator that would help in cleaning spam posts and spam user accounts.
Quote from: rick.ca on September 29, 2011, 10:40:54 pm
We may need to make all three active users moderators. ;D

If I had moderator status, established a permit or authorization to edit (delete) user accounts and posts, would be happy to assist in the regulation of the current mess on the forum.
Title: Re: Forum Attacks
Post by: rick.ca on October 08, 2011, 09:51:59 pm
The rate at which accounts are being created and spam posted is too great for me to keep up with. So I did little over the past week, in part to see what the result would be. Unfortunately, the spam posts that were in Version 1 [Testing] (http://www.videodb.info/forum_en/index.php/board,12.0.html) were deleted before I could count them. But there were lots—pages of new topics, I believe. Only a few were posted to other boards, which I deleted as they happened.

I've reviewed the new memberships over this period, and what I find is the same as before. New accounts are being added at about 70 per day. About 3 of these are legitimate users (as indicated by activity after registration) and maybe one of them will post.

My conclusion is the same as before. We could really use something more effective in preventing spam accounts from being created. And unless that's highly effective, moderators need the ability to identify and mass delete accounts with no activity. If nothing can be done to stop the accounts from being created, deleting them all regularly (i.e., daily) would keep the membership clean and greatly reduce the number of spam posts (most spammers first create an account, then return later to add links and/or post spam).
Title: Re: Forum Attacks
Post by: Ivek23 on October 09, 2011, 10:12:54 am
Quote from: rick.ca on October 08, 2011, 09:51:59 pm
The rate at which accounts are being created and spam posted is too great for me to keep up with. So I did little over the past week, in part to see what the result would be. Unfortunately, the spam posts that were in Version 1 [Testing] (http://www.videodb.info/forum_en/index.php/board,12.0.html) were deleted before I could count them. But there were lots—pages of new topics, I believe. Only a few were posted to other boards, which I deleted as they happened.

If my memory sun is cheating, it was new spam topics about for two full pages.

Quote from: rick.ca on October 08, 2011, 09:51:59 pm
I've reviewed the new memberships over this period, and what I find is the same as before. New accounts are being added at about 70 per day. About 3 of these are legitimate users (as indicated by activity after registration) and maybe one of them will post.

This is true, as has been said.
Or return later with spam posts or not active or not at all be more active.

Quote from: rick.ca on October 08, 2011, 09:51:59 pm
My conclusion is the same as before. We could really use something more effective in preventing spam accounts from being created. And unless that's highly effective, moderators need the ability to identify and mass delete accounts with no activity. If nothing can be done to stop the accounts from being created, deleting them all regularly (i.e., daily) would keep the membership clean and greatly reduce the number of spam posts (most spammers first create an account, then return later to add links and/or post spam).

Excellent expressed a final opinion.

As I've mentioned here
Quote from: Ivek23 on October 05, 2011, 07:52:05 am

Quote from: Ivek23 on September 29, 2011, 07:52:24 pm
Maybe I should be yet another moderator that would help in cleaning spam posts and spam user accounts.
Quote from: rick.ca on September 29, 2011, 10:40:54 pm
We may need to make all three active users moderators. ;D

If I had moderator status, established a permit or authorization to edit (delete) user accounts and posts, would be happy to assist in the regulation of the current mess on the forum.

would take time and patience for this, to clear the spam accounts and the accounts of all those users,
Quote
would also delete the legitimate accounts of "lurkers"—real people who have gone to the trouble to register
which until now has never been active (for example - in their account writes the following: (Last active:        Never)).
Title: Re: Forum Attacks
Post by: rick.ca on October 09, 2011, 12:16:54 pm
Quote
would take time and patience for this, to clear the spam accounts and the accounts of all those users,

I don't believe anyone has the patience to delete to delete 60-70 accounts a day, one-at-a-time. It seems there is the ability to select and delete in bulk, but the power to do so may only be available to administrators. I've only commented on what needs to be done, not on whether the tools necessary can be granted to moderators.
Title: Re: Forum Attacks
Post by: Ivek23 on October 09, 2011, 12:53:47 pm
Quote from: rick.ca on October 09, 2011, 12:16:54 pm
Quote
would take time and patience for this, to clear the spam accounts and the accounts of all those users,

I don't believe anyone has the patience to delete to delete 60-70 accounts a day, one-at-a-time. It seems there is the ability to select and delete in bulk, but the power to do so may only be available to administrators. I've only commented on what needs to be done, not on whether the tools necessary can be granted to moderators.

OK, thanks for the clarification.
Title: Re: Forum Attacks
Post by: nostra on October 11, 2011, 12:03:39 am
I have installed some more addons to prevent spam attacks. Let's how it goes now...

I could not find a way to allow moderators to delete multiple accounts at once :(
Title: Re: Forum Attacks
Post by: rick.ca on October 11, 2011, 12:41:20 am
Quote
I could not find a way to allow moderators to delete multiple accounts at once

I see you've deleted the obvious spam accounts. But thousands remain, as indicated by there being no activity since registration. Can you, as administrator, identify and mass delete those? I think you'll find many of those (mainly the ones created in recent weeks) will return and post spam. Also, just being rid of all those should make it easier to identify and deal with whatever gets by the new controls.
Title: Re: Forum Attacks
Post by: nostra on October 11, 2011, 12:48:33 am
Yeah, I am on it
Title: Re: Forum Attacks
Post by: rick.ca on October 11, 2011, 01:13:21 am
Quote
Yeah, I am on it

So I see...We lost half our members! :o ;D

And new spam accounts are still being added. :(
Title: Re: Forum Attacks
Post by: nostra on October 11, 2011, 01:24:42 am
The new addons report 14 blocked attacks within the last hour, so I hope that the amount of successful attacks will at least drop...
Title: Re: Forum Attacks
Post by: rick.ca on October 11, 2011, 02:08:37 am
Quote
The new addons report 14 blocked attacks within the last hour, so I hope that the amount of successful attacks will at least drop...

That is promising.

Quote
But thousands remain, as indicated by there being no activity since registration.

It's much better with those gone. If you could isolate those with last activity within a few minutes of registration, many more could be deleted. Some of those would be real people, but if they registered, browsed for a few minutes, then never returned, the account may as well be deleted.

Also, if you can isolate accounts with signatures but no posts, those are very likely spam accounts (with links in the signatures).
Title: Re: Forum Attacks
Post by: Ivek23 on October 11, 2011, 03:59:38 pm
This is now more conducive to see and more realistic number of real users on the forum. Now the mere sight on the forum is really is more beautiful and the easier it is to see if there is anything new on it (at least for me is this a joy).
Title: Re: Forum Attacks
Post by: rick.ca on October 16, 2011, 10:05:07 pm
Quote from: nostra on October 11, 2011, 01:24:42 am
The new addons report 14 blocked attacks within the last hour, so I hope that the amount of successful attacks will at least drop...

It seemed to work for a time, but now new spam accounts are being added at almost the same rate they were before. 25-30 have been added in the last 12 hours. :'(
Title: Re: Forum Attacks
Post by: Ivek23 on November 16, 2011, 03:55:17 pm
New forum layout is visually interesting (the old look more appealing and pleasing, at least for me it was so), seems to be no longer spam posts, at the same time, the question I have, whether it is now possible to see Personal Video Database - Statistics Center.
Title: Re: Forum Attacks
Post by: Ivek23 on November 16, 2011, 06:24:45 pm
Quote
Personal Video Database - Statistics Center

Nostra,  Thank you very much.
Title: Re: Forum Attacks
Post by: nostra on November 16, 2011, 07:00:27 pm
You are welcome
Title: Re: Forum Attacks
Post by: Ivek23 on January 03, 2012, 01:09:15 pm
In view of spam posts Forum is now very safe and we have some writers
spam posts that in any way they want and try to publish a spam post (and is insisting on this).
One of them is in the last few days also MordechaJBlum (http://www.videodb.info/forum_en/index.php?action=profile;u=20100), but he still has not figured out that will not be published and that he will not be able to see the spam posts.
Title: Re: Forum Attacks
Post by: katleeh on January 06, 2012, 09:01:57 pm
Hello, all, I wanted to bring a point up from a user's perspective here so that it's being considered. In most cases, a lot of forums require someone to register to actually be able to access the forum's content (IE some of the links, downloads, etc. are only available to registered users), which might account for the high number of lurkers. For my case, I don't post often because I try and limit my postings to relevant topics. For instance, bugs I find in the betas and such, although I'm still trying to figure out how to post more informative things as the data I provide seems... insignificant and unhelpful, hence why I haven't posted much in awhile.

With regards to how to stop the spam postings... Would it be possible to implement a filter of some sort? This would flag certain domains, words found in a post, etc? IE, anything with words in the topic that contain sex-related stuff, viagra/cialis/etc (I can provide you with a variant list if you want since I've been getting a lot of spam Emails with this stuff in them lately :/ ). What I'm suggesting is something that a Yahoo group that I run uses where anything that seems suspicious gets flagged and set aside until a moderator can look at the message to make sure its not spam.

I hope these are helpful.

- KatLeeH

Title: Re: Forum Attacks
Post by: rick.ca on January 06, 2012, 10:57:35 pm
Quote
In most cases, a lot of forums require someone to register to actually be able to access the forum's content...

Forcing prospective users to register in order to learn about the software would unnecessarily inhibit it's use.

Quote
With regards to how to stop the spam postings...

Upgrading to SMF 2 seems to have solved the problem. I don't know exactly what control are in effect, but spam posts are now rare. Spam accounts are still being created (although in much fewer numbers). This suggests the spammers are still trying, but the controls in place are effectively stopping them.
Title: Have we started beeing a Porno Site?
Post by: gear on December 16, 2013, 04:15:39 pm
The title says it all.

My simple question....
Title: Re: Have we started beeing a Porno Site?
Post by: afrocuban on December 17, 2013, 02:07:15 am
You're referencing to a recent "Help" forum PVD manual addition?
Title: Re: Have we started beeing a Porno Site?
Post by: abubin on December 17, 2013, 05:43:23 am
just problems from spammers. nothing that a moderator can't fix. this is common with free forum software.
Title: Re: Have we started beeing a Porno Site?
Post by: abubin on December 17, 2013, 05:41:00 pm
that kiddy hacker is back...mod, try changing new account registration to approved by mod. So that he cannot register anymore account for spamming.
Title: Re: Forum Attacks
Post by: Ivek23 on January 09, 2014, 05:43:04 pm
There is no need to panic, spam posts and spammer accounts will be removed in the future. Here now is another Global Moderator which is present here and will be responsible for the removal of spam posts and spammer accounts here.
Title: Re: Forum Attacks
Post by: Ivek23 on January 13, 2014, 01:44:13 pm
Here in the forum have been complaints, how many spam posts is have been posted on the forum and is not removed or they does not prevent good enough that spammers can publish their spam posts. So we can be happy that there is little or no spam present on the forum.

For example, how it looks and what is the view of the mess, if there is a multitude of spam messages (every minute is added to some spam messages for scripts), you can look at Userscripts.org (http://userscripts.org/scripts/) (daily added thousands of such messages). Probably one of the users of this forum itself using one of these scripts (I use quite a few useful scripts from this site, especially for IMDB and YouTube web pages). For more information on the use of browsers and how they are used on http://userscripts.org/ web site.

Quote
And some script links, which somewhat loosen up the mess that's there now:

http://userscripts.org/scripts/show/243858
http://userscripts.org/scripts/show/26062
http://userscripts.org/scripts/show/168240
http://userscripts.org/scripts/show/241991
http://userscripts.org/scripts/show/34652
http://userscripts.org/scripts/show/163038
http://userscripts.org/scripts/show/170925
http://userscripts.org/scripts/show/68219
http://userscripts.org/scripts/show/97145
http://userscripts.org/scripts/show/114060
http://userscripts.org/scripts/show/142899
http://userscripts.org/scripts/show/127520
http://userscripts.org/scripts/show/128316
Title: Re: Forum Attacks
Post by: Ivek23 on January 15, 2014, 06:53:57 am
BTW:

Quote
Notice for Userscripts.org (http://userscripts.org/scripts/) the attention:

Even there are in the second half of yesterday and today at night to limit the addition of spam messages, edit the mess and clean up the spam scripts.